samba - Feb 2004 - SAMBA 3 as PDC - W2K/WXP Pro logon trouble

I have a Samba 3 PDC running with an LDAP backend on Red Hat 8.  All
authentication appears to be working correctly but I can't login to the
domain from a W2K or WXP Pro workstation after I have successfully joined
them to the domain.  If I login locally to the workstation I can browse the
Samba shares just fine.  I have checked the schannel and sign or seal
settings on both the workstations and the server and made sure they were set
to disable but still no luck.  Can anyone give me any ideas on how to solve
this problem.

 

TIA

Scott

 

Smb.conf

# Samba config file created using SWAT

# from 0.0.0.0 (0.0.0.0)

# Date: 2003/11/25 10:42:04

 

# Global parameters

[global]

        workgroup = FIFEDEV

        netbios name = Dev

        null passwords = Yes

        passdb backend = ldapsam

        passwd program = /usr/local/bin/smbldap-passwd.pl -o %u

        passwd chat = *new*password* %n\n *new*password:* %n\ *successfully*

        passwd chat debug = Yes

        log file = /var/log/samba/%m.log

        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

        add user script = /usr/local/sbin/smbldap-useradd.pl -a "%u"

        delete user script = /usr/local/sbin/smbldap-useradd.pl -d
"%u"

        add group script = /usr/local/sbin/smbldap-useradd.pl -a -g "%g%

        delete group script = /usr/local/sbin/smbldap-useradd.pl -d -g
"%g"

        add user to group script = /usr/local/sbin/smbldap-useradd.pl -j -u
"%u" -g "%g"

        delete user from group script = /usr/local/sbin/smbldap-useradd.pl
-j -u "%u" -g "%g"

        set primary group script = /usr/local/sbin/smbldap-useradd.pl -m -u
"%u" -gid "%g"

        add machine script = /usr/local/sbin/smbldap-useradd.pl -a -w
"%m"

        logon script = logon.bat

        logon path 
        logon drive 
        domain logons = Yes

        os level = 22

        preferred master = Yes

        domain master = Yes

        wins support = Yes

        wins proxy = No

        ldap suffix = dc=test,dc=com

        ldap machine suffix = ou=_COMPUTERS_

        ldap user suffix = ou=_USERS_

        ldap group suffix = ou=_GROUPS_

        ldap admin dn = "cn=Manager,dc=test,dc=com"

        ldap ssl = No

        ldap passwd sync = yes

        comment = Samba-PDC Server

        public = No

        browseable = Yes

        writable = No

        client schannel = No

        server schannel = No

        client signing = No

        server signing = No

 

[netlogon]

        path = /usr/local/samba/lib/netlogon

        read only = Yes

        write list = ntadmin

        locking = No

 

[tmp]

        path = /tmp

        guest ok = Yes

        read only = Yes

 

[profiles]

        path = /profiles

        read only = No

        writable = Yes

        create mask = 0600

        directory mask = 0700

 

[homes]

        comment = Home Directories

        browsable = no

        writeable = yes

        valid users = %S

        create mask = 0700

        directory mask = 0700

        hide dot files = yes

I have a Samba 3 PDC running with an LDAP backend on Red Hat 8.  All
authentication appears to be working correctly but I can't login to the
domain from a W2K or WXP Pro workstation after I have successfully joined
them to the domain.  If I login locally to the workstation I can browse the
Samba shares just fine.  I have checked the schannel and sign or seal
settings on both the workstations and the server and made sure they were set
to disable but still no luck.  Can anyone give me any ideas on how to solve
this problem.

 

TIA

Scott

 

Smb.conf

# Samba config file created using SWAT

# from 0.0.0.0 (0.0.0.0)

# Date: 2003/11/25 10:42:04

 

# Global parameters

[global]

        workgroup = FIFEDEV

        netbios name = Dev

        null passwords = Yes

        passdb backend = ldapsam

        passwd program = /usr/local/bin/smbldap-passwd.pl -o %u

        passwd chat = *new*password* %n\n *new*password:* %n\ *successfully*

        passwd chat debug = Yes

        log file = /var/log/samba/%m.log

        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

        add user script = /usr/local/sbin/smbldap-useradd.pl -a "%u"

        delete user script = /usr/local/sbin/smbldap-useradd.pl -d
"%u"

        add group script = /usr/local/sbin/smbldap-useradd.pl -a -g "%g%

        delete group script = /usr/local/sbin/smbldap-useradd.pl -d -g
"%g"

        add user to group script = /usr/local/sbin/smbldap-useradd.pl -j -u
"%u" -g "%g"

        delete user from group script = /usr/local/sbin/smbldap-useradd.pl
-j -u "%u" -g "%g"

