On the LDAP server: > ldapsearch -b "ou=people,o=nebrwesleyan.edu,o=isp" "uid=guinea-pig$" \ sambaSID uid=guinea-pig$,ou=people,o=nebrwesleyan.edu,o=isp sambaSID=S-1-5-21-2507527290-1625623118-1076039497-3002
On the Samba server: > /usr/local/samba/bin/net getlocalsid SID for domain TESTERATOR is: S-1-5-21-2507527290-1625623118-1076039497 So yes, they match. I did some further investigation, and it appears that in the conditional on lines 250-254 of rpc_server/srv_netlog_nt.c in get_md4pw() is where the failure point is. Namely, the account is not disabled, and the pass is not null, but none of the trust checks pass. (acct_ctrl == 16). I put a quick hack in pdb_get_acct_ctrl() on line 45 of passdb/pdb_get_set.c ("return ACB_WSTRUST;") to get past this immediate problem; it worked, but logins still don't work. There's some sort of problem with credentials that I've been trying to work out. Anyhow, that's everything I know about the problem; here's the smbd log. Thanks for looking at this. [...snip...] [2004/10/07 16:14:09, 5] lib/smbldap.c:smbldap_search(963) smbldap_search: base => [o=nebrwesleyan.edu,o=isp], filter => [(&(uid=GUINEA-PIG$)(objectclass=sambaSamAccount))], scope => [2] [2004/10/07 16:14:09, 2] passdb/pdb_ldap.c:init_sam_from_ldap(485) init_sam_from_ldap: Entry found for user: guinea-pig$ [2004/10/07 16:14:09, 10] passdb/pdb_get_set.c:pdb_set_username(625) pdb_set_username: setting username guinea-pig$, was [2004/10/07 16:14:09, 10] passdb/pdb_get_set.c:pdb_set_init_flags(525) element 12 -> now SET [2004/10/07 16:14:09, 10] passdb/pdb_get_set.c:pdb_set_domain(652) pdb_set_domain: setting domain NWU_TEST, was [2004/10/07 16:14:09, 10] passdb/pdb_get_set.c:pdb_set_nt_username(679) pdb_set_nt_username: setting nt username guinea-pig$, was [2004/10/07 16:14:09, 10] passdb/pdb_get_set.c:pdb_set_init_flags(525) element 15 -> now SET [2004/10/07 16:14:09, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(565) pdb_set_user_sid_from_string: setting user sid S-1-5-21-2507527290-1625623118-1076039497-3002 [2004/10/07 16:14:09, 10] passdb/pdb_get_set.c:pdb_set_user_sid(552) pdb_set_user_sid: setting user sid S-1-5-21-2507527290-1625623118-1076039497-3002 [2004/10/07 16:14:09, 10] passdb/pdb_get_set.c:pdb_set_init_flags(525) element 18 -> now SET [2004/10/07 16:14:09, 10] lib/smbldap.c:smbldap_get_single_attribute(309) smbldap_get_single_attribute: [sambaPrimaryGroupSID] = [<does not exist>] [2004/10/07 16:14:09, 10] passdb/pdb_get_set.c:pdb_set_group_sid(588) pdb_set_group_sid: setting group sid S-1-5-21-2507527290-1625623118-1076039497-513 [2004/10/07 16:14:09, 10] passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100) pdb_set_group_sid_from_rid: setting group sid S-1-5-21-2507527290-1625623118-1076039497-513 from rid 513 [2004/10/07 16:14:09, 10] lib/smbldap.c:smbldap_get_single_attribute(309) smbldap_get_single_attribute: [sambaPwdLastSet] = [<does not exist>] [2004/10/07 16:14:09, 10] lib/smbldap.c:smbldap_get_single_attribute(309) smbldap_get_single_attribute: [sambaLogonTime] = [<does not exist>] [2004/10/07 16:14:09, 10] lib/smbldap.c:smbldap_get_single_attribute(309) smbldap_get_single_attribute: [sambaLogoffTime] = [<does not exist>] [2004/10/07 16:14:09, 10] lib/smbldap.c:smbldap_get_single_attribute(309) smbldap_get_single_attribute: [sambaKickoffTime] = [<does not exist>] [2004/10/07 16:14:09, 10] lib/smbldap.c:smbldap_get_single_attribute(309) smbldap_get_single_attribute: [sambaPwdCanChange] = [<does not exist>] [2004/10/07 16:14:09, 10] lib/smbldap.c:smbldap_get_single_attribute(309) smbldap_get_single_attribute: [sambaPwdMustChange] = [<does not exist>] [2004/10/07 16:14:09, 10] passdb/pdb_get_set.c:pdb_set_fullname(706) pdb_set_full_name: setting full name guinea-pig$, was [2004/10/07 16:14:09, 10] passdb/pdb_get_set.c:pdb_set_init_flags(525) element 13 -> now SET [2004/10/07 16:14:09, 10] lib/smbldap.c:smbldap_get_single_attribute(309) smbldap_get_single_attribute: [sambaHomeDrive] = [<does not exist>] [2004/10/07 16:14:09, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(787) pdb_set_dir_drive: setting dir drive , was NULL [2004/10/07 16:14:09, 10] lib/smbldap.c:smbldap_get_single_attribute(309) smbldap_get_single_attribute: [sambaHomePath] = [<does not exist>] [2004/10/07 16:14:09, 4] lib/substitute.c:automount_server(323) Home server: testerator [2004/10/07 16:14:09, 10] passdb/pdb_get_set.c:pdb_set_homedir(814) pdb_set_homedir: setting home dir \\testerator\guinea-pig_, was [2004/10/07 16:14:09, 10] lib/smbldap.c:smbldap_get_single_attribute(309) smbldap_get_single_attribute: [sambaLogonScript] = [<does not exist>] [2004/10/07 16:14:09, 10] passdb/pdb_get_set.c:pdb_set_logon_script(733) pdb_set_logon_script: setting logon script scripts\logon.bat, was [2004/10/07 16:14:09, 10] lib/smbldap.c:smbldap_get_single_attribute(309) smbldap_get_single_attribute: [sambaProfilePath] = [<does not exist>] [2004/10/07 16:14:09, 10] passdb/pdb_get_set.c:pdb_set_profile_path(760) pdb_set_profile_path: setting profile path \\testerator\profiles\guinea-pig_, was [2004/10/07 16:14:09, 10] lib/smbldap.c:smbldap_get_single_attribute(309) smbldap_get_single_attribute: [description] = [<does not exist>] [2004/10/07 16:14:09, 10] lib/smbldap.c:smbldap_get_single_attribute(309) smbldap_get_single_attribute: [sambaUserWorkstations] = [<does not exist>] [2004/10/07 16:14:09, 10] lib/smbldap.c:smbldap_get_single_attribute(309) smbldap_get_single_attribute: [sambaMungedDial] = [<does not exist>] [2004/10/07 16:14:09, 10] passdb/pdb_get_set.c:pdb_set_init_flags(525) element 32 -> now SET [2004/10/07 16:14:09, 10] passdb/pdb_get_set.c:pdb_set_init_flags(525) element 33 -> now SET [2004/10/07 16:14:09, 10] lib/account_pol.c:account_policy_get(158) account_policy_get: password history:0 [2004/10/07 16:14:09, 10] lib/smbldap.c:smbldap_get_single_attribute(309) smbldap_get_single_attribute: [sambaAcctFlags] = [<does not exist>] [2004/10/07 16:14:09, 10] passdb/pdb_get_set.c:pdb_set_init_flags(525) element 16 -> now SET [2004/10/07 16:14:09, 10] passdb/pdb_get_set.c:pdb_set_init_flags(525) element 17 -> now SET [2004/10/07 16:14:09, 10] lib/smbldap.c:smbldap_get_single_attribute(309) smbldap_get_single_attribute: [sambaBadPasswordCount] = [<does not exist>] [2004/10/07 16:14:09, 10] lib/smbldap.c:smbldap_get_single_attribute(309) smbldap_get_single_attribute: [sambaBadPasswordTime] = [<does not exist>] [2004/10/07 16:14:09, 10] lib/smbldap.c:smbldap_get_single_attribute(309) smbldap_get_single_attribute: [sambaLogonHours] = [<does not exist>] [2004/10/07 16:14:09, 5] passdb/login_cache.c:login_cache_init(41) Opening cache file at /usr/local/samba/var/locks/login_cache.tdb [2004/10/07 16:14:09, 7] passdb/login_cache.c:login_cache_read(83) Looking up login cache for user guinea-pig$ [2004/10/07 16:14:09, 7] passdb/login_cache.c:login_cache_read(97) No cache entry found [2004/10/07 16:14:09, 9] passdb/pdb_ldap.c:init_sam_from_ldap(804) No cache entry, bad count = 0, bad time = 0 [2004/10/07 16:14:09, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (65534, 65533) - sec_ctx_stack_ndx = 0 [2004/10/07 16:14:09, 0] rpc_server/srv_netlog_nt.c:get_md4pw(261) get_md4pw: Workstation GUINEA-PIG$: no account in domain [2004/10/07 16:14:09, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 net_io_r_auth_2 [2004/10/07 16:14:09, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_chal [2004/10/07 16:14:09, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0000 data: c8 ea ff bf 4a 18 0e 08 [2004/10/07 16:14:09, 6] rpc_parse/parse_prs.c:prs_debug(82) 000008 net_io_neg_flags [2004/10/07 16:14:09, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0008 neg_flags: 400001ff [2004/10/07 16:14:09, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 000c status: NT_STATUS_ACCESS_DENIED [...snip...] Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University On Thu, 7 Oct 2004, Igor Belyi wrote: >Chris St. Pierre wrote: >> An update: I managed to get a domain entry added to my LDAP directory. >> Still got the same error. Googled for it; found out that I had to put >> my machine trust accounts in ou=people instead of ou=machines. Did >> so. Still get the same message from Windows: >> >> >> > > > "The system cannot log you on to this domain because the system's >> > > > computer account in its primary domain is missing or the password on >> > > > that account is incorrect." >> >> >> > From Samba, it's the same old thing: >> >> get_md4pw: Workstation GUINEA-PIG$: no account in domain >> >> What the heck does this mean? How can I fix it? Does Samba just hate me? >> >> I've attached the section of the smbd log that appears to pertain to >> the immediate problem. Any insights you can offer would be greatly >> appreciated. Thank you. > >Verify that sambaSID of your GUINEA-PIG$ contains SID of the Domain (sambaSID >field of the sambaDomain entry or result of 'net getlocalsid' which should be >the same). > >And yes, I can take a look at your Samba log. Note, attachments don't get >through when sent to this list. > >Igor > >-- >To unsubscribe from this list go to the following URL and read the >instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba