[Samba] Can only log on to domain, not local machine

Gaiseric Vandal gaiseric.vandal at gmail.com
Wed Jan 13 07:30:21 MST 2010

On 01/12/10 21:14, Rob Feldman wrote:
> Hi Don,
> Yeah, the behavior you describe is what I expected but not what I'm getting.
> All domain UID/Password pairs authenticate fine when connected, none do when
> disconnected. The login credentials are not being cached, but I can't figure
> out why. I checked the XP group policy and the default setting to keep the
> last 10 logins is intact.
> My setup is the same as yours, XP clients of domain with a Samba PDC. I
> maintain another similar system at work which works fine.
> I really appreciate the effort -- any other ideas?
> Thanks,
> Rob
> -----Original Message-----
> From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
> On Behalf Of samba at piven.org
> Sent: Tuesday, January 12, 2010 8:38 PM
> To: samba at lists.samba.org
> Subject: Re: [Samba] Can only log on to domain, not local machine
> Rob Feldman wrote:
>> Used Administrator login on XP client to grant domain users rights to log
> on
>> to client machine (such as when offline). All attempts to log on to local
>> machine fail authentication (error "System could not log you on. Check
> user
>> name and domain..."). Everything else works fine, including logon to
> domain
>> and synchronization of offline folders. Frustrating having all data
>> available offline but inaccessible because I can't log in!
>> Don't know what I'm doing wrong, seems like my setup is wrong preventing
> XP
>> from getting password info properly for later use away from domain. Sorry
> if
>> this is a dopey question, but I've pored over all howtos&  other resources
>> and am still stumped. Plenty of help available for fixing XP clients not
>> logging into smb domain, but none I can find if XP can't log into itself.
> Have you tried just logging in with the domain login and password?
> XP Pro caches login credentials, so the next time a user logs in, the
> cached credentials can be used if for some reason the machine can't
> contact a domain controller.  For example, I have an XP Pro machine on
> my desk, joined to a domain managed by a Samba server.  I pulled the
> network cable out of that machine, then logged into it using my plain
> old unprivileged domain logon.  Works fine, except that I can't get to
> my home directory out on the Samba server :-)
> Microsoft already did the grunt work to let your users logon to an
> off-network machine.
> Don

Can you clarify-
     when you logon disconnected  are you setting the "logon to" 
parameter to the DomainName or the LocalPCName.  It should be the 

By default, Domain Users should be a member of local users, and should 
already be able to logon offline (assuming they have logged in on line 
at least once.)

If you login on  online as the network admin, are you able to create 
local users or do other "administrative" stuff?  I ran into one issue 
with group mapping where the local PC was not recognizing my all my 
groups.  So even though I was a Domain Administrator, the XP machine 
didn't realize I was a member of Domain Admins and thus I didn't get the 
privledges of the local Administrators groups.  And on the same lines, 
domain users did properly get the privileges assigned to the local users 

More information about the samba mailing list