[Samba] Domain logins not working

Gary Dale garydale at rogers.com
Tue Jan 6 05:45:39 GMT 2009

Jeremy Allison wrote:
> On Mon, Jan 05, 2009 at 11:56:07PM -0500, Gary Dale wrote:
>> Jeremy Allison wrote:
>>> On Mon, Jan 05, 2009 at 11:32:18PM -0500, Gary Dale wrote:
>>>> Samba wants the machines to have Unix accounts too!  I don't recall 
>>>> this  behaviour previously, and I note my old server didn't have them 
>>>> -      
>>> Samba has *always* behaved this way.
>>> Jeremy.
>> Why? I can understand user accounts for the various mappings, but what  
>> is the purpose of having Unix machine accounts? Since my old server  
>> didn't have them (not listed in the /etc/passwd file), it doesn't appear  
>> that they are necessary for Samba to operate.
> They are needed for machine accounts, a machine account is
> a principal just like a user account.
> Jeremy.
But a machine account only has significance within the context of a 
Windows Domain, unlike a user account which exists in both Windows and 
Unix environments. Moreover, a user account has a Unix password 
associated with it while a machine account doesn't.

And again, the Unix machine account doesn't appear to be used once the 
Windows machine account is set up. It seems like it's just there to 
validate that the machine account really should be set up. And the error 
message returned if the Unix account is missing is not very helpful.

Anyway, I'm just trying to get my home network running on a new Samba 
server - something I've done many times over the years but this time it 
isn't working. The SWAT wizards usually make it easy - set up the server 
as a domain controller, add some users, machine accounts and shares and 
things work. This time it's not and I'm still wondering why. The syslog 
entries don't seem to be telling me very much. For example, I have an 
XP/Pro workstation that is connected to shares on the server (logged in 
as garydale when I had my old DC running) that is filling syslog with 
the following:

Jan  6 00:27:08 whenim64 smbd[31400]:   _net_auth2: creds_server_check 
failed. Rejecting auth request from client HYPERZIP machine account 

More information about the samba mailing list