samba - Mar 2003 - Login denied after joinined Samba PDC

Currently running samba 2.2.7 on rh8

I have not had any problems until recently, and I'm not sure exactly
what would have caused this problem.  I have no problem joining a w2k
workstation to my domain, but whenever I attempt to log into the domain,
i receive the following error on the workstation:

The system cannot log you on to this domain because the system's
computer account in its primary domain is missing or the password on
that account is incorrect

as well as this from my /var/log/samba/machinename.log

[2003/03/24 12:32:51, 0] smbd/password.c:authorise_login(863)
  authorise_login: rejected invalid user nobody

every time I try to log in with a valid user name.  If i try an invalid
username, nothing shows up in the log file. It seems that my users are
all being mapped to the guest user nobody.  Here is my global section of
smb.conf

[global]
        ;Basic Server Settings
        netbios name = PDC
        workgroup = SMBDOMAIN

        ;Act as domain and local master browser
        os level = 64
        preferred master = yes
        domain master = yes
        local master = yes

        ;Provide a WINS service
        wins support = yes

        ;Security settings
        security = user

        ;Encrypted passwords required for PDC
        encrypt passwords = yes

        ;support domain logons
        domain logons = yes
        domain admin group = root @is
        admin users = root @is

        ;Profile location
        logon path = \\%L\Profiles\%U

        ;User home directory and mount drive
        logon drive = H:
        logon home = \\%L\%u

        ;specify the logon script located in the netlogon share
        logon script = "wkix32 logongui.k2k"

        ;automagically add machine accounts
        add user script = /usr/sbin/useradd -c Machine -d /dev/null -g
500 -s /bin/false -M %u

        ;Log location and size

        log file = /var/log/samba/%m.log
        max log size = 1000

        ;sync unix/samba passwords
        unix password sync = Yes
        passwd program = /usr/bin/passwd %u
        passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
        pam password change = yes

        ;performance options
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

        ;use both NICs
        interfaces = 192.168.1.5/24 192.168.1.6/24

        ;default share values
        create mode = 0770
        directory mode = 0770
        valid users = @is root
        writelist = @is root

Thanks for any help in advance.


-- 
Eric Halverson <ehalverson@dchs.us>
Doctors Care Health Services

On Mon, 24 Mar 2003, Eric Halverson wrote:
> Currently running samba 2.2.7 on rh8
>
> I have not had any problems until recently, and I'm not sure exactly
> what would have caused this problem.  I have no problem joining a w2k
> workstation to my domain, but whenever I attempt to log into the domain,
> i receive the following error on the workstation:
>
> The system cannot log you on to this domain because the system's
> computer account in its primary domain is missing or the password on
> that account is incorrect
>
> as well as this from my /var/log/samba/machinename.log
>
> [2003/03/24 12:32:51, 0] smbd/password.c:authorise_login(863)
>   authorise_login: rejected invalid user nobody
Have you added smb passwords for each of your users?

ie: smbpasswd -a 'username'

- John T.
>
> every time I try to log in with a valid user name.  If i try an invalid
> username, nothing shows up in the log file. It seems that my users are
> all being mapped to the guest user nobody.  Here is my global section of
> smb.conf
>
> [global]
>         ;Basic Server Settings
>         netbios name = PDC
>         workgroup = SMBDOMAIN
>
>         ;Act as domain and local master browser
>         os level = 64
>         preferred master = yes
>         domain master = yes
>         local master = yes
>
>         ;Provide a WINS service
>         wins support = yes
>
>         ;Security settings
>         security = user
>
>         ;Encrypted passwords required for PDC
>         encrypt passwords = yes
>
>         ;support domain logons
>         domain logons = yes
>         domain admin group = root @is
>         admin users = root @is
>
>         ;Profile location
>         logon path = \\%L\Profiles\%U
>
>         ;User home directory and mount drive
>         logon drive = H:
>         logon home = \\%L\%u
>
>         ;specify the logon script located in the netlogon share
>         logon script = "wkix32 logongui.k2k"
>
>         ;automagically add machine accounts
>         add user script = /usr/sbin/useradd -c Machine -d /dev/null -g
> 500 -s /bin/false -M %u
>
>         ;Log location and size
>
>         log file = /var/log/samba/%m.log
>         max log size = 1000
>
>         ;sync unix/samba passwords
>         unix password sync = Yes
>         passwd program = /usr/bin/passwd %u
>         passwd chat = *New*password* %n\n *Retype*new*password* %n\n
> *passwd:*all*authentication*tokens*updated*successfully*
>         pam password change = yes
>
>         ;performance options
>         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>
>         ;use both NICs
>         interfaces = 192.168.1.5/24 192.168.1.6/24
>
>         ;default share values
>         create mode = 0770
>         directory mode = 0770
>         valid users = @is root
>         writelist = @is root
>
> Thanks for any help in advance.
>
>
>
-- 
John H Terpstra
Email: jht@samba.org

Yes, I had this completely working with no problems like this for 
several months.  I had since been reformatting the PCs and haven't had 
any machines joined to the domain for a while.

I can join the workstation to the domain with my root samba account and 
i can in fact see that the machinename$ is added to /etc/passwd as well 
as /etc/samba/smbpasswd but no matter what I cannot log into the domain 
after joining it.

Yes, both my WINS and DNS server are pointing to the IP of my samba
server.  I'm starting to wonder if this has something to do with the
trust account.

On Tue, 2003-03-25 at 08:49, helio@intersight.com.br
wrote:
> Check your windows DNS, the primary DNS server must be your samba server?s
> IP. It worked for me.
> 
> ________________________________
> H?lio Dubeux Neto
> Depto. T?cnico
> INTERSIGHT
> www.intersight.com.br
> (81) 3221 - 8511
>

In message <1048627329.17345.214.camel@bwlnote>, Bradley W. Langhorst 
<brad@langhorst.com> writes
>On Tue, 2003-03-25 at 10:05, Eric Halverson wrote:
>
>>
>> [2003/03/25 03:59:56, 0] smbd/password.c:authorise_login(863)
>>   authorise_login: rejected invalid user nobody
>do you have a guest user?
>you need one.
>
>brad
>--
>Bradley W. Langhorst <brad@langhorst.com>
>
I had this error message in my log files. It turned out that I had a 
share which had been configured with

guest ok  = yes

but also had a valid user list which did not include guest (nobody). As 
this was the homes share, I was seeing an awful lot of this.
-- 
Dave Addison
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 177 bytes
Desc: not available
Url :
http://lists.samba.org/archive/samba/attachments/20030414/5142f04f/signature.bin