Josef Schauer
2006-Aug-02 10:57 UTC
[Samba] Samba 3.0.14 and w2k3 terminal server / strange logon problem / is this in general possible
Hi. My Situation: - One Machine with samba 3.0.14 acting as DC, DHCP3SERVER, BIND9 and dynamic DNS - One Machine with w2k3 server standard edition acting as DOMAIN MEMBER, TS and Citrix Access Essentials. - Domain Logons are working perfect. - Name resolving works fine. Reverse, Forward, NB, FQDN, IP ... - RDP Connection to the TS with local useraccount on the TS works fine - ICA Connection to the TS with local useraccount on the TS works finde - RDP Connection to the TS with domain user ends up with error: Winlogon Event ID: 1219 Domain could not be found the same for ICA Connections. The really strange behaviour is that the TS is sending the NETBIOS name of DC as the DOMAIN-PART of the logon. Example: I try to logon to the DOMAIN ISARLBERG like this: username: josef password: XXXXX Domain: ISARLBERG After getting the error, I can see this in the eventlog: Tried credentials: ISARLBERG/josef Effective used credentials OBELIX/josef OBELIX is the NETBIOS name of the samba server. Changing the NETBIOS name in smb.conf doesn't change anything. The TS allways uses OBELIX as Domainname. Strange? My Questions: 1. Is it possible to use samba as a DC and connect to the DC over a TS/CAE Server on w2k3 server. 2. Has anybody working configuration like this. Thank you for your help. Josef Schauer
Michael Gasch
2006-Aug-02 11:32 UTC
[Samba] Samba 3.0.14 and w2k3 terminal server / strange logon problem / is this in general possible
> 1. Is it possible to use samba as a DC and connect to the DC over a > TS/CAE Server on w2k3 server.that`s exactly the same setup we?re happily running sounds like the w2k3 machine has not been joined properly? can you logon (directly) to the w2k3 machine as a domain member? greez -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution (IT Staff) Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137 49 (0)341 - 3550 374 Fax: 49 (0)341 - 3550 399
Jonathan Johnson
2006-Aug-02 17:20 UTC
[Samba] Samba 3.0.14 and w2k3 terminal server / strange logon problem / is this in general possible
On 8/2/2006 3:52 AM, Josef Schauer wrote:> I try to logon to the DOMAIN ISARLBERG like this: > > username: josef > password: XXXXX > Domain: ISARLBERG > > After getting the error, I can see this in the eventlog: > > Tried credentials: ISARLBERG/josef > > Effective used credentials OBELIX/josef > > OBELIX is the NETBIOS name of the samba server. >What does 'pdbedit -L -v josef' reveal on the Samba server? It sounds almost like the user account for josef might have been created before the Samba server was converted to a domain controller; in this case, that account will be considered a local account on the Samba server instead of a domain account. If this is the case, then you may find it easiest to remove the user account and recreate it. This of course poses issues with user profiles -- josef's user profile will likely be associated with OBELIX/josef instead of ISARLBERG/josef, and once you successfully log in to the domain, a new user profile will be created for ISARLBERG/josef. There are ways of overcoming this; if you experience this issue feel free to write me back and I'll explain how to fix it. It's not that difficult -- it involves replacing ACLs on the profile, user registry hive (NTUSER.DAT), and modifying a registry entry in the HKLM hive. -Jonathan Johnson Sutinen Consulting, Inc. www.sutinen.com jon@sutinen.com