logs below: -- Jason Williams Wrote:
Weird stuff happening eh? Just to get a few things out of the way, the user that is having problems logging on, they have an account on the PDC? ---> all done through ldap, logs show authenticating user fine (below) The machine account will be there since it has already connected to the PDC. ---> machine account is in the LDAP The original user works, but when you create a new user on the XP box and try and log on, you get errors right? ---> I am not creating a new user, just trying to log in (as I did with the first user that works). I did however try to add that user to the list of power users and that didnt help either. Anything the logs say? ---> see comments below > -----Original Message----- > From: _Chris McKeever_ [mailto:[EMAIL PROTECTED] > > > Samba 2.2.8a, RH7.3 > > I have successfully connected machines running XP to the > samba controlled > domain. > > There are 3 XP machines, each with only one user designated > as a power user > (ie domain\username power user). Each can log into any of the three > machines without a problem. > > Now I am trying to log a different person into any of these > machines and I > get the message "System Could Not Log You On". > > I can log into any of these machines with the administrator > or my account > (neither of which are set up in the local users - other than > computername\administrator). > > Any ideas of what is going on? Did I miss something? I > thought that with > domain logins that any user can log into the XP machine as > long as they are > set-up correctly via samba, which they are since they can > access resources > from windows 98 machines to samba shares. > > Thanks >From the logs it seems like the user is authenticating fine against ldap/samba: problem user: [2003/07/10 12:46:59, 3] rpc_server/srv_netlog_nt.c:_net_sam_logon(605) SAM Logon (Interactive). Domain:[PRUPREF.COM]. User:[jearhart] [2003/07/10 12:46:59, 3] smbd/sec_ctx.c:push_sec_ctx(296) push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1 [2003/07/10 12:46:59, 3] smbd/uid.c:push_conn_ctx(285) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2003/07/10 12:46:59, 3] smbd/sec_ctx.c:set_sec_ctx(328) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2003/07/10 12:46:59, 5] passdb/pdb_ldap.c:ldap_open_connection(122) ldap_open_connection: starting... [2003/07/10 12:46:59, 10] passdb/pdb_ldap.c:ldap_open_connection(148) Initializing connection to winnetka.prupref.com on port 389 [2003/07/10 12:46:59, 2] passdb/pdb_ldap.c:ldap_open_connection(186) StartTLS issued: using a TLS connection [2003/07/10 12:46:59, 2] passdb/pdb_ldap.c:ldap_open_connection(217) ldap_open_connection: connection opened [2003/07/10 12:46:59, 0] passdb/pdb_ldap.c:ldap_connect_system(315) ldap_connect_system: Binding to ldap server as "cn=root,dc=prupref,dc=com" [2003/07/10 12:46:59, 2] passdb/pdb_ldap.c:ldap_connect_system(331) ldap_connect_system: succesful connection to the LDAP server [2003/07/10 12:46:59, 2] passdb/pdb_ldap.c:ldap_search_one_user(343) ldap_search_one_user: searching for:[(&(uid=jearhart)(objectclass=sambaAccount))] [2003/07/10 12:47:00, 2] passdb/pdb_ldap.c:get_single_attribute(441) get_single_attribute: [uid] = [jearhart] [2003/07/10 12:47:00, 2] passdb/pdb_ldap.c:init_sam_from_ldap(576) Entry found for user: jearhart [2003/07/10 12:47:00, 2] passdb/pdb_ldap.c:get_single_attribute(441) get_single_attribute: [pwdLastSet] = [1057792387] [2003/07/10 12:47:00, 2] passdb/pdb_ldap.c:get_single_attribute(441) get_single_attribute: [logonTime] = [0] [2003/07/10 