        set primary group script = /usr/local/sbin/smbldap-useradd.pl -m -u
"%u" -gid "%g"

        add machine script = /usr/local/sbin/smbldap-useradd.pl -a -w
"%m"

        logon script = logon.bat

        logon path 
        logon drive 
        domain logons = Yes

        os level = 22

        preferred master = Yes

        domain master = Yes

        wins support = Yes

        wins proxy = No

        ldap suffix = dc=test,dc=com

        ldap machine suffix = ou=_COMPUTERS_

        ldap user suffix = ou=_USERS_

        ldap group suffix = ou=_GROUPS_

        ldap admin dn = "cn=Manager,dc=test,dc=com"

        ldap ssl = No

        ldap passwd sync = yes

        comment = Samba-PDC Server

        public = No

        browseable = Yes

        writable = No

        client schannel = No

        server schannel = No

        client signing = No

        server signing = No

 

[netlogon]

        path = /usr/local/samba/lib/netlogon

        read only = Yes

        write list = ntadmin

        locking = No

 

[tmp]

        path = /tmp

        guest ok = Yes

        read only = Yes

 

[profiles]

        path = /profiles

        read only = No

        writable = Yes

        create mask = 0600

        directory mask = 0700

 

[homes]

        comment = Home Directories

        browsable = no

        writeable = yes

        valid users = %S

        create mask = 0700

        directory mask = 0700

        hide dot files = yes

 

testparm -v (output)

# Global parameters

[global]

        dos charset = CP850

        unix charset = UTF-8

        display charset = LOCALE

        workgroup = FIFEDEV

        realm 
        afs username map 
        netbios name = DEV

        netbios aliases 
        netbios scope 
        server string = Samba 3.0.1

        interfaces 
        bind interfaces only = No

        security = USER

        auth methods 
        encrypt passwords = Yes

        update encrypted = No

        client schannel = No

        server schannel = No

        allow trusted domains = Yes

        hosts equiv 
        min passwd length = 5

        map to guest = Never

        null passwords = Yes

        obey pam restrictions = No

        password server = *

        smb passwd file = /usr/local/samba/private/smbpasswd

        private dir = /usr/local/samba/private

        passdb backend = ldapsam

        algorithmic rid base = 1000

        root directory 
        guest account = nobody

        pam password change = No

        passwd program = /usr/local/bin/smbldap-passwd.pl -o %u

        passwd chat = *new*password* %n\n *new*password:* %n\ *successfully*

        passwd chat debug = Yes

        passwd chat timeout = 2

        username map 
        password level = 0

        username level = 0

        unix password sync = No

        restrict anonymous = 0

        lanman auth = Yes

        ntlm auth = Yes

        client NTLMv2 auth = No

        client lanman auth = Yes

        client plaintext auth = Yes

        preload modules 
        log level = 0

        syslog = 1

        syslog only = No

        log file = /var/log/samba/%m.log

        max log size = 5000

        timestamp logs = Yes

        debug hires timestamp = No

        debug pid = No

        debug uid = No

        smb ports = 445 139

        protocol = NT1

        large readwrite = Yes

        max protocol = NT1

        min protocol = CORE

        unicode = Yes

        read bmpx = No

        read raw = Yes

        write raw = Yes

        disable netbios = No

        acl compatibility 
        nt pipe support = Yes

        nt status support = Yes

        announce version = 4.9

        announce as = NT

        max mux = 50

        max xmit = 16644

        name resolve order = lmhosts wins host bcast

        max ttl = 259200

        max wins ttl = 518400

        min wins ttl = 21600

        time server = No

        unix extensions = Yes

        use spnego = Yes

        client signing = No

        server signing = No

        client use spnego = Yes

        change notify timeout = 60

        deadtime = 0

        getwd cache = Yes

        keepalive = 300

        kernel change notify = Yes

        lpq cache time = 10

        max smbd processes = 0

        paranoid server security = Yes

        max disk size = 0

        max open files = 10000

        read size = 16384

        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

        use mmap = Yes

        hostname lookups = No

        name cache timeout = 660

        load printers = Yes

        printcap name = /etc/printcap

        disable spoolss = No

        enumports command 
        addprinter command 
        deleteprinter command 
        show add printer wizard = Yes

        os2 driver map 
        mangling method = hash2

        mangle prefix = 1

        stat cache = Yes

        machine password timeout = 604800

        add user script = /usr/local/sbin/smbldap-useradd.pl -a "%u"

        delete user script = /usr/local/sbin/smbldap-useradd.pl -d
"%u"

