[Samba] XP SP3 can't authenticate

Fri Dec 16 09:03:12 MST 2011

XP will not require in registry edits for samba 3 (at least samba 3.0.x 
through 3.5.x)

Machines names should end in "$"

# pdbedit -Lv opus$
smbldap_search_domain_info: Searching 
for:[(&(objectClass=sambaDomain)(sambaDomainName=XXXXXX))]
smbldap_open_connection: connection opened
ldap_connect_system: successful connection to the LDAP server
init_sam_from_ldap: Entry found for user: OPUS$
init_group_from_ldap: Entry found for group: 515
Unix username:        OPUS$
NT username:          OPUS$
Account Flags:        [W          ]
User SID:             S-1-5-21-xxx-xxx-xxx-yyyy
Primary Group SID:    S-1-5-21-xxx-xxx-xxx-515
Full Name:            OPUS$
.....
Logon time:           0
Logoff time:          never
Kickoff time:         never
Password last set:    Wed, 23 Nov 2011 14:03:47 EST
Password can change:  Wed, 23 Nov 2011 14:03:47 EST
Password must change: Fri, 22 Nov 2013 14:03:47 EST
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
#

On 12/15/2011 12:52 PM, Hervé Hénoch wrote:
> Here is the result of net groupmap list
>
> Domain Admins (S-1-5-21-1031258178-388409940-3248586695-512) -> Domain 
> Admins
> Domain Users (S-1-5-21-1031258178-388409940-3248586695-513) -> Domain 
> Users
> Domain Guests (S-1-5-21-1031258178-388409940-3248586695-514) -> nogroup
> Domain Computers (S-1-5-21-1031258178-388409940-3248586695-515) -> 
> Domain Computers
> Administrators (S-1-5-32-544) -> Administrators
> Account Operators (S-1-5-32-548) -> Account Operators
> Print Operators (S-1-5-32-550) -> Print Operators
> Backup Operators (S-1-5-32-551) -> Backup Operators
> Replicators (S-1-5-32-552) -> Replicators
>
> It is seems ok.
>
> Here is the result of pdbedit -Lv of the user "pharma" which can't 
> enter in the session :
>
> pdbedit -Lv | grep pharma
> init_sam_from_ldap: Entry found for user: pharma
> Unix username:        pharma
> NT username:          pharma
> Logon Script:         pharma.bat
>
> Can it be  a problem in the register of windows ? The machine is a XP 
> Pro SP3 ...
>
> Regards
>
>
>
> Le 15/12/2011 17:40, Gaiseric Vandal a écrit :
>> It might be an issues with group mappings (for the well know groups.)
>>
>> Can you verify that the " net  groupmap list"  shows at a  minimum 
>> "Domain Users" and "Domain Admins."
>> If you login as Administrator, can you can network users or groups to 
>> the local "Users" group?
>>
>>
>> Does "pdbedit -Lv" show the computer account on the PDC.  Does 
>> "getent passwd" shows the computer account on the PDC?
>>
>>
>>
>> On 12/15/2011 11:16 AM, Hervé Hénoch wrote:
>>> Hello,
>>>
>>> I have a strange problem. I've re-included a XP SP3 pro in my samba 
>>> domain. Only the administrators can authenticate and enter in a 
>>> windows session.
>>>
>>> All other users can't.
>>>
>>>
>>> smb version : 3.3.5
>>>
>>> Any help would be appreciate ...
>>>
>>> regards
>>>
>>
>