samba - Oct 2002 - Samba 3.0 alpha20-2 and Win2k SP3

Is there anyone on the list that has been able to get Win2k SP3 working
with the 3.0 alpha version?

I'm able to join but I can NOT log in.  I can see the machine account
listed in pass.tdb (using pdbedit -l) and it is also in passwd & shadow.
I HAVE ALSO APPLIED THE SIGN OR SEAL PATCH.  The message I get is:

"The system cannot log you on to this domain because the system's
computer account in its primary domain is missing or the password on
that account is incorrect."

I've looked through the docs but see nothing about using SP3 and Samba.
Also, the log level 3 looks cryptic to me.

I think I've exhausted my resources.  I really don't know what else to
try. 

Anyone have any ideas?
IRV

On Thu, 2002-10-17 at 14:37, Irving Carrion wrote:
> Is there anyone on the list that has been able to get Win2k SP3 working
> with the 3.0 alpha version?
> 
> I'm able to join but I can NOT log in.  I can see the machine account
> listed in pass.tdb (using pdbedit -l) and it is also in passwd &
shadow.
> I HAVE ALSO APPLIED THE SIGN OR SEAL PATCH.  The message I get is:
this sounds exactly like the signorseal problem
are you sure that every occurrence in the registry has changed?
the patch sometimes won't do it - you have to search manually
 
> I've looked through the docs but see nothing about using SP3 and Samba.
> Also, the log level 3 looks cryptic to me.
> 
if the signorseal stuff is really set everywhere in the registry 
then you should post a relevant excerpt of that log here.

Make sure the the log is from only one machine so it's easier to follow
(use log.smbd.%m)

There used to be a setting called spnego that i had to set to 'no'
but this was fixed a while ago.  might be worth a try.

brad

We got it working using Samba 3.0 alpha 21 cvs. Configured as a PDC 
using LDAP as the passdb. Encountered the same problem of being able to 
join the domain and yet not being able to log in. Line in smb.conf looks 
like this :

passdb backend = ldapsam:ldap://ldap.internal.avlsi.com, unixsam

Solution came from Andrew Bartlette who gave the following response:


You either need to keep the 'unixsam' in your 'passdb backends'
line in
your smb.conf, or add a 'guest' account to ldap, with a real unix UID
(possibly the same as nobody, should be the same as 'guest account') and
with RID 501.

Andrew Bartlett

>
> ------------------------------------------------------------------------
>
> Subject:
> Re: [Samba] Samba 3.0 alpha20-2 and Win2k SP3
> From:
> "Bradley W. Langhorst" <brad@langhorst.com>
> Date:
> 18 Oct 2002 10:19:42 -0400
> To:
> Irving Carrion <icarrion@allinterior.com>
>
>
>On Thu, 2002-10-17 at 14:37, Irving Carrion wrote:
>  
>
>>Is there anyone on the list that has been able to get Win2k SP3 working
>>with the 3.0 alpha version?
>>
>>I'm able to join but I can NOT log in.  I can see the machine
account
>>listed in pass.tdb (using pdbedit -l) and it is also in passwd &
shadow.
>>I HAVE ALSO APPLIED THE SIGN OR SEAL PATCH.  The message I get is:
>>    
>>
>this sounds exactly like the signorseal problem
>are you sure that every occurrence in the registry has changed?
>the patch sometimes won't do it - you have to search manually
> 
>  
>
>>I've looked through the docs but see nothing about using SP3 and
Samba.
>>Also, the log level 3 looks cryptic to me.
>>
>>    
>>
>if the signorseal stuff is really set everywhere in the registry 
>then you should post a relevant excerpt of that log here.
>
>Make sure the the log is from only one machine so it's easier to follow
>(use log.smbd.%m)
>
>There used to be a setting called spnego that i had to set to 'no'
>but this was fixed a while ago.  might be worth a try.
>
>brad
>
>  
>