        add group script = /usr/local/sbin/smbldap-useradd.pl -a -g "%g%

        delete group script = /usr/local/sbin/smbldap-useradd.pl -d -g
"%g"

        add user to group script = /usr/local/sbin/smbldap-useradd.pl -j -u
"%u" -g "%g"

        delete user from group script = /usr/local/sbin/smbldap-useradd.pl
-j -u "%u" -g "%g"

        set primary group script = /usr/local/sbin/smbldap-useradd.pl -m -u
"%u" -gid "%g"

        add machine script = /usr/local/sbin/smbldap-useradd.pl -a -w
"%m"

        shutdown script 
        abort shutdown script 
        logon script = logon.bat

        logon path 
        logon drive 
        logon home = \\%N\%U

        domain logons = Yes

        os level = 22

        lm announce = Auto

        lm interval = 60

        preferred master = Yes

        local master = Yes

        domain master = Yes

        browse list = Yes

        enhanced browsing = Yes

        dns proxy = Yes

        wins proxy = No

        wins server 
        wins support = Yes

        wins hook 
        wins partners 
        kernel oplocks = Yes

        lock spin count = 3

        lock spin time = 10

        oplock break wait time = 0

        ldap suffix = dc=test,dc=com

        ldap machine suffix = ou=_COMPUTERS_

        ldap user suffix = ou=_USERS_

        ldap group suffix = ou=_GROUPS_

        ldap idmap suffix 
        ldap filter = (uid=%u)

        ldap admin dn = "cn=Manager,dc=test,dc=com"

        ldap ssl = no

        ldap passwd sync = Yes

        ldap delete dn = No

        add share command 
        change share command 
        delete share command 
        config file 
        preload 
        lock directory = /usr/local/samba/var/locks

        pid directory = /usr/local/samba/var/locks

        utmp directory 
        wtmp directory 
        utmp = No

        default service 
        message command 
        dfree command 
        get quota command 
        set quota command 
        remote announce 
        remote browse sync 
        socket address = 0.0.0.0

        homedir map 
        time offset = 0

        NIS homedir = No

        source environment 
        panic action 
        host msdfs = No

        enable rid algorithm = Yes

        idmap backend 
        idmap uid 
        idmap gid 
        template primary group = nobody

        template homedir = /home/%D/%U

        template shell = /bin/false

        winbind separator = \

        winbind cache time = 300

        winbind enable local accounts = Yes

        winbind enum users = Yes

        winbind enum groups = Yes

        winbind use default domain = No

        winbind trusted domains only = No

        comment = Samba-PDC Server

        path 
        username 
        invalid users 
        valid users 
        admin users 
        read list 
        write list 
        printer admin 
        force user 
        force group 
        read only = Yes

        create mask = 0744

        force create mode = 00

        security mask = 0777

        force security mode = 00

        directory mask = 0755

        force directory mode = 00

        directory security mask = 0777

        force directory security mode = 00

        inherit permissions = No

        inherit acls = No

        guest only = No

        guest ok = No

        only user = No

        hosts allow 
        hosts deny 
        nt acl support = Yes

        profile acls = No

        map acl inherit = No

        afs share = No

        block size = 1024

        max connections = 0

        min print space = 0

        strict allocate = No

        strict sync = No

        sync always = No

        use sendfile = No

        write cache size = 0

        max reported print jobs = 0

        max print jobs = 1000

        printable = No

        printing = bsd

        print command = lpr -r -P'%p' %s

        lpq command = lpq -P'%p'

        lprm command = lprm -P'%p' %j

        lppause command 
        lpresume command 
        queuepause command 
        queueresume command 
        printer name 
        use client driver = No

        default devmode = No

        default case = lower

        case sensitive = No

        preserve case = Yes

        short preserve case = Yes

        mangle case = No

        mangling char = ~

        hide dot files = Yes

        hide special files = No

        hide unreadable = No

        hide unwriteable files = No

        delete veto files = No

        veto files 
        hide files 
        veto oplock files 
        map system = No

        map hidden = No

        map archive = Yes

        mangled names = Yes

        mangled map 
        browseable = Yes

        blocking locks = Yes

        csc policy = manual

        fake oplocks = No

        locking = Yes

        oplocks = Yes

        level2 oplocks = Yes

        oplock contention limit = 2

        posix locking = Yes

        strict locking = Yes

        share modes = Yes

        copy 
        include 
        exec 
        preexec close = No

        postexec 
        root preexec 
        root preexec close = No

        root postexec 
        available = Yes

        volume 
        fstype = NTFS

        set directory = No

        wide links = Yes

        follow symlinks = Yes

        dont descend 
        magic script 
        magic output 
        delete readonly = No

        dos filemode = No

        dos filetimes = No

        dos filetime resolution = No

        fake directory create times = No

        vfs objects 
        msdfs root = No

        msdfs proxy 
 

[netlogon]

        path = /usr/local/samba/lib/netlogon

        write list = ntadmin

        locking = No

 

