[Samba] new user cannot logon to one computer in the domain

peter pilsl pilsl at goldfisch.at
Wed Apr 1 11:37:57 GMT 2009 


I run a NT-Domain with samba 3.0.28a and WinXP-Clients (SP3)

Everything is fine. But now I created a new user and this new user can logon to all machines in the Domain but one. On this machine the user gets the message "user cannot login. check username/password/domain and be aware that username/password are casesensitive" (I translated this from german)

Other users can login fine.  I applied the sign-seal-regahck on this machine again and the "domain"-reghack, but it didnt help (see below for details)

In the log-files I dont see anything suspicious but from the logfiles it seems that the user is authenticated sucessfully:


check_ntlm_password:  authentication for user [assistance] -> [assistance] -> [assistance] succeeded

The eventlog on XP also didnt reveal anything interesting (like it would when its the sign/seal-problem)


The full smb-log at LogLevel=3 can be found at:
http://www.goldfisch.at/temp/smb.log

the smb-log at LogLevel=15 (~400kb) can be found at:
http://www.goldfisch.at/temp/smb.level15.log

If posting any other log might help please let me know. I would do anything do solve this problem cause it drives me nuts not being able to logon a simple user in my small domain.



smb.conf :
---------------------------------------
[global]

  interfaces = eth4 127.0.0.1
  bind interfaces only = yes

  workgroup = VOEV
  netbios name = server
  server string = xxxxxxx

  wins support = yes
  wins proxy = yes
  dns proxy = no

   security = user
   encrypt passwords = true
   passdb backend = tdbsam
   obey pam restrictions = yes

  hosts allow = 127.0.0.1/32 192.168.1.0/255.255.255.0

  domain logons = yes
  domain master = yes
  preferred master = yes
  logon path = \\%L\profiles\%U
  logon drive = O:
  logon home = \\%L\%U

  logon script = startup.bat %U %G %h %m %L %M %R %d %a %I %i %T %D %w

  time server = yes

......

-------------------------------------------------





and finally the reghack I applied (its standard procedure in this network - every machine gets it):


---------------------------------------
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters]
"requiresignorseal"=dword:00000000
"signsecurechannel"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
"CompatibleRUPSecurity"=dword:00000001
---------------------------------------


any help appretiated !! thnx a lot !!
peter

More information about the samba mailing list