[Samba] Logging In To Samba PDC After Joining Domain

zdennis zdennis at mktec.com
Wed Jul 12 16:34:13 GMT 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have successfully joined my windows xp box to my domain. I rebooted, and tried to log in as my test user and I received the
error message:

"The system could not log you on. Make sure your User name and domain are correct, then type your password again..."

On my local windows xp workstation. There is no Domain Users, Domain Admins, etc... groups. Is this a problem?

In my LDAP log it is showing a successful query for my testuser, returning "nentries=1". Samba, however shows nothing. I disabled
on the windows xp client:

- ----------------
Start the Administrative Tools (Start / Settings / Control Panel /
Administrative Tools). From there start the Local Security Policy.
In the Local Security Policy open Local Policies and then Security Options.
Disable the following entries:
Domain member: Digitally encrypt or sign secure channel data (Always)
Domain member: Digitally encrypt secure channel data (when possible)
Domain member: Digitally sign secure channel data (when possible)
Domain member: Require strong (Windows 2000 or later) session key

In the Group Policy Editor (C:\windows\system32\gpedit.msc) enable the
following entry:
Computer Configuration\Administrative Templates\System\User Profiles\do not
check for user ownership of roaming profiles folders
- ----------------

And then I tried again, and I got the same error. My user testuser is set to have the primary group SID of Domain Users
(S-1-5-21-3040749549-2843134544-1782940832-513)

I can successfully login as my testuser using smbclient, and by logging in from a linux client. I just can't login from Windows.
My group mappings are:

root at chloe:/var/log# net groupmap list
Domain Admins (S-1-5-21-3040749549-2843134544-1782940832-512) -> Domain Admins
Domain Users (S-1-5-21-3040749549-2843134544-1782940832-513) -> Domain Users
Domain Guests (S-1-5-21-3040749549-2843134544-1782940832-514) -> Domain Guests
Domain Computers (S-1-5-21-3040749549-2843134544-1782940832-515) -> Domain Computers
Administrators (S-1-5-32-544) -> Administrators
Account Operators (S-1-5-32-548) -> Account Operators
Print Operators (S-1-5-32-550) -> Print Operators
Backup Operators (S-1-5-32-551) -> Backup Operators
Replicators (S-1-5-32-552) -> Replicators

Any ideas where I should look?

Zach
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFEtSSEMyx0fW1d8G0RApHRAJ41KYXt9OGRsF8O4IYPbBw7pdUqjQCfVssx
0VjhFaCh1k44D62uVLrEsgg=
=7c0q
-----END PGP SIGNATURE-----


More information about the samba mailing list