[tmp]

        path = /tmp

        guest ok = Yes

 

[profiles]

        path = /profiles

        read only = No

        create mask = 0600

        directory mask = 0700

 

[homes]

        comment = Home Directories

        valid users = %S

        read only = No

        create mask = 0700

        directory mask = 0700

        browseable = No

 

excerpt from workstation log

  Closed policy

[2004/02/26 11:24:51, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544)

  free_pipe_context: destroying talloc pool of size 0

[2004/02/26 11:24:51, 3] smbd/pipes.c:reply_pipe_write_and_X(199)

  writeX-IPC pnum=723e nwritten=44

[2004/02/26 11:24:51, 3] smbd/process.c:process_smb(890)

  Transaction 31 of length 63

[2004/02/26 11:24:51, 3] smbd/process.c:switch_message(685)

  switch message SMBreadX (pid 27199)

[2004/02/26 11:24:51, 3] smbd/pipes.c:reply_pipe_read_and_X(242)

  readX-IPC pnum=723e min=1024 max=1024 nread=48

[2004/02/26 11:24:51, 3] smbd/process.c:process_smb(890)

  Transaction 32 of length 45

[2004/02/26 11:24:51, 3] smbd/process.c:switch_message(685)

  switch message SMBclose (pid 27199)

[2004/02/26 11:24:51, 3] smbd/process.c:process_smb(890)

  Transaction 33 of length 378

[2004/02/26 11:24:51, 3] smbd/process.c:switch_message(685)

  switch message SMBwriteX (pid 27199)

[2004/02/26 11:24:51, 3] smbd/sec_ctx.c:set_sec_ctx(288)

  setting sec ctx (99, 99) - sec_ctx_stack_ndx = 0

[2004/02/26 11:24:51, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544)

  free_pipe_context: destroying talloc pool of size 0

[2004/02/26 11:24:51, 3] rpc_server/srv_pipe.c:api_rpcTNP(1509)

  api_rpcTNP: rpc command: NET_SAMLOGON

[2004/02/26 11:24:51, 3] rpc_server/srv_netlog_nt.c:_net_sam_logon(570)

  SAM Logon (Interactive). Domain:[FIFEDEV].
User:[Administrator@FIFEMOBILE14] Requested Domain:[FIFEDEV]

[2004/02/26 11:24:51, 3] smbd/sec_ctx.c:push_sec_ctx(256)

  push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1

[2004/02/26 11:24:51, 3] smbd/uid.c:push_conn_ctx(287)

  push_conn_ctx(100) : conn_ctx_stack_ndx = 0

[2004/02/26 11:24:51, 3] smbd/sec_ctx.c:set_sec_ctx(288)

  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1

[2004/02/26 11:24:51, 3] smbd/sec_ctx.c:pop_sec_ctx(386)

  pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0

[2004/02/26 11:24:51, 3] auth/auth.c:check_ntlm_password(219)

  check_ntlm_password:  Checking password for unmapped user
[FIFEDEV]\[Administrator]@[FIFEMOBILE14] with the new password interface

[2004/02/26 11:24:51, 3] auth/auth.c:check_ntlm_password(222)

  check_ntlm_password:  mapped user is:
[FIFEDEV]\[Administrator]@[FIFEMOBILE14]

[2004/02/26 11:24:51, 3] smbd/sec_ctx.c:push_sec_ctx(256)

  push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1

[2004/02/26 11:24:51, 3] smbd/uid.c:push_conn_ctx(287)

  push_conn_ctx(100) : conn_ctx_stack_ndx = 0

[2004/02/26 11:24:51, 3] smbd/sec_ctx.c:set_sec_ctx(288)

  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1

[2004/02/26 11:24:51, 2] lib/smbldap.c:smbldap_search_suffix(1068)

  smbldap_search_suffix: searching
for:[(&(uid=Administrator)(objectclass=sambaSamAccount))]

[2004/02/26 11:24:51, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462)

  init_sam_from_ldap: Entry found for user: Administrator

[2004/02/26 11:24:51, 3] smbd/sec_ctx.c:pop_sec_ctx(386)

  pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0

[2004/02/26 11:24:51, 3] smbd/sec_ctx.c:push_sec_ctx(256)

  push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1

[2004/02/26 11:24:51, 3] smbd/uid.c:push_conn_ctx(287)

  push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2004/02/26 11:24:51, 3]
smbd/sec_ctx.c:set_sec_ctx(288)