12:47:00, 2] passdb/pdb_ldap.c:get_single_attribute(441) get_single_attribute: [logoffTime] = [2147483647] [2003/07/10 12:47:00, 2] passdb/pdb_ldap.c:get_single_attribute(441) get_single_attribute: [kickoffTime] = [2147483647] [2003/07/10 12:47:00, 2] passdb/pdb_ldap.c:get_single_attribute(441) get_single_attribute: [pwdCanChange] = [0] [2003/07/10 12:47:00, 2] passdb/pdb_ldap.c:get_single_attribute(441) get_single_attribute: [pwdMustChange] = [2147483647] [2003/07/10 12:47:00, 2] passdb/pdb_ldap.c:get_single_attribute(441) get_single_attribute: [cn] = [Jeff Earhart] [2003/07/10 12:47:00, 2] passdb/pdb_ldap.c:get_single_attribute(435) get_single_attribute: [homeDrive] = [<does not exist>] [2003/07/10 12:47:00, 5] passdb/pdb_ldap.c:init_sam_from_ldap(626) homeDrive fell back to [2003/07/10 12:47:00, 2] passdb/pdb_ldap.c:get_single_attribute(435) get_single_attribute: [smbHome] = [<does not exist>] [2003/07/10 12:47:00, 4] lib/substitute.c:automount_server(183) Home server: prupref-winn [2003/07/10 12:47:00, 5] passdb/pdb_ldap.c:init_sam_from_ldap(635) smbHome fell back to \\prupref-winn\jearhart [2003/07/10 12:47:00, 2] passdb/pdb_ldap.c:get_single_attribute(435) get_single_attribute: [scriptPath] = [<does not exist>] [2003/07/10 12:47:00, 5] passdb/pdb_ldap.c:init_sam_from_ldap(644) scriptPath fell back to [2003/07/10 12:47:00, 2] passdb/pdb_ldap.c:get_single_attribute(435) get_single_attribute: [profilePath] = [<does not exist>] [2003/07/10 12:47:00, 4] lib/substitute.c:automount_server(183) Home server: prupref-winn [2003/07/10 12:47:00, 5] passdb/pdb_ldap.c:init_sam_from_ldap(653) profilePath fell back to \\prupref-winn\jearhart\profile [2003/07/10 12:47:00, 2] passdb/pdb_ldap.c:get_single_attribute(435) get_single_attribute: [description] = [<does not exist>] [2003/07/10 12:47:00, 2] passdb/pdb_ldap.c:get_single_attribute(435) get_single_attribute: [userWorkstations] = [<does not exist>] [2003/07/10 12:47:00, 2] passdb/pdb_ldap.c:get_single_attribute(441) get_single_attribute: [rid] = [87124] [2003/07/10 12:47:00, 2] passdb/pdb_ldap.c:get_single_attribute(441) get_single_attribute: [primaryGroupID] = [3005] [2003/07/10 12:47:00, 2] passdb/pdb_ldap.c:get_single_attribute(441) get_single_attribute: [lmPassword] = [B9AD96875] [2003/07/10 12:47:00, 2] passdb/pdb_ldap.c:get_single_attribute(441) get_single_attribute: [ntPassword] = [77A7A] [2003/07/10 12:47:00, 2] passdb/pdb_ldap.c:get_single_attribute(441) get_single_attribute: [acctFlags] = [[UX ]] [2003/07/10 12:47:00, 3] smbd/sec_ctx.c:pop_sec_ctx(435) pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 [2003/07/10 12:47:00, 3] smbd/sec_ctx.c:push_sec_ctx(296) push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1 [2003/07/10 12:47:00, 3] smbd/uid.c:push_conn_ctx(285) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 ** this is where the strange part is 2003/07/10 12:47:00, 10] lib/util_sid.c:split_domain_name(340) split_domain_name:name 'jearhart' split into domain :'PRUPREF-WINN' and user :'jearhart' [2003/07/10 12:47:00, 5] rpc_server/srv_lsa_nt.c:init_lsa_rid2s(160) init_lsa_rid2s: looking up name jearhart [2003/07/10 12:47:00, 10] smbd/uid.c:lookup_name(457) lookup_name: winbind lookup for jearhart failed - trying local [2003/07/10 12:47:00, 10] smbd/uid.c:lookup_name(486) lookup_name: (local) jearhart -> SID S-1-5-21-2263616378-1746176118-2189425910-87124 (type 1) [2003/07/10 12:47:00, 5] rpc_server/srv_lsa_nt.c:init_lsa_rid2s(164) init_lsa_rid2s: found [2003/07/10 12:47:00, 5] rpc_parse/parse_prs.c:prs_debug(60) 000000 lsa_io_r_lookup_names [2003/07/10 12:47:00, 5] rpc_parse/parse_prs.c:prs_uint32(588) 0000 ptr_dom_ref: 00000001 [2003/07/10 12:47:00, 6] rpc_parse/parse_prs.c:prs_debug(60) 000004 lsa_io_dom_r_ref [2003/07/10 12:47:00, 5] rpc_parse/parse_prs.c:prs_uint32(588) 0004 num_ref_doms_1: 00000001 [2003/07/10 12:47:00, 5] rpc_parse/parse_prs.c:prs_uint32(588) Here are logs from the successfull user: 2003/07/10 12:42:54, 3] rpc_server/srv_netlog_nt.c:_net_sam_logon(605) SAM Logon (Interactive). Domain:[PRUPREF.COM]. User:[mbarnes] [2003/07/10 12:42:54, 3] smbd/sec_ctx.c:push_sec_ctx(296) push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1 [2003/07/10 12:42:54, 3] smbd/uid.c:push_conn_ctx(285) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2003/07/10 12:42:54, 3] smbd/sec_ctx.c:set_sec_ctx(328) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2003/07/10 12:42:54, 5] passdb/pdb_ldap.c:ldap_open_connection(122) ldap_open_connection: starting... [2003/07/10 12:42:54, 10] passdb/pdb_ldap.c:ldap_open_connection(148) Initializing connection to winnetka.prupref.com on port 389 [2003/07/10 12:42:54, 2] passdb/pdb_ldap.c:ldap_open_connection(186) StartTLS issued: using a TLS connection [2003/07/10 12:42:54, 2] passdb/pdb_ldap.c:ldap_open_connection(217) ldap_open_connection: connection opened [2003/07/10 12:42:54, 0] passdb/pdb_ldap.c:ldap_connect_system(315) ldap_connect_system: Binding to ldap server as "cn=root,dc=prupref,dc=com" [2003/07/10 12:42:54, 2] passdb/pdb_ldap.c:ldap_connect_system(331) ldap_connect_system: succesful connection to the LDAP server [2003/07/10 12:42:54, 2] passdb/pdb_ldap.c:ldap_search_one_user(343) ldap_search_one_user: searching for:[(&(uid=mbarnes)(objectclass=sambaAccount))] [2003/07/10 12:42:54, 2] passdb/pdb_ldap.c:get_single_attribute(441) get_single_attribute: [uid] = [mbarnes] [2003/07/10 12:42:54, 2] passdb/pdb_ldap.c:init_sam_from_ldap(576) Entry found for user: mbarnes [2003/07/10 12:42:54, 2] passdb/pdb_ldap.c:get_single_attribute(441) get_single_attribute: [pwdLastSet] = [1052162872] [2003/07/10 12:42:54, 2] passdb/pdb_ldap.c:get_single_attribute(441) get_single_attribute: [logonTime] = [0] [2003/07/10 12:42:54, 2] passdb/pdb_ldap.c:get_single_attribute(441) get_single_attribute: [logoffTime] = [2147483647] [2003/07/10 12:42:54, 2] passdb/pdb_ldap.c:get_single_attribute(441) get_single_attribute: [kickoffTime] = [2147483647] [2003/07/10 12:42:54, 2] passdb/pdb_ldap.c:get_single_attribute(441) get_single_attribute: [pwdCanChange] = [0] [2003/07/10 12:42:54, 2] passdb/pdb_ldap.c:get_single_attribute(441) get_single_attribute: [pwdMustChange] = [2147483647] [2003/07/10 12:42:54, 2] passdb/pdb_ldap.c:get_single_attribute(441) get_single_attribute: [cn] = [Michael Barnes] [2003/07/10 12:42:54, 2] passdb/pdb_ldap.c:get_single_attribute(435) get_single_attribute: [homeDrive] = [<does not exist>] [2003/07/10 12:42:54, 5] passdb/pdb_ldap.c:init_sam_from_ldap(626) homeDrive fell back to [2003/07/10 12:42:54, 2] passdb/pdb_ldap.c:get_single_attribute(435) get_single_attribute: [smbHome] = [<does not exist>] [2003/07/10 12:42:54, 4] lib/substitute.c:automount_server(183) Home server: prupref-winn [2003/07/10 12:42:54, 5] passdb/pdb_ldap.c:init_sam_from_ldap(635) smbHome fell back to \\prupref-winn\mbarnes [2003/07/10 12:42:54, 2] passdb/pdb_ldap.c:get_single_attribute(435) get_single_attribute: [scriptPath] = [<does not exist>] [2003/07/10 12:42:54, 5] passdb/pdb_ldap.c:init_sam_from_ldap(644) scriptPath fell back to [2003/07/10 12:42:54, 2] passdb/pdb_ldap.c:get_single_attribute(435) get_single_attribute: [profilePath] = [<does not exist>] [2003/07/10 12:42:54, 4] lib/substitute.c:automount_server(183) Home server: prupref-winn [2003/07/10 12:42:54, 5] passdb/pdb_ldap.c:init_sam_from_ldap(653) profilePath fell back to \\prupref-winn\mbarnes\profile [2003/07/10 12:42:54, 2] passdb/pdb_ldap.c:get_single_attribute(435) get_single_attribute: [description] = [<does not exist>] [2003/07/10 12:42:54, 2] passdb/pdb_ldap.c:get_single_attribute(435) get_single_attribute: [userWorkstations] = [<does not exist>] [2003/07/10 12:42:54, 2] passdb/pdb_ldap.c:get_single_attribute(441) get_single_attribute: [rid] = [6722] [2003/07/10 12:42:54, 2] passdb/pdb_ldap.c:get_single_attribute(441) get_single_attribute: [primaryGroupID] = [3005] [2003/07/10 12:42:54, 2] passdb/pdb_ldap.c:get_single_attribute(441) get_single_attribute: [lmPassword] = [3DEC2A3] [2003/07/10 12:42:54, 2] passdb/pdb_ldap.c:get_single_attribute(441) get_single_attribute: [ntPassword] = [A87AD606] [2003/07/10 12:42:54, 2] passdb/pdb_ldap.c:get_single_attribute(441) get_single_attribute: [acctFlags] = [[UX ]] [2003/07/10 12:42:54, 3] smbd/sec_ctx.c:pop_sec_ctx(435) pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 [2003/07/10 12:42:54, 3] smbd/sec_ctx.c:push_sec_ctx(296) push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1 [2003/07/10 12:42:54, 3] smbd/uid.c:push_conn_ctx(285) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2003/07/10 12:42:54, 3] smbd/sec_ctx.c:set_sec_ctx(328) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2003/07/10 12:42:54, 3] smbd/sec_ctx.c:pop_sec_ctx(435) pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 [2003/07/10 12:42:54, 10] lib/username.c:user_in_list(456) user_in_list: checking user mbarnes in list [2003/07/10 12:42:54, 3] rpc_server/srv_util.c:get_domain_user_groups(187) domain group access 513/7 granted [2003/07/10 12:42:54, 10] lib/username.c:user_in_list(456) user_in_list: checking user mbarnes in list root @domain-admins [2003/07/10 12:42:54, 10] lib/username.c:user_in_list(460) user_in_list: checking user |mbarnes| against |root| [2003/07/10 12:42:54, 10] lib/username.c:user_in_list(460) user_in_list: checking user |mbarnes| against |@domain-admins| [2003/07/10 12:42:54, 5] lib/username.c:user_in_netgroup_list(298) Unable to get default yp domain [2003/07/10 12:42:54, 10] lib/username.c:user_in_unix_group_list(392) user_in_unix_group_list: checking user mbarnes in group domain-admins [2003/07/10 12:42:54, 10] lib/username.c:user_in_unix_group_list(413) user_in_unix_group_list: checking user mbarnes against member jearhart [2003/07/10 12:42:54, 10] lib/username.c:user_in_unix_group_list(413) user_in_unix_group_list: checking user mbarnes against member cfusion [2003/07/10 12:42:54, 10] lib/username.c:user_in_unix_group_list(413) user_in_unix_group_list: checking user mbarnes against member administrator [2003/07/10 12:42:54, 10] lib/username.c:user_in_unix_group_list(413) user_in_unix_group_list: checking user mbarnes against member mfalanga [2003/07/10 12:42:54, 10] lib/username.c:user_in_unix_group_list(413) user_in_unix_group_list: checking user mbarnes against member cgmckeever [2003/07/10 12:42:54, 4] rpc_server/srv_util.c:make_dom_gids(90) make_dom_gids: 513/7 [2003/07/10 12:42:54, 5] rpc_server/srv_util.c:make_dom_gids(149) group id: 513 attr: 7 [2003/07/10 12:42:54, 4] rpc_parse/parse_net.c:init_dom_sid2s(813) init_dom_sid2s: ** The part about domain splitting is not there if you need other parts of the logs, please let me know. Thanks > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
