Dale, thanks for your response. On Thu, Sep 09, 2010 at 12:50:46PM -0500, Dale Schroeder wrote: > I used the pam settings from this article as a starting point. > http://www.enterprisenetworkingplanet.com/netos/article.php/10951_3502441_1
I know the mechanics of pam quite well and thus saw that the differences between my setup and the one of this article are neglectible. I kept on trying, however, and at some point I found out that the error messages are... misleading: the real problem is on the other end of the line. I did: | herkules:~# pdbedit -a -m -u gatekeeper | Unix username: gatekeeper$ | NT username: | Account Flags: [W ] | [...] and: | gatekeeper:~# net join member | Joined domain SYNTH. On herkules, this is (I assume) confirmed in the server logs: | secrets_store_schannel_session_info: stored schannel info with key SECRETS/SCHANNEL/GATEKEEPER | _netr_ServerPasswordSet: Server Password Set by remote machine:[GATEKEEPER] on account [GATEKEEPER$] However, as soon as the message "invalid parameter" is generated on client side, I can see in the server log: | _netr_LogonSamLogon: creds_server_step failed. Rejecting auth request from client GATEKEEPER machine account GATEKEEPER$ The reaseon for this can easily be googled: "Your machine thinks it is part of the domain, but your DC/sever does not". What I could not find is: the cause for such a behaviour (several other machines can authenticate with the same PDC quite well, so I assume the basic configuration to be fine). Ciao, Stefan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