  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1

[2004/02/26 11:24:51, 3] smbd/sec_ctx.c:pop_sec_ctx(386)

  pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0

[2004/02/26 11:24:51, 3] smbd/sec_ctx.c:push_sec_ctx(256)

  push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1

[2004/02/26 11:24:51, 3] smbd/uid.c:push_conn_ctx(287)

  push_conn_ctx(100) : conn_ctx_stack_ndx = 0

[2004/02/26 11:24:51, 3] smbd/sec_ctx.c:set_sec_ctx(288)

  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1

[2004/02/26 11:24:51, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1636)

  ldapsam_search_one_group: searching
for:[(&(objectClass=sambaGroupMapping)(gidNumber=512))]

[2004/02/26 11:24:51, 2] passdb/pdb_ldap.c:init_group_from_ldap(1680)

  init_group_from_ldap: Entry found for group: 512

[2004/02/26 11:24:51, 3] smbd/sec_ctx.c:pop_sec_ctx(386)

  pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0

[2004/02/26 11:24:51, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(235)

  fetch sid from gid cache 512 ->
S-1-5-21-3516781642-1962875130-3438800523-512

[2004/02/26 11:24:51, 3] smbd/sec_ctx.c:push_sec_ctx(256)

  push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1

[2004/02/26 11:24:51, 3] smbd/uid.c:push_conn_ctx(287)

  push_conn_ctx(100) : conn_ctx_stack_ndx = 0

[2004/02/26 11:24:51, 3] smbd/sec_ctx.c:set_sec_ctx(288)

  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1

[2004/02/26 11:24:51, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1636)

  ldapsam_search_one_group: searching
for:[(&(objectClass=sambaGroupMapping)(gidNumber=544))]

[2004/02/26 11:24:51, 3] smbd/sec_ctx.c:pop_sec_ctx(386)

  pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0

[2004/02/26 11:24:51, 3] auth/auth.c:check_ntlm_password(268)

  check_ntlm_password: sam authentication for user [Administrator] succeeded

[2004/02/26 11:24:51, 3] smbd/sec_ctx.c:push_sec_ctx(256)

  push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1

[2004/02/26 11:24:51, 3] smbd/uid.c:push_conn_ctx(287)

  push_conn_ctx(100) : conn_ctx_stack_ndx = 0

[2004/02/26 11:24:51, 3] smbd/sec_ctx.c:set_sec_ctx(288)

  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1

[2004/02/26 11:24:51, 3] smbd/sec_ctx.c:pop_sec_ctx(386)

  pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0

[2004/02/26 11:24:51, 2] auth/auth.c:check_ntlm_password(305)

  check_ntlm_password:  authentication for user [Administrator] ->
[Administrator] -> [Administrator] succeeded

[2004/02/26 11:24:51, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544)

  free_pipe_context: destroying talloc pool of size 4832

[2004/02/26 11:24:51, 3] smbd/pipes.c:reply_pipe_write_and_X(199)

  writeX-IPC pnum=723d nwritten=310

[2004/02/26 11:24:51, 3] smbd/process.c:process_smb(890)

  Transaction 34 of length 63

[2004/02/26 11:24:51, 3] smbd/process.c:switch_message(685)

  switch message SMBreadX (pid 27199)

[2004/02/26 11:24:51, 3] smbd/pipes.c:reply_pipe_read_and_X(242)

  readX-IPC pnum=723d min=1024 max=1024 nread=600

[2004/02/26 11:25:02, 3] smbd/process.c:process_smb(890)

  Transaction 35 of length 43

[2004/02/26 11:25:02, 3] smbd/process.c:switch_message(685)

  switch message SMBulogoffX (pid 27199)

[2004/02/26 11:25:02, 3] smbd/sec_ctx.c:set_sec_ctx(288)

  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0

[2004/02/26 11:25:02, 3] smbd/reply.c:reply_ulogoffX(1108)

  ulogoffX vuid=101

[2004/02/26 11:25:02, 3] smbd/process.c:process_smb(890)

  Transaction 36 of length 39

[2004/02/26 11:25:02, 3] smbd/process.c:switch_message(685)

  switch message SMBtdis (pid 27199)

[2004/02/26 11:25:02, 3] smbd/sec_ctx.c:set_sec_ctx(288)

  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0

[2004/02/26 11:25:02, 3] smbd/sec_ctx.c:set_sec_ctx(288)

  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0

[2004/02/26 11:25:02, 3] smbd/service.c:close_cnum(887)

  fifemobile14 (192.168.17.164) closed connection to service IPC$

[2004/02/26 11:25:02, 3] smbd/connection.c:yield_connection(69)

