[Samba] Proposed update to documentation

Jonathan Johnson jon at sutinen.com
Thu Aug 3 01:09:45 GMT 2006 

I propose an addition to the documentation: in the official HOWTO, 
chapter 4, under Common Errors:

Problem: User account is authenticated against server's NetBIOS name 
rather than domain name

"When I try to log in to the DOMAIN, the eventlog shows 'tried 
credentials DOMAIN/username; effective credentials SERVER/username'"

Usually this is due to a user or machine account being created before 
the Samba server is configured to be a domain controller. Accounts 
created before the server becomes a domain controller will be "local" 
accounts and authenticated as a member in the SERVER domain, much like 
local user accounts in Windows 2000 and later. Accounts created after 
the Samba server becomes a domain controller will be "domain" accounts 
and will be authenticated as a member of the DOMAIN domain.

This can be verified by issuing the command 'pdbedit -L -v username'. 
The line to consider is Domain: if it reports DOMAIN then the account is 
a domain account, if it reports SERVER then the account is a local account.

The easiest way to resolve this is to remove and recreate the account; 
however this may cause problems with established user profiles. You can 
also use 'pdbedit -u username -I DOMAIN'; you may also have to change 
the User SID and Primary Group SID to match the domain.

Josef Schauer wrote:
> Hi Jonathan.
>   
>> What does 'pdbedit -L -v josef' reveal on the Samba server? It sounds
>> almost like the user account for josef might have been created before
>> the Samba server was converted to a domain controller; in this case,
>> that account will be considered a local account on the Samba server
>> instead of a domain account. If this is the case, then you may find it
>> easiest to remove the user account and recreate it.
>>   
>>     
> Your guess was wright. The user josef was considered as a local
> account.
>
> I deleted the user josef with pdbedit -x josef and created a new user
> with pdbedit -a josef.
>
> Nothing else had to be done ;-)
>
> I spend two days on solving this problem ;-(
> With your suggestion the issue was solved in a few minutes 8-)
>
> Thx Josef
>

More information about the samba mailing list