Hi,
I'm running Samba 3.5.6 with OpenLDAP 2.4.23 (from Debian Squeeze) as
PDC. Everything is working fine (Joining Domains, Log on Users) but I'm
not able to Log in as Domain Admin. If I try to, the message "Unable to
log on „The User Profile Service service failed the logon. User profile
cannot be loaded." (in german: "Fehler bei der Anmeldung mit dem
Benutzerprofildienst. Das Benutzerprofil kann nicht geladen werden.")
appears.
The Samba Log looks fine. If I change the user to be a normal Domain
Users he can log in without problems.
I've changed the following Registry-Settings in order to join the domain:
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters]
"DNSNameResolutionRequired"=dword:00000000
"DomainCompatibilityMode"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"LmCompatibilityLevel"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0]
"NtlmMinServerSec"=dword:00000000
"NtlmMinClientSec"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters]
"LDAPServerIntegrity"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters]
"RestrictNTLMInDomain"=dword:00000000
"RequireSignOrSeal"=dword:000000001
"RequireStrongKey"=dword:000000001
"DisablePasswordChange"=dword:00000001
"RefusePasswordChange"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LDAP\Parameters]
"LDAPClientIntegrity"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
"LocalProfile"=dword:00000001
This is my smb.conf:
[global]
workgroup = CATDOM
server string = %h
netbios name = PDC
smb ports = 445 139
passdb backend = ldapsam:ldap://localhost
passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
passwd program = /usr/sbin/smbldap-passwd %u
log level = 5
log file = /var/log/samba/samba.log
max log size = 1000
time server = Yes
add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
logon script = scripts/logon.bat
logon path =
logon drive =
domain logons = Yes
domain master = Yes
os level = 210
preferred master = Yes
ldap admin dn = cn=admin,dc=ldap,dc=local
ldap group suffix = ou=Groups
ldap machine suffix = ou=Machines
ldap user suffix = ou=People
ldap suffix = dc=ldap,dc=local
ldap passwd sync = yes
ldap ssl = no
panic action = /usr/share/samba/panic-action %d
create mask = 0775
force create mode = 0775
directory mask = 0775
force directory mode = 0775
veto files = /.AppleDB/.AppleDouble/.AppleDesktop/:2eDS_Store/Network
Trash Folder/Temporary
Items/TheVolumeSettingsFolder/.@__thumb/.@__desc/:2e*/
delete veto files = yes
server signing = disabled
encrypt passwords = true
password server = *
wins support = true
local master = yes
guest account = nobody
map to guest = Bad User
dns proxy = no
panic action = /usr/share/samba/panic-action %d
socket options = TCP_NODELAY SO_KEEPALIVE SO_SNDBUF=65536
SO_RCVBUF=65536
lanman auth = yes
client ntlmv2 auth = yes
[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
valid users = %U
admin users = root
browseable = No
Any ideas?
Regards,
Denis Witt
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