  Yielding connection to IPC$

[2004/02/26 11:25:02, 3] smbd/sec_ctx.c:set_sec_ctx(288)

  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0

[2004/02/26 11:25:21, 3] smbd/process.c:process_smb(890)

  Transaction 37 of length 45

[2004/02/26 11:25:21, 3] smbd/process.c:switch_message(685)

  switch message SMBclose (pid 27199)

[2004/02/26 11:25:21, 3] smbd/sec_ctx.c:set_sec_ctx(288)

  setting sec ctx (99, 99) - sec_ctx_stack_ndx = 0

[2004/02/26 11:25:32, 3] smbd/process.c:process_smb(890)

  Transaction 38 of length 43

[2004/02/26 11:25:32, 3] smbd/process.c:switch_message(685)

  switch message SMBulogoffX (pid 27199)

[2004/02/26 11:25:32, 3] smbd/sec_ctx.c:set_sec_ctx(288)

  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0

[2004/02/26 11:25:32, 3] smbd/reply.c:reply_ulogoffX(1108)

  ulogoffX vuid=100

[2004/02/26 11:25:32, 3] smbd/process.c:process_smb(890)

  Transaction 39 of length 39

[2004/02/26 11:25:32, 3] smbd/process.c:switch_message(685)

  switch message SMBtdis (pid 27199)

[2004/02/26 11:25:32, 3] smbd/sec_ctx.c:set_sec_ctx(288)

  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0

[2004/02/26 11:25:32, 3] smbd/sec_ctx.c:set_sec_ctx(288)

  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0

[2004/02/26 11:25:32, 3] smbd/service.c:close_cnum(887)

  fifemobile14 (192.168.17.164) closed connection to service IPC$

[2004/02/26 11:25:32, 3] smbd/connection.c:yield_connection(69)

  Yielding connection to IPC$

[2004/02/26 11:25:32, 3] smbd/sec_ctx.c:set_sec_ctx(288)

  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0

[2004/02/26 11:25:32, 3] smbd/process.c:timeout_processing(1104)

  timeout_processing: End of file from client (client has disconnected).

[2004/02/26 11:25:32, 3] smbd/sec_ctx.c:set_sec_ctx(288)

  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0

[2004/02/26 11:25:32, 2] smbd/server.c:exit_server(558)

  Closing connections

[2004/02/26 11:25:32, 3] smbd/connection.c:yield_connection(69)

  Yielding connection to

[2004/02/26 11:25:32, 3] smbd/server.c:exit_server(601)

  Server exit (normal exit)

