Hi all,
I have a strange problem with the combination of Win2k3 and Samba. The
samba server is configured as a PDC, the terminal server as a member of
the domain. Logging in from the terminal server console with a domain
userid works; logging in from a terminal server session from the same
machine fails with the message: "The system can not log you on due to
the following error: The specified domain either does not exist or could
not be contacted.". Logging in to local accounts works. Mapping shares
to the Samba server also works.
I've googled and found some references to mismatched signing and
encryption settings, but I've tried all combinations to no avail
(including the SignOrSeal registry patch).
Following are two level 10 logs, one OK login from the console and one
failed login from a terminal server session. (both very long ...)
Versions: Win2K3 SP1, 15 TS CAL's (also tested without the service pack;
same results).
Samba: Version 3.0.14a-Debian (on a freshly installed Debian Sarge box).
The configuration file:
=============[global]
workgroup = SAHIN
server string = %h server (Samba %v)
obey pam restrictions = Yes
passdb backend = tdbsam, guest
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
debug level = 10
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
add machine script = /usr/sbin/adduser --ingroup NTMachines
--home /dev/null --shell /bin/false \ --disabled-password --firstuid 500
--lastuid 600 --force-badname --gecos machaccount %u
domain master = Yes
dns proxy = No
wins support = Yes
domain logons = yes
os level = 60
client signing = auto
client schannel = auto
server signing = auto
server schannel = auto
logon drive = H:
logon home logon path = \\%L\profiles
logon script = logon.cmd
ldap ssl = no
panic action = /usr/share/samba/panic-action %d
printer admin = @NTAdmin
username map = /etc/samba/usermap
[homes]
comment = Network Logon Service
create mask = 0700
directory mask = 0700
guest ok = Yes
browseable = No
share modes = No
[profiles]
path = /home/users/%u/.NTprofile
read only = no
create mask = 0600
directory mask = 0700
# profile acls = yes
[printers]
comment = All Printers
path = /tmp
create mask = 0700
printable = Yes
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
write list = root, @NTAdmin
[netlogon]
comment = Logon scripts
path = /home/netlogon
write list = @NTAdmin,root
Level 10 log of failing session at: http://www.verhoogt.net/faillog.txt
Level 10 log of succeeding session at: http://www.verhoogt.net/oklog.txt
TIA
Wim Verhoogt
