i currently have a samba pdc, samba bdc and samba member server all running samba-3.0.23c-1.fc5. up until the 3.0.22 releases, i never had any problems with users authenticating to member servers.
problem now is, a user from windows xp professional (which is part of the domain) can auth to the pdc and bdc, but not to the domain member server. the same thing happens from windows xp home (even though they can't be domain members) the xp home computer can auth to pdc, bdc but not member server. the member server logs report: auth/auth_domain.c:domain_client_validate(246) domain_client_validate: unable to validate password for user username in domain MESSINET.COM to Domain controller HOME. Error was NT_STATUS_WRONG_PASSWORD. this error is reported many times successively on the member server, and nothing at all show up in the pdc or the bdc logs. i am thinking that i have misconfigured some parameter, but all of these configs worked prior to the 3.0.22 line of samba. i do appreciate your help, and sorry for the lengthy post. -anthony here is the smb.conf from the pdc: [global] workgroup = messinet.com netbios name = home server string = Samba Domain Server hosts allow = 127.0.0.1 192.168.1.0/24 192.168.2.0/24 192.168.3.0/24 hosts deny = 0.0.0.0/0 interfaces = lo eth0 bind interfaces only = yes printcap name = /etc/printcap load printers = no printing = cups options = guest account = guest log file = /var/log/samba/samba.log max log size = 1024 log level = 1 security = user lanman auth = no client ntlmv2 auth = yes enable privileges = yes ldap passwd sync = no ldap admin dn = "uid=sambaroot,ou=People,dc=messinet,dc=com" passdb backend = ldapsam:ldap://127.0.0.1 ldap ssl = off ldap delete dn = yes ldap suffix = dc=messinet,dc=com ldap user suffix = ou=People ldap group suffix = ou=Group ldap machine suffix = ou=Computers ldap idmap suffix = ou=Idmap,dc=messinet,dc=com idmap backend = ldap:ldap://127.0.0.1 idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 add user script = /usr/sbin/smbldap-useradd -m "%u" delete user script = /usr/sbin/smbldap-userdel "%u" add machine script = /usr/sbin/smbldap-useradd -w "%u" add group script = /usr/sbin/smbldap-groupadd -p "%g" delete group script = /usr/sbin/smbldap-groupdel "%g" add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" encrypt passwords = yes unix password sync = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* username map = /etc/samba/smbusers local master = yes os level = 33 domain master = yes preferred master = yes domain logons = yes logon script = %U.bat logon drive = H: logon home = \\%L\%U name resolve order = wins lmhosts bcast wins support = yes wins proxy = no dns proxy = no preserve case = yes nt acl support = yes #============================ Share Definitions template shell = /bin/false winbind use default domain = no [homes] comment = Home Directory for %U csc policy = disable browseable = no writable = yes valid users = %S hide files = /Desktop.ini/desktop.ini/RECYCLER/Thumbs.db/ [netlogon] comment = Network Logon Service path = /etc/samba/netlogon guest ok = yes writable = no browseable = no share modes = no [public_share] comment = Messinet Secure Services Local Public Share path = /pub guest ok = no writable = yes printable = no valid users = +"MESSINET.COM\Domain Users" create mask = 0644 force create mode = 0644 directory mask = 1755 force directory mode = 1755 hide dot files = yes hide files = /Desktop.ini/desktop.ini/RECYCLER/Thumbs.db/ veto files = /aquota.*/*~/lost+found/.Trash*/ here is the smb.conf from the samba domain member server: [global] workgroup = messinet.com netbios name = linux-ws1 server string = Samba Print Server hosts allow = 127.0.0.1 192.168.1.0/24 192.168.2.0/24 192.168.3.0/24 hosts deny = 0.0.0.0/0 printcap name = cups load printers = yes printing = cups cups options = raw guest account = guest log file = /var/log/samba/samba.log max log size = 1024 log level = 1 security = domain lanman auth = no client ntlmv2 auth = yes enable privileges = yes encrypt passwords = yes username map = /etc/samba/smbusers interfaces = lo eth0 bind interfaces only = yes local master = no os level = 33 domain master = no preferred master = no domain logons = no name resolve order = wins lmhosts bcast wins support = no wins server = 192.168.1.5 wins proxy = no dns proxy = no preserve case = yes nt acl support = yes #============================ Share Definitions [printers] comment = Printers path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes [print$] comment = Printer Driver Download Area path = /etc/samba/drivers browseable = no guest ok = no read only = yes write list = +Print_Operators, sambaroot [public_share] comment = Local Media Private Share path = /pub guest ok = no writable = yes printable = no valid users = +Domain_Admins, +Domain_Users create mask = 0644 force create mode = 0644 directory mask = 1755 force directory mode = 1755 hide dot files = yes hide files = /Desktop.ini/desktop.ini/RECYCLER/Thumbs.db/ veto files = /aquota.*/*~/lost+found/.Trash*/ -- Anthony - http://messinet.com - http://messinet.com/~amessina/gallery 8F89 5E72 8DF0 BCF0 10BE 9967 92DC 35DC B001 4A4E
signature.asc
Description: OpenPGP digital signature
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