The machine accounts will show with the users they will be suffixed with a
$.  In the LDAP backend I have an SID for the domain name and an SID for the
server itself which is not contained in LDAP.  Then each computer and each
user had two SID's (sambaSID and sambaPrimaryGroupSID) and the groups only
have one SID (sambaSID).  My discrepancy was in the domain name SID which
was different than the servers SID. The groups and users matched the servers
SID but the computers matched both the servers SID (sambaPrimaryGroupSID)
and the wrong domain name SID from the LDAP entry (sambaSID). When I made
all match the servers SID everything started working.  I haven't worked with
the smbpasswd as a PDC so I'm not sure where all the SID's are stored.
> -----Original Message-----
> From: Stumpfl Markus [mailto:htl.traun.kustos@eduhi.at]
> Sent: Wednesday, March 03, 2004 11:30 PM
> To: 'Scott Gross'
> Cc: MailingList_Samba
> Subject: AW: [Samba] SAMBA 3 as PDC - W2K/WXP Pro logon trouble
> 
> Oh, so you are using ldap..., well I'm still working with smbpasswd as
> backend :-(
> 
> Anyway, I tried 'net getlocalsid' for the domain-sid -> ok
> Next 'net usersidlist' which should show me the user-sids ->
didn't
> work: "[2004/03/04 06:40:05, 0, pid=31232, effective(0, 0), real(0,
0)]
> utils/net_rpc.c:net_usersidlist(2158)
>   Could not get the user/sid list"
> 
> So used 'net user' instead, which then gave me the user list!?
> 
> What am I missing here? And is there a way to see the machine sids too?
> Or are they included in the users?
> 
> Thanks in advance,
> 
> Markus
> 
> 
> 
> > -----Urspr?ngliche Nachricht-----
> > Von: Scott Gross [mailto:SGross@newsgroupwest.com]
> > Gesendet: Mittwoch, 03. M?rz 2004 18:29
> > An: Stumpfl Markus
> > Betreff: RE: [Samba] SAMBA 3 as PDC - W2K/WXP Pro logon trouble
> > Wichtigkeit: Hoch
> >
> > I use a little windows gui program called LDAP browser to look at my
> LDAP
> > entries and I was just looking through the entries at the SID's
since
> > someone suggested it might be an SID problem and noticed the
> discrepancy
> > on
> > the domain name entry.  I changed it to match all the others just to
> see
> > if
> > it would have any effect and wallah it worked.
> >
> > > -----Original Message-----
> > > From: Stumpfl Markus [mailto:htl.traun.kustos@eduhi.at]
> > > Sent: Tuesday, March 02, 2004 10:52 PM
> > > To: 'Scott Gross'
> > > Subject: AW: [Samba] SAMBA 3 as PDC - W2K/WXP Pro logon trouble
> > >
> > > Thx, but how did you find out? With what commands? Sry for the
> stupid
> > > questions, but I'm kinda knew to samba.
> > >
> > > Thanks in advance,
> > >
> > > Stumpfl Markus
> > >
> > >
> > >
> > > > -----Urspr?ngliche Nachricht-----
> > > > Von: Scott Gross [mailto:SGross@newsgroupwest.com]
> > > > Gesendet: Dienstag, 02. M?rz 2004 18:14
> > > > An: Stumpfl Markus; Scott Gross
> > > > Betreff: RE: [Samba] SAMBA 3 as PDC - W2K/WXP Pro logon
trouble
> > > >
> > > > I got mine working it was SID mismatch. The Domain name SID
was
> > > different
> > > > from the server and the users.
> > > >
> > > >
> > > > > -----Original Message-----
> > > > > From: Stumpfl Markus [mailto:htl.traun.kustos@eduhi.at]
> > > > > Sent: Monday, March 01, 2004 11:22 PM
> > > > > To: 'Scott Gross'
> > > > > Subject: AW: [Samba] SAMBA 3 as PDC - W2K/WXP Pro logon
trouble
> > > > >
> > > > > Do you get the problem (when trying domain logon):
"invalid
> password
> > > or
> > > > > domain"?
> > > > > I've got the same prob...
> > > > >
> > > > > I'll tell you, when it's working and vice
versa, hopefully ;-)
> > > > >
> > > > > Stumpfl Markus
> > > > >
> > > > >
> > > > >
> > > > > > -----Urspr?ngliche Nachricht-----
> > > > > > Von:
samba-bounces+htl.traun.kustos=eduhi.at@lists.samba.org
> > > > > >
> [mailto:samba-bounces+htl.traun.kustos=eduhi.at@lists.samba.org]
> > > Im
> > > > > > Auftrag von Scott Gross
> > > > > > Gesendet: Freitag, 27. Februar 2004 18:25
> > > > > > An: samba@lists.samba.org
> > > > > > Betreff: [Samba] SAMBA 3 as PDC - W2K/WXP Pro
logon trouble
> > > > > >
> > > > > > I have a Samba 3 PDC running with an LDAP backend
on Red Hat
> 8.
> > > All
> > > > > > authentication appears to be working correctly but
I can't
> login
> > > to
> > > > > the
> > > > > > domain from a W2K or WXP Pro workstation after I
have
> successfully
> > > > > joined
> > > > > > them to the domain.  If I login locally to the
workstation I
> can
> > > > > browse
> > > > > > the
> > > > > > Samba shares just fine.  I have checked the
schannel and sign
> or
> > > seal
> > > > > > settings on both the workstations and the server
and made sure
> > > they
> > > > > were
> > > > > > set
> > > > > > to disable but still no luck.  Can anyone give me
any ideas on
> how
> > > to
