[Samba] unknown authentification failure - Samba 4.0.1 pdc

Rowland Penny rowlandpenny at googlemail.com
Wed Oct 30 04:12:25 MDT 2013

On 29/10/13 21:10, bugblatterbeast wrote:
> Am 29.10.2013 20:53, schrieb Rowland Penny:
>> I will say it again, but this is the last time, post what OS's you 
>> are using, what versions of samba you are using & where, finally post 
>> your smb.conf's. Without this info, nobody will be able to even start 
>> to help you.
>> Rowland
> I did attach the smb.conf to the last mail.
> I wrote in the subject, that I'm using samba 4.0.1.
> I have to admit, that I forgot to write that the client OS is Windows 
> 7 SP 1 and the server's OS is Ubuntu 12.4 LTS.
> I don't know how to say this, without being misunderstood, but I 
> really think, that we're not on the same page here. I don't ask for 
> anybody to hold my hand. I'm working with samba for over ten years now 
> - I'm just new to active directory and I just want to ask the 
> community, if anybody has seen this problem before and/or can give me 
> a hint, how to determine, what's causing this strange behaviour on one 
> single workstation, while all the others are working fine. This ought 
> to be some kind of windows problem, but a little more verbosity from 
> samba would be very helpful.
> very much (I really mean it), but it's fine. I do appreciate your 
> efforts, I just don't want anybody to bother. If you've heard about 
> this problem before, it would be nice if you could tell me about your 
> experiences - otherwise it's ok - really.
> I sincerely hope, that nobody feels offended by that. It's not my 
> intension.

Sorry, I missed the attachment, but now that I have had a look at your 
smb.conf, it would seem that you are mixing up an NT PDC with an AD DC.

You need to remove the following from the smb.conf on the Samba4 AD DC:

        logon drive & logon home, these are only used by NT Workstations.

        logon path, again only used by NT Workstations and you should 
now have this info in each users data in AD ( profilePath attribute ) 
and this is also setup by [profiles]

        security = user, totally un-needed, this is the default security 
setting in Samba. Also it is superceeded by the fact that you are 
running as an active directory domain controller

        public, this is a synonym for guest ok. You are allowing anybody 
to connect without a password, in my opinion, this should never be in 

        log file, You will end up with a logfile called log.%m in 
/var/log/samba instead of the standard log.samba & log.smbd

        browseable, There is at the present time no network browsing 
(network neighborhood) in Samba4 but you can connect by address.

Remove the above and restart Samba4 and lets go from there.


More information about the samba mailing list