We got it working using Samba 3.0 alpha 21 cvs. Configured as a PDC
using LDAP as the passdb. Encountered the same problem of being able to
join the domain and yet not being able to log in. Line in smb.conf looks
like this :
passdb backend = ldapsam:ldap://ldap.internal.avlsi.com, unixsam
Solution came from Andrew Bartlette who gave the following response:
You either need to keep the 'unixsam' in your 'passdb backends'
line in
your smb.conf, or add a 'guest' account to ldap, with a real unix UID
(possibly the same as nobody, should be the same as 'guest account') and
with RID 501.
Andrew Bartlett
>
> ------------------------------------------------------------------------
>
> Subject:
> Re: [Samba] Samba 3.0 alpha20-2 and Win2k SP3
> From:
> "Bradley W. Langhorst" <brad@langhorst.com>
> Date:
> 18 Oct 2002 10:19:42 -0400
> To:
> Irving Carrion <icarrion@allinterior.com>
>
>
>On Thu, 2002-10-17 at 14:37, Irving Carrion wrote:
>
>
>>Is there anyone on the list that has been able to get Win2k SP3 working
>>with the 3.0 alpha version?
>>
>>I'm able to join but I can NOT log in. I can see the machine
account
>>listed in pass.tdb (using pdbedit -l) and it is also in passwd &
shadow.
>>I HAVE ALSO APPLIED THE SIGN OR SEAL PATCH. The message I get is:
>>
>>
>this sounds exactly like the signorseal problem
>are you sure that every occurrence in the registry has changed?
>the patch sometimes won't do it - you have to search manually
>
>
>
>>I've looked through the docs but see nothing about using SP3 and
Samba.
>>Also, the log level 3 looks cryptic to me.
>>
>>
>>
>if the signorseal stuff is really set everywhere in the registry
>then you should post a relevant excerpt of that log here.
>
>Make sure the the log is from only one machine so it's easier to follow
>(use log.smbd.%m)
>
>There used to be a setting called spnego that i had to set to 'no'
>but this was fixed a while ago. might be worth a try.
>
>brad
>
>
>