Michael Traynor
2002-Mar-27 21:15 UTC
[Samba] Authentication of Win2K clients to domain with Samba PDC: fails b/c of problem with the "computer account" for the client.
Hi everyone, Any help with the following problem would be greatly appreciated. I've spent a lot of time going over similar threads in the mailing list and re-reading the Samba documentation, but all roads have to /dev/null thus far. Thanks! ************************************************ Problem: Unable to authenticate to domain with Win2K client. System: RedHat Linux 7.2 on an i386. Samba version: 2.2.1a (RPM supplied with RedHat 7.2). Clients: Win2K. ************************************************ Additional information about the problem: Identification of the Win2K client on the network (system properties -> network id -> properties) proceeds normally and Win2K instructs the user to reboot the client machine. After this, attempts to log on to the domain using any valid username (root included) fail. The error message displayed by the Win2K client is: "The system cannot log you on to this domain because the system's computer account in its primary domain is missing or the password on that account is incorrect". A log file (/var/log/samba/%m.log) is generated on the server, but it is empty. ps -ax | grep mdb shows a single smdb process and two nmbd processes running on the server. The /var/log/samba/log.nmdb file (included below) indicates that election of the Samba server as the master browser took place normally at startup and smbclient commands from the linux console execute normally. Also, logging on to the Win2K client *machine* (rather than the domain) allows normal browsing of the network. ************************************************ Relevant system files: /etc/passwd (relevant entries only): root:x:0:0:root:/root:/bin/bash mdt:x:500:500:Michael Traynor:/home/mdt:/bin/bash cm:x:501:501:Chantal Mayer:/home/cm:/bin/bash NTadmin:x:505:505:Admin account for NT domain:/home/NTadmin:/bin/bash SHIRE$:x:506:100:Gateway_laptop:/dev/null:/dev/false /etc/samba/smbpasswd: SHIRE$:506:42C5C736306CBFEFAAD3B435B51404EE:8D2EBFA821197B9B712D6DA85530C595:[W ]:LCT-3CA26BB9: root:0:570CE399DA1412ABAAD3B435B51404EE:D69658F23C1B46D15CEA90B79F0FDC66:[U ]:LCT-3CA26BC8: mdt:500:5922D3C6D7E1DB085ACC35A98E0AE6F9:066D09C815260D3EE03D3A54BF07BCBF:[U ]:LCT-3CA26C36: cm:501:11D7B54E128A85A2AAD3B435B51404EE:E65AA4E39077696BC251F42DC1A898D7:[U ]:LCT-3CA26C46: NTadmin:505:570CE399DA1412ABAAD3B435B51404EE:D69658F23C1B46D15CEA90B79F0FDC66:[U ]:LCT-3CA26CBA: /etc/samba/smb.conf ([global] section only): [global] workgroup = middle_earth server string = Samba Server (version %v) hosts allow = 127. 192.168.1. printcap name = /etc/printcap load printers = yes printing = cups log file = /var/log/samba/%m.log max log size = 20000 # Kb security = user encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = yes os level = 255 domain master = yes preferred master = yes domain logons = yes logon path = \\%L\profiles\%U # NT-based systems logon home = \\%L\%U\.Win9x_profile # Win9x systems logon drive = h: wins support = yes dns proxy = no preserve case = yes short preserve case = yes default case = lower case sensitive = no /var/log/samba/nmbd.log: [2002/03/27 18:40:28, 0] nmbd/asyncdns.c:start_async_dns(150) started asyncdns process 973 [2002/03/27 18:40:28, 0] nmbd/nmbd_logonnames.c:add_logon_names(158) add_domain_logon_names: Attempting to become logon server for workgroup MIDDLE_EARTH on subnet 192.168.1.1 [2002/03/27 18:40:28, 0] nmbd/nmbd_logonnames.c:add_logon_names(158) add_domain_logon_names: Attempting to become logon server for workgroup MIDDLE_EARTH on subnet UNICAST_SUBNET [2002/03/27 18:40:28, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(341) become_domain_master_browser_wins: Attempting to become domain master browser on workgroup MIDDLE_EARTH, subnet UNICAST_SUBNET. [2002/03/27 18:40:28, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(354) become_domain_master_browser_wins: querying WINS server at IP 192.168.1.1 for domain master browser name MIDDLE_EARTH<1b> on workgroup MIDDLE_EARTH [2002/03/27 18:40:28, 0] nmbd/nmbd_logonnames.c:become_logon_server_success(116) become_logon_server_success: Samba is now a logon server for workgroup MIDDLE_EARTH on subnet UNICAST_SUBNET [2002/03/27 18:40:28, 0] nmbd/nmbd_become_dmb.c:become_domain_master_stage2(117) ***** Samba server BILBO is now a domain master browser for workgroup MIDDLE_EARTH on subnet UNICAST_SUBNET ***** [2002/03/27 18:40:28, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(293) become_domain_master_browser_bcast: Attempting to become domain master browser on workgroup MIDDLE_EARTH on subnet 192.168.1.1 [2002/03/27 18:40:28, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(306) become_domain_master_browser_bcast: querying subnet 192.168.1.1 for domain master browser on workgroup MIDDLE_EARTH [2002/03/27 18:40:32, 0] nmbd/nmbd_logonnames.c:become_logon_server_success(116) become_logon_server_success: Samba is now a logon server for workgroup MIDDLE_EARTH on subnet 192.168.1.1 [2002/03/27 18:40:36, 0] nmbd/nmbd_become_dmb.c:become_domain_master_stage2(117) ***** Samba server BILBO is now a domain master browser for workgroup MIDDLE_EARTH on subnet 192.168.1.1 ***** [2002/03/27 18:40:51, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(405) ***** Samba name server BILBO is now a local master browser for workgroup MIDDLE_EARTH on subnet 192.168.1.1 *****