Samba - Can't log into domain

[stevenjo57]

We have set up Samba and I have included the smb.conf below.

When we try to log in we are immediately rejected with this message:

"Windows cannot connect to the domain, either because the domain controller is down or otherwise available, or because your computer account was not found, etc."

Below is the information about the machine account:
----------------
[root@tatiana ~]# finger sal$
Login: sal$ Name: (null)
Directory: /dev/null Shell: /bin/false
Never logged in.
No mail.
No Plan.
[root@tatiana ~]#
-------------------

Below is the info about the user name:
-------------
[root@tatiana ~]# finger jallen
Login: jallen Name: (null)
Directory: /home/jallen Shell: /bin/bash
Never logged in.
No mail.
No Plan.
[root@tatiana ~]#
---------------

As far as I can tell, they have both been added to samba correctly.

Below are the results of a testparm:
-------------------------

[root@tatiana ~]# testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[netlogon]"
Processing section "[homes]"
Processing section "[profiles]"
Processing section "[test]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions

# Global parameters
[global]
workgroup = MSBMEDIA
logon path = \\%n\profiles\%u
logon home = \\%n\%ulogon drive = H:
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes

[netlogon]
path = /home/netlogon
guest ok = Yes
share modes = No

[homes]
read only = No
browseable = No

[profiles]
path = /home/samba/profiles
read only = No
create mask = 0600
directory mask = 0700
browseable = No

[test]
comment = test share
path = /test
write list = jallen
[root@tatiana ~]#

-----------------------------------



Below is my Samba config file:

---------------------------

# /etc/samba/smb.conf
# samba configuration file
# last updated: 11/21/2006 by jda

[global]

;basic server settings
workgroup = MSBMEDIA
netbios name = tatiana
encrypt passwords = yes
;server string = Samba PDC running %v
;socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192
security = user

;PDC and master browser settings
os level = 65
preferred master = yes
local master = yes
domain master = yes
domain logons = yes

;security and logging settings
;log file = /var/log/samba/log.%m
;log level = 2
;max log size = 50

;user profiles and home directory
logon home = \\%n\%u\
logon drive = H:
logon path = \\%n\profiles\%u
;logon script = netlogon.bat

# ==== shares ====

[netlogon]
;comment = Network Logon Service
path = /home/netlogon
guest ok = yes
writeable = no
;read only = yes
;browseable = no
;write list = jallen
share modes = no

[homes]
;comment = Home Directories
read only = no
browseable = no
;writeable = yes

[profiles]
path = /home/samba/profiles
writeable = yes
browseable = no
create mask = 0600
directory mask = 0700

[test]
comment = test share
path = /test
read only = yes
browseable = yes
write list = jallen

------------------------------------

[ashokvpp]

Hi

In windows XP you need to perform this ---

Use
Window's Group Policy Editor (gpedit.msc) to make the following
changes in the Local Computer Policy\ Computer Configuration\
Windows Settings\ Security Settings\ Local Policies\ Security
Options branch: Domain member: Digitally encrypt or sign secure
channel data (DISABLE) andDomain member: Digitally sign secure
channel data when possible (DISABLE)

Once done try logging in. Shld do the trick

Regards
ashok

[Roxoff]

Before you go setting group policies (and you'll still need to do that, btw) make sure that your windows users are registered in the domain and have samba passwords allocated.

Do this by making sure each domain user has a linux account, then add their samba account and set their password using 'smbpasswd -a <user>'. For computers in the domain, I believe you have to add a linux dummy user for the machine, with the username set to the netbios name of the machine with a '$' appended.

[mdevilz]

http://samba.netfirms.com/index.htm is an awesome place for getting a simple domain setup without ldap or anything just using the linux users and smbpasswd

~mdevilz

[stevenjo57]

Thanks. It was a dumb mistake. Fixed.