[Samba] Can only log on to domain, not local machine

Rob Feldman feldmrob at attglobal.net
Tue Jan 12 15:12:28 MST 2010

Used Administrator login on XP client to grant domain users rights to log on
to client machine (such as when offline). All attempts to log on to local
machine fail authentication (error "System could not log you on. Check user
name and domain..."). Everything else works fine, including logon to domain
and synchronization of offline folders. Frustrating having all data
available offline but inaccessible because I can't log in!

Don't know what I'm doing wrong, seems like my setup is wrong preventing XP
from getting password info properly for later use away from domain. Sorry if
this is a dopey question, but I've pored over all howtos & other resources
and am still stumped. Plenty of help available for fixing XP clients not
logging into smb domain, but none I can find if XP can't log into itself.

Here's the configuration:
XP Pro SP3 client, all updates
Ubuntu 9.10 (karmic) server, all current
Samba 3.4.0 PDC
	workgroup = MYGROUP
	server string = %h
	interfaces =, eth0
	map to guest = Bad User
	obey pam restrictions = Yes
	pam password change = Yes
	passwd program = /usr/bin/passwd %u
	passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
	username map = /etc/samba/smbusers
	unix password sync = Yes
	syslog = 0
	log file = /var/log/samba/log.%m
	max log size = 1000
	smb ports = 139
	name resolve order = lmhosts hosts wins bcast
	add user script = /usr/sbin/useradd -m %u
	delete user script = /usr/sbin/userdel -r %u
	add group script = /usr/sbin/addgroup --force-badname %g
	delete group script = /usr/sbin/groupdel %g
	add user to group script = /usr/sbin/groupmod -A %u %g
	delete user from group script = /usr/sbin/groupmod -R %u %g
	add machine script = /usr/sbin/useradd -g machines -s /bin/false -d
/var/lib/nobody %u
	logon script = logon.cmd
	logon drive = H:
	domain logons = Yes
	preferred master = Yes
	domain master = Yes
	dns proxy = No
	wins support = Yes
	usershare allow guests = Yes
	panic action = /usr/share/samba/panic-action %d
	admin users = feldmadmin, @admin
	hide unreadable = Yes
	hide files = /Desktop.ini/

More information about the samba mailing list