[Samba] user cannot logon to domain although log says "auth succeeded"

peter pilsl pilsl at goldfisch.at
Tue May 19 15:19:34 GMT 2009 

I have a very strange problem and I'm doomed. In a samba-domain with XP-clients certain users cannot logon to some computers.

The user tries to logon but *immediately* gets the message "you cant get logged on. please check username and domain and retype your password" (translated from german) on the XP-machine.

In the samba-logs (Loglevel=2) it says:

[2009/05/19 16:47:16,  2] lib/access.c:check_access(406)
  Allowed connection from  (192.168.1.77)
[2009/05/19 16:47:16,  2] smbd/reply.c:reply_special(492)
  netbios connect: name1=SERVER          name2=VOEV12         
[2009/05/19 16:47:16,  2] smbd/reply.c:reply_special(499)
  netbios connect: local=server remote=voev12, name type = 0

[2009/05/19 16:47:26,  2] auth/auth.c:check_ntlm_password(308)
  check_ntlm_password:  authentication for user [ingrid] -> [ingrid] -> [ingrid] succeeded


I used samba 3.0.28 that comes with ubuntu 8.10 but now I compiled recent 3.3.4 and have the same problem, so its either a problem on WinXP-side or in the config itself.

A more detailed log at Loglevel=15 can be viewed at : http://www.goldfisch.at/temp/smb.log.txt  (~150kB)

I'm kind of desperate here and I'm really looking forward for any hint/tip/help ...

thnx,
peter

here is my config 


[global]

  interfaces = eth4 127.0.0.1
  bind interfaces only = yes

  workgroup = VOEV
  netbios name = server
  server string = Freire2

  wins support = yes
  wins proxy = yes
;  wins server = w.x.y.z

   dns proxy = no

  log file = /data/log/samba/log.%m
   log level=15



   security = user
   encrypt passwords = true
   passdb backend = tdbsam
   obey pam restrictions = yes
;   guest account = nobody
;   invalid users = root

  hosts allow = 127.0.0.1/32 192.168.1.0/255.255.255.0

  domain logons = yes
  domain master = yes
  preferred master = yes
  logon path = \\%L\profiles\%U
  logon drive = O:
  logon home = \\%L\%U

  logon script = startup.bat %U %G %h %m %L %M %R %d %a %I %i %T %D %w

time server = yes

  load printers = no
  printcap name = /dev/null
  disable spoolss = yes


   socket options = TCP_NODELAY

unix charset = UTF-8
display charset = UTF-8
add machine script = /usr/sbin/useradd -g machines -c Machine -s /bin/false %u

message command = echo %t %f %s >>/opt/msg.txt &



[profiles]
        comment = NT Profiles
        path = /data/samba/profiles/%a
        browseable = Yes
        csc policy = manual
        directory mode = 0700
        profile acls = yes
        read only = No


[homes]
        comment = PRIVATE home
        browseable = No
        read only = No
        path = /data/samba/user/%U
        create mask = 0700
        directory mask = 0700
        force group = users

[netlogo]
# to avoid netlogo-errors in the log
        comment = wannabe NTserver
        path = /data/samba/netlogon
        browseable = No
        writeable = No

[netlogon]
        comment = wannabe NTserver
        path = /data/samba/netlogon
        browseable = No
        writeable = No

[daten]
        comment = Daten
        path = /data/samba/daten
        create mode = 6777
        directory mode = 6777
        read only = No

More information about the samba mailing list