[Samba] XP clients won't login to samba domain

beaker15 icey808 at yahoo.co.uk
Thu Feb 21 23:21:27 GMT 2008 

Hi, 

I have a small network with several Windows XP clients and an Ubuntu server
(7.10) running Samba (3.0.26) as a Domain Controller but can't get the
clients to login to the domain. Here's my smb.conf:

[global]
	name resolve order = wins lmhosts host bcast
	idmap gid = 10000-20000
	passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
	obey pam restrictions = yes
	admin users = test frc @Admin
	passwd program = /usr/bin/passwd %u
	dns proxy = no
	netbios name = SRV-01
	writeable = yes
	printing = cups
	idmap uid = 10000-20000
	local master = yes
	workgroup = CYSOL
	os level = 65
	printcap name = cups
	security = user
	max log size = 1000
	delete user script = /user/sbin/userdel -r %u
	log level = 3
	log file = /var/log/samba/log.%m
	load printers = yes
	add group script = /usr/sbin/groupadd %g
	socket options = TCP_NODELAY
	delete group script = /usr/sbin/groupdel %g
	add user to group script = /usr/sbin/usermod -G %g %u
	logon drive = L:
	domain master = yes
	interfaces = 127.0.0.0/8 eth0
	encrypt passwords = yes
	logon home = \\%N\%U
	printer admin = test frc @Admin
	passdb backend = tdbsam
	template shell = /bin/bash
	wins support = true
	server string = %h server (Samba %v, Ubuntu)
	path = /usr/network/
	unix password sync = no
	logon path = \\%N\%U\profile
	add user script = /usr/sbin/useradd -m %u
	valid users = test frc @Admin
	syslog = 0
	panic action = /usr/share/samba/panic-action %d
	domain logons = yes
	#winbind enable local accounts = no
	#winbind trusted domains only = yes
	#winbind enable local accounts = no

All the client machines have been added to samba as machine trust accounts
and users have been added too. In Windows, I can join the domain with the
user 'frc' which succeeds and brings up the message 'Welcome to the domain
CYSOL'. Its only after restarting and trying to login at startup that it
brings up the standard message saying the domain controller is unavailable
or machine account not found. testparm shows the server as a PDC with no
errors. Here's some lines I've picked out from a few of the logfiles:

smbd.log

[2008/02/21 15:55:37, 3] smbd/connection.c:yield_connection(76)
  yield_connection: tdb_delete for name  failed with error Record does not
exist.
[2008/02/21 15:55:37, 3] smbd/server.c:exit_server_common(768)

[2008/02/21 15:55:38, 3] passdb/lookup_sid.c:store_gid_sid_cache(1133)
  store_gid_sid_cache: gid 10001 in cache -> S-1-5-32-545
[2008/02/21 15:55:38, 3] lib/privileges.c:get_privileges(261)
  get_privileges: No privileges assigned to SID
[S-1-5-21-2617085589-4112103509-674510089-1000]
[2008/02/21 15:55:38, 3] lib/privileges.c:get_privileges(261)
  get_privileges: No privileges assigned to SID [S-1-5-2]
[2008/02/21 15:55:38, 3] lib/privileges.c:get_privileges(261)
  get_privileges: No privileges assigned to SID [S-1-5-11]
[2008/02/21 15:55:38, 3] lib/util_seaccess.c:se_access_check(250)
[2008/02/21 15:55:38, 3] lib/util_seaccess.c:se_access_check(251)
  se_access_check: user sid is S-1-5-21-2617085589-4112103509-674510089-1000
  se_access_check: also S-1-5-32-544
  se_access_check: also S-1-1-0
  se_access_check: also S-1-5-2
  se_access_check: also S-1-5-11

SRV-01.log  [server]

[2008/02/21 15:42:14, 3] auth/auth.c:check_ntlm_password(221)
  check_ntlm_password:  Checking password for unmapped user
[CYSOL]\[frc]@[SRV-01] with the new password interface
[2008/02/21 15:42:14, 3] auth/auth.c:check_ntlm_password(224)
  check_ntlm_password:  mapped user is: [CYSOL]\[frc]@[SRV-01]

[2008/02/21 15:42:14, 2] auth/auth.c:check_ntlm_password(309)
  check_ntlm_password:  authentication for user [frc] -> [frc] -> [frc]
succeeded
[2008/02/21 15:42:14, 3] passdb/lookup_sid.c:fetch_gid_from_cache(1089)
  fetch gid from cache 10000 -> S-1-5-32-544
[2008/02/21 15:42:14, 3] passdb/lookup_sid.c:fetch_gid_from_cache(1089)
  fetch gid from cache 10001 -> S-1-5-32-545
[2008/02/21 15:42:14, 3] lib/privileges.c:get_privileges(261)
  get_privileges: No privileges assigned to SID
[S-1-5-21-2617085589-4112103509-674510089-3000]
[2008/02/21 15:42:14, 3] lib/privileges.c:get_privileges(261)
  get_privileges: No privileges assigned to SID [S-1-22-2-0]
2008/02/21 15:42:14, 3] smbd/service.c:make_connection_snum(1033)
  srv-01 (127.0.0.1) connect to service IPC$ initially as user frc (uid=0,
gid=0) (pid 4197)


CYCLE-05.log [client]

[2008/02/21 15:58:04, 3] lib/util_sid.c:string_to_sid(223)
  string_to_sid: Sid frc does not start with 'S-'.
[2008/02/21 15:58:04, 3] lib/util_sid.c:string_to_sid(223)
  string_to_sid: Sid @Admin does not start with 'S-'.
[2008/02/21 15:58:04, 2] smbd/uid.c:change_to_user(193)
  change_to_user: SMB user  (unix user nobody, vuid 101) not permitted
access to share IPC$.
[2008/02/21 15:58:04, 0] smbd/service.c:make_connection_snum(928)
  Can't become connected user!



If this is a problem with SID/UID/GIDs how do i fix it or even test it?
I'm considering uninstalling samba and reinstalling because i'm running out
of ideas on this so any suggestions are appreciated. Please ask if you need
any more info or logfile stuff. 
-- 
View this message in context: http://www.nabble.com/XP-clients-won%27t-login-to-samba-domain-tp15622813p15622813.html
Sent from the Samba - General mailing list archive at Nabble.com.

More information about the samba mailing list