Hi all,
We've decided to convert from smbpasswd to tdbsam for password
database. We also upgraded our smb.conf file to bring it into line
with Samba 3 (our file hasn't changed in _years_). So it includes
things like automated scripts for machine account logins etc.
We converted using pdbedit -i smbpasswd -e passwd.tdb and it appeared
to work correctly.
However, when users try to log in, they now get a message saying the
domain cannot be contacted, and this appears in the log file:
[2010/02/28 10:39:55, 0] rpc_server/srv_netlog_nt.c:336(get_md4pw)
get_md4pw: Workstation JEFF-W7$: no account in domain
[2010/02/28 10:39:55, 0] rpc_server/srv_netlog_nt.c:
584(_netr_ServerAuthenticate3)
_netr_ServerAuthenticate3: failed to get machine password for
account JEFF-W7$: NT_STATUS_ACCESS_DENIED
I've checked pdbedit and the machine "JEFF-W7" exists and is enabled
and all the other flags look correct (as they did in smbpasswd).
I've obviously stuffed something up! Could someone please point me
in the right direction? I'm not sure if its some of the automated
scripts perhaps?
Thanks again!!!
Here is pdbedit -Lv for that particular PC:
---------------
Unix username: JEFF-W7$
NT username:
Account Flags: [W ]
User SID: S-1-5-21-3210725046-2967654944-2425555567-3034
Primary Group SID: S-1-5-21-3210725046-2967654944-2425555567-513
Full Name: Jeff Windows 7 64 Virtual Machine
Home Directory:
HomeDir Drive: (null)
Logon Script:
Profile Path:
Domain: UNIVERSE
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: never
Kickoff time: never
Password last set: Sun, 28 Feb 2010 10:52:17 EST
Password can change: Sun, 28 Feb 2010 10:52:17 EST
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
---------------
Here is my globals section of my smb.conf:
[global]
workgroup = UNIVERSE
netbios name = MAGTECH
server string = Samba Server
wins support = yes
domain logons = yes
preferred master = Yes
domain master = yes
local master = yes
os level = 66
dns proxy = yes
name resolve order = wins lmhosts hosts bcast
interfaces = eth0 eth1
smb ports = 139
bind interfaces only = true
debug timestamp = yes
log file = /var/log/samba/%m.log
log level = 1
max log size = 9216
panic action = /usr/share/samba/panic-action %d
security = user
encrypt passwords = true
passdb backend = tdbsam
obey pam restrictions = no
admin users = root, administator
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX
\spassword:* %n\n *password\supdated\ssuccessfully* .
add user script = /usr/sbin/useradd -m '%u'
delete user script = /usr/sbin/userdel -r '%u'
add group script = /user/sbin/groupdel '%g'
add user to group script = /usr/sbin/usermod -G '%g' '%u'
delete group script = /usr/sbin/groupdel '%g'
add machine script = /user/sbin/useradd -s /bin/false -d /dev/null
'%u'
logon path = \\%N\profiles\%U
logon drive = P:
logon script = %G.bat
utmp = yes
printing = cups
printcap name = cups
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
store dos attributes = yes
hide files = /RECYCLER/desktop.ini/Desktop.ini/Thumbs.db/
Thanks a Million!
Max
We've decided to convert from smbpasswd to tdbsam for password
database. We also upgraded our smb.conf file to bring it into line
with Samba 3 (our file hasn't changed in _years_). So it includes
things like automated scripts for machine account logins etc.
We converted using pdbedit -i smbpasswd -e passwd.tdb and it appeared
to work correctly.
However, when users try to log in, they now get a message saying the
domain cannot be contacted, and this appears in the log file:
[2010/02/28 10:39:55, 0] rpc_server/srv_netlog_nt.c:336(get_md4pw)
get_md4pw: Workstation JEFF-W7$: no account in domain
[2010/02/28 10:39:55, 0] rpc_server/srv_netlog_nt.c:
584(_netr_ServerAuthenticate3)
_netr_ServerAuthenticate3: failed to get machine password for
account JEFF-W7$: NT_STATUS_ACCESS_DENIED
I've checked pdbedit and the machine "JEFF-W7" exists and is enabled
and all the other flags look correct (as they did in smbpasswd).
I've obviously stuffed something up! Could someone please point me
in the right direction? I'm not sure if its some of the automated
scripts perhaps?
Thanks again!!!
Here is pdbedit -Lv for that particular PC:
---------------
Unix username: JEFF-W7$
NT username:
Account Flags: [W ]
User SID: S-1-5-21-3210725046-2967654944-2425555567-3034
Primary Group SID: S-1-5-21-3210725046-2967654944-2425555567-513
Full Name: Jeff Windows 7 64 Virtual Machine
Home Directory:
HomeDir Drive: (null)
Logon Script:
Profile Path:
Domain: UNIVERSE
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: never
Kickoff time: never
Password last set: Sun, 28 Feb 2010 10:52:17 EST
Password can change: Sun, 28 Feb 2010 10:52:17 EST
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
---------------
Here is my globals section of my smb.conf:
[global]
workgroup = UNIVERSE
netbios name = MAGTECH
server string = Samba Server
wins support = yes
domain logons = yes
preferred master = Yes
domain master = yes
local master = yes
os level = 66
dns proxy = yes
name resolve order = wins lmhosts hosts bcast
interfaces = eth0 eth1
smb ports = 139
bind interfaces only = true
debug timestamp = yes
log file = /var/log/samba/%m.log
log level = 1
max log size = 9216
panic action = /usr/share/samba/panic-action %d
security = user
encrypt passwords = true
passdb backend = tdbsam
obey pam restrictions = no
admin users = root, administator
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX
\spassword:* %n\n *password\supdated\ssuccessfully* .
add user script = /usr/sbin/useradd -m '%u'
delete user script = /usr/sbin/userdel -r '%u'
add group script = /user/sbin/groupdel '%g'
add user to group script = /usr/sbin/usermod -G '%g' '%u'
delete group script = /usr/sbin/groupdel '%g'
add machine script = /user/sbin/useradd -s /bin/false -d /dev/null
'%u'
logon path = \\%N\profiles\%U
logon drive = P:
logon script = %G.bat
utmp = yes
printing = cups
printcap name = cups
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
store dos attributes = yes
hide files = /RECYCLER/desktop.ini/Desktop.ini/Thumbs.db/
Thanks a Million!
Max