[Samba] domain logon problem
Richard Workman
richard.workman at subacoustech.com
Mon Jan 9 16:01:10 GMT 2006
hey
i am trying to set up a server to act as a domain controller, but am having
a bit of difficulty actually logging on. i have created UNIX accounts, samba
passwords and a machine trust account for the relevant machine. when i try
to join the domain on a windows 2000 machine i get the error message:
"incorrect user name or password". Tha sambe log shows:
[2006/01/09 15:12:45, 2] auth/auth.c:check_ntlm_password(305)
check_ntlm_password: authentication for user [rworkman] -> [rworkman] ->
[rworkman] succeeded
[2006/01/09 15:12:45, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2580)
Returning domain sid for domain SUBDOM ->
S-1-5-21-343446102-3839099577-2790099203
[2006/01/09 15:12:45, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2580)
Returning domain sid for domain SUBDOM ->
S-1-5-21-343446102-3839099577-2790099203
[2006/01/09 15:12:45, 0] passdb/pdb_tdb.c:tdbsam_tdbopen(195)
Unable to open/create TDB passwd
[2006/01/09 15:12:45, 0] passdb/pdb_tdb.c:tdb_update_sam(604)
tdb_update_sam: Unable to open TDB passwd (/var/lib/samba/passdb.tdb)!
[2006/01/09 15:12:45, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2350)
could not add user/computer three$ to passdb. Check permissions?
[2006/01/09 15:12:45, 2] smbd/server.c:exit_server(609)
Closing connections
[2006/01/09 15:12:46, 2] smbd/sesssetup.c:setup_new_vc_session(608)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2006/01/09 15:12:46, 2] smbd/sesssetup.c:setup_new_vc_session(608)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2006/01/09 15:12:46, 2] auth/auth.c:check_ntlm_password(305)
check_ntlm_password: authentication for user [rworkman] -> [rworkman] ->
[rworkman] succeeded
[2006/01/09 15:12:46, 2] smbd/server.c:exit_server(609)
Closing connections
i am consfused. why can the machine acocunt not be added to passdb? why does
it then claim that the authentication succeeded? can anyone help? Thanks.
below is smb.conf i was using at the time:
[global]
workgroup = SUBDOM
server string = Contract Server
obey pam restrictions = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
passdb backend = tdbsam
encrypt passwords = yes
os level = 33
log level = 2
log file = /var/log/samba/log.%m
max log size = 1000
preferred master = auto
domain master = yes
local master = yes
security = user
domain logons = yes
logon path = \\%N\profiles\%U
logon script = logon.cmd
add machine script = /usr/sbin/useradd -d /dev/null -g machines -s
/bin/false -m %u
add user script = /usr/sbin/useradd -d /dev/null -g smbusers -s
/bin/false -m %u
panic action = /usr/share/samba/panic-action %d
invalid users = root
valid users = nobody, @smbusers
read list = nobody, @smbusers
[netlogon]
path = /home/samba/netlogon
guest ok = Yes
browseable = No
[profiles]
path = /home/samba/profiles
read only = no
create mask = 0600
directory mask = 0700
More information about the samba
mailing list