[Samba] group policy client service failed the logon

Shawn Dakin dakinsh00 at staff.nctschools.org
Wed Jun 6 13:31:28 MDT 2012


So after another day of investigation I have discovered it may be a LAM issue.
If I create a new user using smbldap-useradd the new user can login to
my win7 workstations. However, if I create the new user in LAM the new
user receives the error "group policy client service failed the logon.
Access denied"

Any one have an idea what LAM is doing to the user accounts?

Here is a quick comparison.

yo.littledog (GOOD ACCOUNT)
I know the home dir and profile path are wrong.
SAMBA1:/var/log/samba # pdbedit -Lv yo.littledog
smbldap_search_domain_info: Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=NEVSD))]
StartTLS issued: using a TLS connection
smbldap_open_connection: connection opened
ldap_connect_system: successful connection to the LDAP server
init_sam_from_ldap: Entry found for user: yo.littledog
init_group_from_ldap: Entry found for group: 513
Unix username:        yo.littledog
NT username:          yo.littledog
Account Flags:        [U          ]
User SID:             S-1-5-21-1545272169-3882205488-3325164475-1328
Primary Group SID:    S-1-5-21-1545272169-3882205488-3325164475-513
Full Name:            yo.littledog
Home Directory:       \\PDC-SRV\yo.littledog
HomeDir Drive:        H:
Logon Script:         logon.bat
Profile Path:         \\PDC-SRV\profiles\yo.littledog
Domain:               NEVSD
Account desc:
Workstations:
Munged dial:
Logon time:           0
Logoff time:          Mon, 18 Jan 2038 22:14:07 EST
Kickoff time:         Mon, 18 Jan 2038 22:14:07 EST
Password last set:    Wed, 06 Jun 2012 14:52:39 EDT
Password can change:  Wed, 06 Jun 2012 14:52:39 EDT
Password must change: never
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF



yo.dog (BAD ACCOUNT)
SAMBA1:/var/log/samba # pdbedit -Lv yo.dog
smbldap_search_domain_info: Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=NEVSD))]
StartTLS issued: using a TLS connection
smbldap_open_connection: connection opened
ldap_connect_system: successful connection to the LDAP server
init_sam_from_ldap: Entry found for user: yo.dog
init_group_from_ldap: Entry found for group: 513
Unix username:        yo.dog
NT username:          yo.dog
Account Flags:        [UX         ]
User SID:             S-1-5-21-1545272169-3882205488-3325164475-21006
Primary Group SID:    S-1-5-21-1545272169-3882205488-3325164475-513
Full Name:            Yo Dog
Home Directory:       \\SAMBA1\yo.dog
HomeDir Drive:        H:
Logon Script:
Profile Path:         \\samba1\profiles\yo.dog
Domain:               NEVSD
Account desc:
Workstations:
Munged dial:
Logon time:           0
Logoff time:          never
Kickoff time:         Mon, 31 Dec 2029 19:00:00 EST
Password last set:    Wed, 06 Jun 2012 15:19:40 EDT
Password can change:  Wed, 06 Jun 2012 15:19:40 EDT
Password must change: Mon, 18 Jan 2038 22:14:07 EST
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF


More information about the samba mailing list