samba - May 2004 - win2k login to samba 3.03/4 PDC problem

I am having a problem getting a user to login to a win2k box that was
successfully added to the samba3.0.3/4 domain.  Originally I had a problem
with adding the machines but I modified the smbldap_conf.pm add machine
function to add the machine to the local passwd file as well as ldap and it
was fine.  This does seem strange to me though because I can't figure out
why it would need to be added to the passwd file and ldap with the passdb
set as follows:
    passdb backend = ldapsam:ldap://127.0.0.1:389
Any ideas on this?

My actual issue now is although I can add the machine to the domain, I can't
log into it.  I have setup a couple of users and while I can authenticate to
open local shared folders I can not log into the domain.  I debugged both
the ldap server and the samba server and I see it says I passed the
authentication process on the samba side as follows:

[2004/05/14 14:46:27, 3] auth/auth.c:check_ntlm_password(268)
  check_ntlm_password: sam authentication for user [campbell] succeeded
[2004/05/14 14:46:27, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1
[2004/05/14 14:46:27, 3] smbd/uid.c:push_conn_ctx(351)
  push_conn_ctx(101) : conn_ctx_stack_ndx = 0
[2004/05/14 14:46:27, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/05/14 14:46:27, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0
[2004/05/14 14:46:27, 2] auth/auth.c:check_ntlm_password(305)
  check_ntlm_password:  authentication for user [campbell] -> [campbell]
->
[campbell] succeeded
[2004/05/14 14:46:27, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544)
  free_pipe_context: destroying talloc pool of size 4814
[2004/05/14 14:46:27, 3] smbd/pipes.c:reply_pipe_write_and_X(199)
  writeX-IPC pnum=71f3 nwritten=352
[2004/05/14 14:46:27, 3] smbd/process.c:process_smb(890)
  Transaction 39 of length 63
[2004/05/14 14:46:27, 3] smbd/process.c:switch_message(685)
  switch message SMBreadX (pid 4628)
[2004/05/14 14:46:27, 3] smbd/pipes.c:reply_pipe_read_and_X(242)
  readX-IPC pnum=71f3 min=1024 max=1024 nread=596

But on the windows box I get an error of "The system could not log you on.
Please check your username and domain are correct.  etc...."

Any ides?  I have searched high and low as well as tried to debug this
myself but can't figure out what is going on.....

For your 'user must be in passwd file' issue, are you saying /etc/passwd
or smbpasswd?  Are you trying to store computers in a different ou than 
your regular user accounts?  There is a somewhat well known bug/design 
issue with that feature...

Daniel Campbell wrote:
>I am having a problem getting a user to login to a win2k box that was
>successfully added to the samba3.0.3/4 domain.  Originally I had a problem
>with adding the machines but I modified the smbldap_conf.pm add machine
>function to add the machine to the local passwd file as well as ldap and it
>was fine.  This does seem strange to me though because I can't figure
out
>why it would need to be added to the passwd file and ldap with the passdb
>set as follows:
>    passdb backend = ldapsam:ldap://127.0.0.1:389
>Any ideas on this?
>
>My actual issue now is although I can add the machine to the domain, I
can't
>log into it.  I have setup a couple of users and while I can authenticate to
>open local shared folders I can not log into the domain.  I debugged both
>the ldap server and the samba server and I see it says I passed the
>authentication process on the samba side as follows:
>
>[2004/05/14 14:46:27, 3] auth/auth.c:check_ntlm_password(268)
>  check_ntlm_password: sam authentication for user [campbell] succeeded
>[2004/05/14 14:46:27, 3] smbd/sec_ctx.c:push_sec_ctx(256)
>  push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1
>[2004/05/14 14:46:27, 3] smbd/uid.c:push_conn_ctx(351)
>  push_conn_ctx(101) : conn_ctx_stack_ndx = 0
>[2004/05/14 14:46:27, 3] smbd/sec_ctx.c:set_sec_ctx(288)
>  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
>[2004/05/14 14:46:27, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
>  pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0
>[2004/05/14 14:46:27, 2] auth/auth.c:check_ntlm_password(305)
>  check_ntlm_password:  authentication for user [campbell] -> [campbell]
->
>[campbell] succeeded
>[2004/05/14 14:46:27, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544)
>  free_pipe_context: destroying talloc pool of size 4814
>[2004/05/14 14:46:27, 3] smbd/pipes.c:reply_pipe_write_and_X(199)
>  writeX-IPC pnum=71f3 nwritten=352
>[2004/05/14 14:46:27, 3] smbd/process.c:process_smb(890)
>  Transaction 39 of length 63
>[2004/05/14 14:46:27, 3] smbd/process.c:switch_message(685)
>  switch message SMBreadX (pid 4628)
>[2004/05/14 14:46:27, 3] smbd/pipes.c:reply_pipe_read_and_X(242)
>  readX-IPC pnum=71f3 min=1024 max=1024 nread=596
>
>But on the windows box I get an error of "The system could not log you
on.
>Please check your username and domain are correct.  etc...."
>
>Any ides?  I have searched high and low as well as tried to debug this
>myself but can't figure out what is going on.....
>
>
>
>  
>
-- 
Paul Gienger                     Office:		701-281-1884
Applied Engineering Inc.         Cell:			701-306-6254
Information Systems Consultant   Fax:			701-281-1322
URL: www.ae-solutions.com        mailto:pgienger@ae-solutions.com