[Samba] authentication problems with Samba 3.1.2

Benoit Callebaut bc at cetic.be
Thu Jun 15 15:47:09 GMT 2006

I have set up a samba server 3.1.2.
I want to run it as a PDC.
Final target is to use it with LDAP and Kerberos.

At the moment I use tdbsam as backend.

I have authentication problems. Everything is running, I have set the 
root password, I have created some user account on SAMBA and UNIX.
I am lost. I followed the docs (Examples) except for the firewalling and 
BDC setup (I don't need it at the moment).

smbd, nmbd & winbind are running

I did the following tests:
smbclient //debdell/public
result OK. I can list the content of the share

net USER ADD <username>
result OK : output is : Added user<username>

smbclient -L localhost -U%
result OK :  I can see the server and the fact that the sever is the 
master for the workgroup I have set up.

wbinfo -u
result NOK: output is : Error looking up domain users

net rpc join -U administrator
Could not connect to server DEBDELL
The username or password was not correct.
Connection failed: NT_STATUS_LOGON_FAILURE

net rpc join -U root
Creation of workstation account failed
Unable to join domain CETIC1.

here is my smb.conf:

# Samba config file created using SWAT
# from (
# Date: 2006/06/12 12:02:34

       netbios name = CETIC1
       workgroup = CETIC1
       server string = %h server (Samba %v)
       obey pam restrictions = Yes
       passdb backend = tdbsam
       passwd program = /usr/bin/passwd %u
       passwd chat = *Enter\snew\sUNIX\spassword:* %n\n 
*Retype\snew\sUNIX\spassword:* %n\n .
       security = user
       local master = yes
       domain master = yes
       domain logons = yes
       os level = 33
       syslog = 0
       log file = /var/log/samba/log.%m
       max log size = 1000
       name resolve order = wins bcast hosts

       add user script = /usr/sbin/useradd -m '%u'
       delete user script = /usr/sbin/userdel -r '%u'
       add group script = /usr/sbin/groupadd '%g'
       delete group script = /usr/sbin/groupdel '%g'
       add user to group script = /usr/sbin/usermod -G '%g' '%u'
       add machine script = /usr/sbin/useradd -d /var/lib/nobody -g 100 
-s /bin/false -M %u

       logon script = scripts\logon.bat
       logon path =
       logon drive = X:
       domain logons = Yes
       preferred master = Yes
       wins support = Yes
       domain logons = Yes
       dns proxy = No
       panic action = /usr/share/samba/panic-action %d
#       invalid users = root
       include = /etc/samba/dhcp.conf

       winbind separator = /
       winbind cache time = 10
       template shell = /bin/bash
       template homedir = /home/%D/%U
       winbind uid = 10000-20000
       winbind gid = 10000-20000
       winbind enum users = yes
       winbind enum groups = yes
       template shell = /bin/bash

       comment = Home Directories
       create mask = 0700
       directory mask = 0700
       browseable = No

       comment = All Printers
       path = /var/lib/samba/printers
       create mask = 0700
       printable = Yes
       browseable = No

       comment = Printer Drivers
       path = /var/lib/samba/printers

       path = /var/lib/samba/public

       comment = Network Logon Service
       path = /var/lib/samba/netlogon/%U
       valid users = %S
       read only = yes

path = /var/lib/samba/profiles
read only = no
create mask = 0600

More information about the samba mailing list