> > > > > > solve
> > > > > > this problem.
> > > > > >
> > > > > >
> > > > > >
> > > > > > TIA
> > > > > >
> > > > > > Scott
> > > > > >
> > > > > >
> > > > > >
> > > > > > Smb.conf
> > > > > >
> > > > > > # Samba config file created using SWAT
> > > > > >
> > > > > > # from 0.0.0.0 (0.0.0.0)
> > > > > >
> > > > > > # Date: 2003/11/25 10:42:04
> > > > > >
> > > > > >
> > > > > >
> > > > > > # Global parameters
> > > > > >
> > > > > > [global]
> > > > > >
> > > > > >         workgroup = FIFEDEV
> > > > > >
> > > > > >         netbios name = Dev
> > > > > >
> > > > > >         null passwords = Yes
> > > > > >
> > > > > >         passdb backend = ldapsam
> > > > > >
> > > > > >         passwd program =
/usr/local/bin/smbldap-passwd.pl -o
> %u
> > > > > >
> > > > > >         passwd chat = *new*password* %n\n
*new*password:* %n\
> > > > > > *successfully*
> > > > > >
> > > > > >         passwd chat debug = Yes
> > > > > >
> > > > > >         log file = /var/log/samba/%m.log
> > > > > >
> > > > > >         socket options = TCP_NODELAY
SO_RCVBUF=8192
> SO_SNDBUF=8192
> > > > > >
> > > > > >         add user script =
/usr/local/sbin/smbldap-useradd.pl
> -a
> > > "%u"
> > > > > >
> > > > > >         delete user script >
/usr/local/sbin/smbldap-useradd.pl -d
> > > > > "%u"
> > > > > >
> > > > > >         add group script =
/usr/local/sbin/smbldap-useradd.pl
> -a
> > > -g
> > > > > "%g%
> > > > > >
> > > > > >         delete group script >
/usr/local/sbin/smbldap-useradd.pl
> > > -d -g
> > > > > > "%g"
> > > > > >
> > > > > >         add user to group script > > >
/usr/local/sbin/smbldap-useradd.pl
> > > > > -j -
> > > > > > u
> > > > > > "%u" -g "%g"
> > > > > >
> > > > > >         delete user from group script > >
> > > /usr/local/sbin/smbldap-useradd.pl
> > > > > > -j -u "%u" -g "%g"
> > > > > >
> > > > > >         set primary group script > > >
/usr/local/sbin/smbldap-useradd.pl
> > > > > -m -
> > > > > > u
> > > > > > "%u" -gid "%g"
> > > > > >
> > > > > >         add machine script >
/usr/local/sbin/smbldap-useradd.pl -a
> > > -w
> > > > > "%m"
> > > > > >
> > > > > >         logon script = logon.bat
> > > > > >
> > > > > >         logon path > > > > > >
> > > > > >         logon drive > > > > > >
> > > > > >         domain logons = Yes
> > > > > >
> > > > > >         os level = 22
> > > > > >
> > > > > >         preferred master = Yes
> > > > > >
> > > > > >         domain master = Yes
> > > > > >
> > > > > >         wins support = Yes
> > > > > >
> > > > > >         wins proxy = No
> > > > > >
> > > > > >         ldap suffix = dc=test,dc=com
> > > > > >
> > > > > >         ldap machine suffix = ou=_COMPUTERS_
> > > > > >
> > > > > >         ldap user suffix = ou=_USERS_
> > > > > >
> > > > > >         ldap group suffix = ou=_GROUPS_
> > > > > >
> > > > > >         ldap admin dn =
"cn=Manager,dc=test,dc=com"
> > > > > >
> > > > > >         ldap ssl = No
> > > > > >
> > > > > >         ldap passwd sync = yes
> > > > > >
> > > > > >         comment = Samba-PDC Server
> > > > > >
> > > > > >         public = No
> > > > > >
> > > > > >         browseable = Yes
> > > > > >
> > > > > >         writable = No
> > > > > >
> > > > > >         client schannel = No
> > > > > >
> > > > > >         server schannel = No
> > > > > >
> > > > > >         client signing = No
> > > > > >
> > > > > >         server signing = No
> > > > > >
> > > > > >
> > > > > >
> > > > > > [netlogon]
> > > > > >
> > > > > >         path = /usr/local/samba/lib/netlogon
> > > > > >
> > > > > >         read only = Yes
> > > > > >
> > > > > >         write list = ntadmin
> > > > > >
> > > > > >         locking = No
> > > > > >
> > > > > >
> > > > > >
> > > > > > [tmp]
> > > > > >
> > > > > >         path = /tmp
> > > > > >
> > > > > >         guest ok = Yes
> > > > > >
> > > > > >         read only = Yes
> > > > > >
> > > > > >
> > > > > >
> > > > > > [profiles]
> > > > > >
> > > > > >         path = /profiles
> > > > > >
> > > > > >         read only = No
> > > > > >
> > > > > >         writable = Yes
> > > > > >
> > > > > >         create mask = 0600
> > > > > >
> > > > > >         directory mask = 0700
> > > > > >
> > > > > >
> > > > > >
> > > > > > [homes]
> > > > > >
> > > > > >         comment = Home Directories
> > > > > >
> > > > > >         browsable = no
> > > > > >
> > > > > >         writeable = yes
> > > > > >
> > > > > >         valid users = %S
> > > > > >
> > > > > >         create mask = 0700
> > > > > >
> > > > > >         directory mask = 0700
> > > > > >
> > > > > >         hide dot files = yes
> > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > > To unsubscribe from this list go to the following
URL and read
> the
> > > > > > instructions: 
http://lists.samba.org/mailman/listinfo/samba