[Samba] authentication problems

Benoit Callebaut bc at cetic.be
Thu Jun 15 07:39:40 GMT 2006

I have set up a samba server 3.1.2.
I want to run it as a PDC.
Final target is to use it with LDAP and Kerberos.

At the moment I use tdbsam as backend.

I have authentication problems. Everything is running, I have set the 
root password, I have created some user account on SAMBA and UNIX.
I am lost. I followed the docs (Examples) except for the firewalling and 
BDC setup (I don't need it at the moment).

smbd, nmbd & winbind are running

I did the following tests:
smbclient //debdell/public
result OK. I can list the content of the share

net USER ADD <username>
result OK : output is : Added user<username>

smbclient -L localhost -U%
result OK :  I can see the server and the fact that the sever is the 
master for the workgroup I have set up.

wbinfo -u
result NOK: output is : Error looking up domain users

net rpc join -U administrator
Could not connect to server DEBDELL
The username or password was not correct.
Connection failed: NT_STATUS_LOGON_FAILURE

net rpc join -U root
Creation of workstation account failed
Unable to join domain CETIC1.

here is my smb.conf:

# Samba config file created using SWAT
# from (
# Date: 2006/06/12 12:02:34

        netbios name = CETIC1
        workgroup = CETIC1
        server string = %h server (Samba %v)
        obey pam restrictions = Yes
        passdb backend = tdbsam
        passwd program = /usr/bin/passwd %u
        passwd chat = *Enter\snew\sUNIX\spassword:* %n\n 
*Retype\snew\sUNIX\spassword:* %n\n .
        security = user
        local master = yes
        domain master = yes
        domain logons = yes
        os level = 33
        syslog = 0
        log file = /var/log/samba/log.%m
        max log size = 1000
        name resolve order = wins bcast hosts

        add user script = /usr/sbin/useradd -m '%u'
        delete user script = /usr/sbin/userdel -r '%u'
        add group script = /usr/sbin/groupadd '%g'
        delete group script = /usr/sbin/groupdel '%g'
        add user to group script = /usr/sbin/usermod -G '%g' '%u'
        add machine script = /usr/sbin/useradd -d /var/lib/nobody -g 100 
-s /bin/false -M %u

        logon script = scripts\logon.bat
        logon path =
        logon drive = X:
        domain logons = Yes
        preferred master = Yes
        wins support = Yes
        domain logons = Yes
        dns proxy = No
        panic action = /usr/share/samba/panic-action %d
#       invalid users = root
        include = /etc/samba/dhcp.conf

        winbind separator = /
        winbind cache time = 10
        template shell = /bin/bash
        template homedir = /home/%D/%U
        winbind uid = 10000-20000
        winbind gid = 10000-20000
        winbind enum users = yes
        winbind enum groups = yes
        template shell = /bin/bash

        comment = Home Directories
        create mask = 0700
        directory mask = 0700
        browseable = No

        comment = All Printers
        path = /var/lib/samba/printers
        create mask = 0700
        printable = Yes
        browseable = No

        comment = Printer Drivers
        path = /var/lib/samba/printers

        path = /var/lib/samba/public

        comment = Network Logon Service
        path = /var/lib/samba/netlogon/%U
        valid users = %S
        read only = yes

path = /var/lib/samba/profiles
read only = no
create mask = 0600

More information about the samba mailing list