thr3ads.net - samba - [Samba] Logging In To Samba PDC After Joining Domain [Jul 2006]

If this information is useful, please help other people find it:
Share via:

zdennis

2006-Jul-12 16:27 UTC

[Samba] Logging In To Samba PDC After Joining Domain

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have successfully joined my windows xp box to my domain. I rebooted, and tried
to log in as my test user and I received the
error message:

"The system could not log you on. Make sure your User name and domain are
correct, then type your password again..."

On my local windows xp workstation. There is no Domain Users, Domain Admins,
etc... groups. Is this a problem?

In my LDAP log it is showing a successful query for my testuser, returning
"nentries=1". Samba, however shows nothing. I disabled
on the windows xp client:

- ----------------
Start the Administrative Tools (Start / Settings / Control Panel /
Administrative Tools). From there start the Local Security Policy.
In the Local Security Policy open Local Policies and then Security Options.
Disable the following entries:
Domain member: Digitally encrypt or sign secure channel data (Always)
Domain member: Digitally encrypt secure channel data (when possible)
Domain member: Digitally sign secure channel data (when possible)
Domain member: Require strong (Windows 2000 or later) session key

In the Group Policy Editor (C:\windows\system32\gpedit.msc) enable the
following entry:
Computer Configuration\Administrative Templates\System\User Profiles\do not
check for user ownership of roaming profiles folders
- ----------------

And then I tried again, and I got the same error. My user testuser is set to
have the primary group SID of Domain Users
(S-1-5-21-3040749549-2843134544-1782940832-513)

I can successfully login as my testuser using smbclient, and by logging in from
a linux client. I just can't login from Windows.
My group mappings are:

root@chloe:/var/log# net groupmap list
Domain Admins (S-1-5-21-3040749549-2843134544-1782940832-512) -> Domain
Admins
Domain Users (S-1-5-21-3040749549-2843134544-1782940832-513) -> Domain Users
Domain Guests (S-1-5-21-3040749549-2843134544-1782940832-514) -> Domain
Guests
Domain Computers (S-1-5-21-3040749549-2843134544-1782940832-515) -> Domain
Computers
Administrators (S-1-5-32-544) -> Administrators
Account Operators (S-1-5-32-548) -> Account Operators
Print Operators (S-1-5-32-550) -> Print Operators
Backup Operators (S-1-5-32-551) -> Backup Operators
Replicators (S-1-5-32-552) -> Replicators

Any ideas where I should look?

Zach
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFEtSSEMyx0fW1d8G0RApHRAJ41KYXt9OGRsF8O4IYPbBw7pdUqjQCfVssx
0VjhFaCh1k44D62uVLrEsgg=7c0q
-----END PGP SIGNATURE-----

Reasonably Related Threads

Search for more apparently analagous threads

samba - Jul 2006 - Logging In To Samba PDC After Joining Domain

[Samba] Logging In To Samba PDC After Joining Domain

Reasonably Related Threads

Wisdom of the Ancients