I have a working Samba PDC, I can log in and out from a windows xp
workstation. I recently upgraded to 3.0.25b-33 and now, when I add a new
user, I get:
The system cannot log you on due to the following error:
A device attached to the system is not fuctioning
Please try again or consult your system administrator
I have network connectivity. I was able to join this machine to the
domain through windows xp. I can log on to the domain from this machine
with an existing user. All file and directory permissions are correct:
If I run the smbclient command I get:
session setup failed: NT_STATUS_NO_LOGON_SERVERS
Samba is indeed running. If I run smbclient with an existing user I get:
Domain=[GLASTENDERNET] OS=[Unix] Server=[Samba 3.0.25b-SerNet-RedHat]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Glastender File Server)
supervisors Disk Supervisors
shadowrods Disk Shadowrods
sales Disk Sales
safety Disk Safety
quality Disk Quality
purchasing Disk Purchasing
production Disk Production
marketing Disk Marketing
managers Disk Managers
it Disk Infomation Systems
human_resources Disk Human Resources
engineering Disk Engineering
accounting Disk Accounting
shared Disk Public Share
Domain=[GLASTENDERNET] OS=[Unix] Server=[Samba 3.0.25b-SerNet-RedHat]
Server Comment
--------- -------
ASTER Glastender Domain Controller running
3.0.25b-Ser
HENBANE Glastender File Server
Workgroup Master
--------- -------
GLASTENDERNET ASTER
I found this entry in the domain controllers samba log:
[2007/07/16 13:55:13, 5]
rpc_server/srv_netlog_nt.c:_net_sam_logon_internal(934)
_net_sam_logon: check_password returned status NT_STATUS_OK
[2007/07/16 13:55:13, 1]
rpc_server/srv_netlog_nt.c:_net_sam_logon_internal(1004)
_net_sam_logon: user GLASTENDERNET\jrolfe has user sid
S-1-5-21-3568796296-2565465778-716510536-3404
but group sid S-1-5-21-1194936901-2368177035-684874509-513.
The conflicting domain portions are not supported for NETLOGON calls
<----------------------CUT---------------------->
[2007/07/16 13:55:13, 5] rpc_parse/parse_prs.c:prs_ntstatus(769)
001c status : NT_STATUS_UNSUCCESSFUL
[2007/07/16 13:55:13, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305)
api_rpcTNP: called NETLOGON successfully
My smb.conf file:
[global]
unix charset = LOCALE
workgroup = glastendernet
netbios name = aster
server string = Glastender Domain Controller running %v
interfaces = eth1, lo
bind interfaces only = yes
os level = 255
preferred master = yes
local master = yes
domain master = yes
security = user
time server = yes
username map = /etc/samba/smbusers
wins support = yes
encrypt passwords = yes
pam password change = yes
name resolve order = wins bcast hosts
winbind nested groups = no
passdb backend = ldapsam:ldap://aster.glastender.com
ldap passwd sync = Yes
ldap suffix = dc=glastender,dc=com
ldap admin dn = cn=Manager,dc=glastender,dc=com
ldap ssl = no
ldap group suffix = ou=Groups
ldap user suffix = ou=People
ldap machine suffix = ou=People
ldap idmap suffix = ou=Idmap
idmap backend = ldap:ldap://aster.glastender.com
idmap uid = 10000-20000
idmap gid = 10000-20000
map acl inherit = yes
add user script = /etc/smbldap-tools/smbldap-useradd -m "%u"
#delete user script = /etc/smbldap-tools/smbldap-userdel "%u"
add machine script = /etc/smbldap-tools/smbldap-useradd -w "%u"
add group script = /etc/smbldap-tools/smbldap-groupadd -p "%g"
#delete group script = /etc/smbldap-tools/smbldap-groupdel "%g"
add user to group script = /etc/smbldap-tools/smbldap-groupmod -m
"%u" "%g"
delete user from group script = /etc/smbldap-tools/smbldap-groupmod
-x "%u" "%g"
set primary group script = /etc/smbldap-tools/smbldap-usermod -g
"%g" "%u"
domain logons = yes
log file = /var/log/samba/log.%m
log level = 5
syslog = 0
max log size = 50
#smb ports = 139 445
smb ports = 139
hosts allow = 127.0.0.1 172.16.0.0/255.255.0.0
# User profiles and home directories
logon drive = U:
logon path = \\%L\profiles\%U
logon script = %U.bat
large readwrite = no
read raw = no
write raw = no
printcap name = /etc/printcap
load printers = no
printing template shell = /bin/false
winbind use default domain = no
#=========Shares======[homes]
comment = Home Directories
browseable = no
read only = no
write list = %U
create mask = 0600
directory mask = 0700
force user = %U
[profiles]
comment = Profile Share
path = /var/lib/samba/profiles
writeable = yes
browseable = no
profile acls = yes
[netlogon]
path = /var/lib/samba/netlogon
guest ok = yes
locking = no
LDAP is also working fine. I'm at a loss to figure this out.
--
*Jason Baker
*/IT Coordinator/
*Glastender Inc.*
5400 North Michigan Road
Saginaw, Michigan 48604 USA
800.748.0423
Phone: 989.752.4275 ext. 228
Fax: 989.752.4444
www.glastender.com <http://www.glastender.com>
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GIT$ d- s: a C++$ LU+++$ P+ L++>L++++ !E--- W+++ N o? K?
w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h---
r+++ y+++
------END GEEK CODE BLOCK------