[Samba] The Group Policy Client service failed the logon. Access is denied.

Mat Enders mat.enders at gmail.com
Wed Jan 4 00:38:57 MST 2012

Hello all,

          Let give the background.  We replaced our PDC with a new
machine.  Both old and new machines are running Debian 6.0 Squeeze and
Samba 3.5.6.  moved all data and user accounts to new server.  New
server has the exact same configuration files as the old server.  All
machines have been rejoined to the domain both WinXP and Win7.  The
WinXP machines work perfectly all domain users can login with their
roaming profiles and all is good.  However on the Win7 machines none
of the network users can log in to the machine.  Upon attempting you
get the this error "The Group Policy Client service failed the logon.
Access is denied."  After Googling around for a solution I have
attempted the following solutions:

1) Delete the roaming profile
       Machine recreates the roaming profile but denies login
2) Delete registry key from
       Machine recreates the key but denies login
3) Both 1&2 at the same time
       Machine recreates the roaming profile and the key but denies login

Any pointers would be greatly appreciated see smb.conf file below.

	smb passwd file = /etc/samba/passdb.tdb
	enable privileges = yes
	logon drive = H:
	domain master = yes
	encrypt passwords = true
	logon home = \\%L\%U
	netbios name = ARDVARC
	server string = Gaudior's PDC
	logon script = logon.bat
	local master = yes
	workgroup = GAUACA
	logon path = \\%L\%U\profile
	os level = 99
	security = user
	add machine script = /usr/sbin/useradd -s /bin/false \-d /dev/null %u
	preferred master = yes
	domain logons = yes
	hide files = /desktop.ini/$RECYCLE.BIN/profile/profile.V2/
	guest account = nobody
	map to guest = bad user
	wins support = yes

	comment = staff share drive
	path = /home/staff/share
	read only = no
	;valid users =

	comment = student share by level
	path = /home/student/share
	read only = no

	comment = Net Logon Service
	path = /home/netlogon
	read only = yes
	write list = root
	public = yes
	guest ok = yes
	browsable = no

	comment = Home
	valid users = %S
	read only = no
	browsable = no

Mathew E. Enders

"Where once Samba and Apache sold Linux to the world they are now just
part of the plumbing.  But that's OK, plumbers make good money."
--Jeremy Allison

More information about the samba mailing list