thr3ads.net - samba - [Samba] Windows logon doesn't work, Samba says it's fine [Jun 2005]

If this information is useful, please help other people find it:
Share via:

Chris St. Pierre

2005-Jun-02 21:51 UTC

[Samba] Windows logon doesn't work, Samba says it's fine

This is an immensely frustrating problem.

I try to logon to my Samba 3.0.11 PDC running on SuSE, and the Samba
logs report that it all went swimmingly:

[2005/06/02 16:34:45, 2] auth/auth.c:check_ntlm_password(305)
  check_ntlm_password:  authentication for user [stpierre] ->
  [stpierre] -> [stpierre] succeeded

So w00t, right.  But no!  Windows rejects my login with a "bad
password" error.  The strange thing is that I can mount volumes from
that server without a problem -- it's only domain logons that are
broken.

Googling didn't turn up much, but it seemed in general to be a problem
with mismatched SIDs.  Here are mine:
>From the server:
# net getlocalsid
SID for domain FLUFFY is: S-1-5-21-2946021175-1172358965-46922411

In my LDAP backend (all of these were copied directly from the results
of ldapsearch):

The machine account:
sambaSID=S-1-5-21-2946021175-1172358965-46922411-3048

The user account:
sambaSID=S-1-5-21-2946021175-1172358965-46922411-5546

The domain account:
sambaSID=S-1-5-21-2946021175-1172358965-46922411

As you can see, they're all identical.  I dearly wish the problem
could be mismatched SIDs, but it doesn't appear to be.  My full
smb.conf is below.  Any ideas?

Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University

-------------------------------
smb.conf:
-------------------------------
[global]
server string = Fluffy
workgroup = NWU_FLUFFY
netbios name = FLUFFY

log level = 2
encrypt passwords = yes
max smbd processes = 0
socket options = TCP_NODELAY
use sendfile = no

add machine script = /usr/local/samba/scripts/trust-acct.pl '%u'

logon script = scripts\logon.bat
logon path = \\%L\profiles\%U

domain logons = yes
domain master = yes
local master = yes
preferred master = yes
wins server = 10.9.1.12
security = user
admin users = stpierre
os level = 33

passdb backend = ldapsam:ldap://ldap.nebrwesleyan.edu
ldap suffix = o=nebrwesleyan.edu,o=isp
ldap machine suffix = ou=People
ldap user suffix = ou=People
ldap group suffix = ou=Groups
ldap filter = (uid=%u)
ldap admin dn = cn=manager
ldap ssl = no

#idmap backend = ldap:ldap://newman.nebrwesleyan.edu
idmap uid = 10000-20000
idmap gid = 10000-20000

[netlogon]
comment = Network Logon Service
path = /usr/local/samba/var/netlogon
guest ok = yes
locking = No

[profiles]

[profiles]
comment = Profile Share
path = /usr/local/samba/var/profiles
read only = No
create mask = 0600
directory mask = 0700
nt acl support = Yes
csc policy = disable
share modes = no
profile acls = yes

[tmp]
comment = temporary files
path = /tmp
read only = yes

Apparently Analagous Threads

Search for more reasonably related threads

samba - Jun 2005 - Windows logon doesn't work, Samba says it's fine

[Samba] Windows logon doesn't work, Samba says it's fine

Apparently Analagous Threads

Wisdom of the Ancients