[Samba] Logon scripts not executed when NT4 trusted domain users log in a S3-controlled domain

Christian PERRIER bubulle at debian.org
Mon Mar 21 11:36:22 MDT 2011

I'm currently building a Samba3-based domain (DomA) that has a trust
relationship with an existing production NT4 domain (DomB).

DomA uses an LDAP backend. The LDAP server is local on the PDC and is
dedicated to such use. DomA runs Samba 3.5.6 on Debian 6.0.

DomB is an old-timer: NT4 domain that's running for ages.

The trust relationship has been established: DomA trusts DomB.

Clients (Windows XP workstations) can join DomA flawlessly.  Machine
accounts are properly created in the LDAP backend.

A DomB user can open a session on client workstations...however:
- I get a notice that the domain paassword is expired. I can either
change it or ignore the warning, but:
- the DomB user logon script is not executed
- the DomB user home directory is not connected (users in DomB have their
home set to \\someserver\login)

Of course, everything is working as expected when DomB users open a
session on a DomB client: no password expiration warning, logon script

I actually see no sign of abnormal behaviour in samba logs on the
PDC. Indeed, once the user is authenticated, nothing shows up in the

Would you people have suggestions about places where I could
investigate such problem?

More information about the samba mailing list