samba - Jun 2004 - [Samba 3.0.4] Allows w2k machine to join domain, but unable to log on.

Specs: RedHat 9
Samba V: 3.0.4
Clients: W2K and WinXP Pro 
smb.conf file: 

# Global parameters
[global]
        workgroup = aharinc.com
        netbios name = CHIMERA
        server string = Chimera- Test PDC
        encrypt passwords = Yes
        passwd program = /usr/bin/passwd %u
        passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
        obey pam restrictions = yes
        pam password change = yes
        unix password sync = Yes
        log file = /var/log/samba/%m.log
        max log size = 0
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        os level = 34
        preferred master = Yes
        local master = yes
        domain master = Yes
        dns proxy = No
        guest account = no
        hosts allow = 172.17.1, 172.17.2.
        printing = cups
        domain logons = yes
        logon path = \\chimera\profiles\%u
        logon script = /export/samba/ulogon.bat
        security = user
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        kernel oplocks = no
 
[netlogon]
        path = /export/samba/lib/netlogon/
        read only = yes
        write list = ntadmin root
 
[homes]
        comment = Home Directories
        valid users = @sigproc @eng @modsim
        read only = No
        create mask = 0664
        directory mask = 0775
        browseable = No
 
[printers]
        comment = All Printers
        path = /var/spool/samba
        printable = Yes
        browseable = No
 
[testbed]
        comment = TESTBED
        path = /export/testbed
        hosts allow = 172.17.1., 172.17.2.
 
[LJ5]
        comment = LaserJet 5 Printer
        path = /var/spool/samba
        read only = No
        printable = Yes
        printer name = LJ5
        oplocks = No
 
[profiles]
        comment = user profiles
        path = /export/samba/profiles/
        create mode = 0600
        directory mode = 0700
        writeable = yes
        browseable = yes
 
[Desktop Share]
        comment = Shared Desktop Files
        path = /export/samba/share
        read only = yes
        write list = ntadmin root
-----------------------------------------

Now that i got that out of the way, here are the errors: 

On the Win2K Box: "The system cannot log you on to this domain because
the system's computer account in its primary domain is missing or the
password on that account is incorrect"

I've ran smbpasswd -a username and also smbpaswd -a -m machinename$.

in /var/log/samba/machinename.log I get this: 
[2004/06/30 09:40:15, 1] auth/auth_util.c:make_server_info_sam(822)
  User no in passdb, but getpwnam() fails!
[2004/06/30 09:40:15, 1] auth/auth_util.c:make_server_info_sam(822)
  User no in passdb, but getpwnam() fail
(By the way, the users DO exist in both /etc/passwd and in smbpasswd).

and in an ethereal trace it shows this: 
SMB: session setup andx response, NTLMSP_CHALENGE, error:
STATUS_MORE_PROCESSING_REQUIRED
SMB: session setup andX response, Error: STATUS_LOGON_FAILURE
NETLOGON Response to SAM LOGON Request (looks perfectly normal; no
errors).

any help? 
please?  pretty please? 

- Alainna Wonders

OK, sounds like I am in about the same boat as you are, I just got my first
Win2K client joined to my first Samba 3.0.4 PDC and logged in.

[global]
    workgroup = lds-smb
    netbios name = LDSTST01
    server string = %h server (Samba %v)
    log file = /var/log/samba/log.%m
    max log size = 1000
    syslog = 0
    panic action = /usr/share/samba/panic-action %d
    invalid users = root
    passwd program = /usr/bin/passwd %u
    passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .

########## NT Domain Related ##########
    admin users = pianoman
    security = user
    encrypt passwords = true
    passdb backend = smbpasswd
    domain logons = true
    time server = true
    add machine script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M
%u

########## NT Domain Related - Master Browser ##########
    browse list = true
    domain master = true
    local master = true
    os level = 33
    preferred master = true

######## File sharing ########
    socket options = TCP_NODELAY

[stage]
    comment = MichaelDist Stager Share
    writable = yes
    path = /shares/stage
    public = yes


Specifically check out the 'admin users' list which is required for the
account you wish to put into the join domain dialog on the Win2K side.

Also, workgroup needs to be a valid SMB name, not your internet domain name...
drop the .com.

I highly suggest a copy of Rod Smith's "The Definitive Guide to Samba
3" which I got a couple of days ago, read Chapters 1-4, 7, 10, then back to
8 a bit, and thus got this PDC up with little pain.
Also delete your logs now and then and see what NEW data you get in them.

-- 
Michael Lueck
Lueck Data Systems

Remove the upper case letters NOSPAM to contact me directly.