Problems adding Win clients to domain
I'm not able to add Win clients to my domain anymore. I receive an error on the PC (2000 or XP):
"The following error occurred attempting to join the domain "[DOMAIN]":
Logon failure: unknown user name or password."
But I am able to log on to the server when accessing shares and printers. This error message only appears when joining the domain.
And on the Mac OS X 10.4.7 server I get the following in my log.smbd:
[2006/08/22 11:32:03, 2] /SourceCache/samba/samba-92.20/samba/source/auth/auth.c:check ntlmpassword(360)
check ntlmpassword: authentication for user [tmpadmin] -> [tmpadmin] -> [tmpadmin] succeeded
[2006/08/22 11:32:03, 2] /SourceCache/samba/samba-92.20/samba/source/lib/module.c:do smb_loadmodule(63)
Module '/usr/lib/samba/vfs/darwin_acls.so' loaded
[2006/08/22 11:32:04, 2] /SourceCache/samba/samba-92.20/samba/source/rpc server/srv_samr_nt.c:_samr_lookupdomain(2531)
Returning domain sid for domain [DOMAIN] -> S-1-5-21-457614760-3765950544-3595693477
[2006/08/22 11:32:04, 2] /SourceCache/samba/samba-92.20/samba/source/rpc server/srv_samr_nt.c:access_check_samrobject(93)
samr_opendomain: ACCESS DENIED (requested: 0x00000211)
[2006/08/22 11:32:04, 2] /SourceCache/samba/samba-92.20/samba/source/rpc server/srv_samr_nt.c:_samr_lookupdomain(2531)
Returning domain sid for domain [DOMAIN] -> S-1-5-21-457614760-3765950544-3595693477
[2006/08/22 11:32:04, 2] /SourceCache/samba/samba-92.20/samba/source/rpc server/srv_samr_nt.c:access_check_samrobject(93)
samr_openuser: ACCESS DENIED (requested: 0x000000b0)
[2006/08/22 11:32:04, 2] /SourceCache/samba/samba-92.20/samba/source/rpc server/srv_samr_nt.c:access_check_samrobject(93)
samr_openuser: ACCESS DENIED (requested: 0x00000090)
[2006/08/22 11:32:04, 2] /SourceCache/samba/samba-92.20/samba/source/smbd/server.c:exit_server(595)
Closing connections
where DOMAIN is my domain name and tmpadmin is a user account with all privileges.
I've been googling (oops, I'm not sure I can say that :-)) and reading all the documentation I could find, but without any luck.
What's strange is that when the server was installed I was able to add a lot of clients. Then I've probably done something wrong and now I'm getting into trouble. So, what have I been doing?
Editing /etc/smb.conf
* Adding the line: logon home = \\[FILESERVER]\%U
* Removing the line: #logon path = \\%N\profiles\%u
Adding a group mapping with the command net
net groupmap add ntgroup="Domain Admins" unixgroup="admin" type=domain
net groupmap cleanup
but also reverted back to default group mappings.
Reconfigured the Windows service by removing /var/samba and /etc/smb.conf. Didn't help.
Editing /etc/openldap/slapd.conf:
* Adding a schema from ldapuserdata ( a Squirrelmail plug-in) but has removed this schema now.
Are there other services/configuration files I have to look at?
Do you have ANY tips? This is starting to get urgent for me now!
Regards,
Lars-Gunnar Persson
xServe G5 Mac OS X (10.4.7)
"The following error occurred attempting to join the domain "[DOMAIN]":
Logon failure: unknown user name or password."
But I am able to log on to the server when accessing shares and printers. This error message only appears when joining the domain.
And on the Mac OS X 10.4.7 server I get the following in my log.smbd:
[2006/08/22 11:32:03, 2] /SourceCache/samba/samba-92.20/samba/source/auth/auth.c:check ntlmpassword(360)
check ntlmpassword: authentication for user [tmpadmin] -> [tmpadmin] -> [tmpadmin] succeeded
[2006/08/22 11:32:03, 2] /SourceCache/samba/samba-92.20/samba/source/lib/module.c:do smb_loadmodule(63)
Module '/usr/lib/samba/vfs/darwin_acls.so' loaded
[2006/08/22 11:32:04, 2] /SourceCache/samba/samba-92.20/samba/source/rpc server/srv_samr_nt.c:_samr_lookupdomain(2531)
Returning domain sid for domain [DOMAIN] -> S-1-5-21-457614760-3765950544-3595693477
[2006/08/22 11:32:04, 2] /SourceCache/samba/samba-92.20/samba/source/rpc server/srv_samr_nt.c:access_check_samrobject(93)
samr_opendomain: ACCESS DENIED (requested: 0x00000211)
[2006/08/22 11:32:04, 2] /SourceCache/samba/samba-92.20/samba/source/rpc server/srv_samr_nt.c:_samr_lookupdomain(2531)
Returning domain sid for domain [DOMAIN] -> S-1-5-21-457614760-3765950544-3595693477
[2006/08/22 11:32:04, 2] /SourceCache/samba/samba-92.20/samba/source/rpc server/srv_samr_nt.c:access_check_samrobject(93)
samr_openuser: ACCESS DENIED (requested: 0x000000b0)
[2006/08/22 11:32:04, 2] /SourceCache/samba/samba-92.20/samba/source/rpc server/srv_samr_nt.c:access_check_samrobject(93)
samr_openuser: ACCESS DENIED (requested: 0x00000090)
[2006/08/22 11:32:04, 2] /SourceCache/samba/samba-92.20/samba/source/smbd/server.c:exit_server(595)
Closing connections
where DOMAIN is my domain name and tmpadmin is a user account with all privileges.
I've been googling (oops, I'm not sure I can say that :-)) and reading all the documentation I could find, but without any luck.
What's strange is that when the server was installed I was able to add a lot of clients. Then I've probably done something wrong and now I'm getting into trouble. So, what have I been doing?
Editing /etc/smb.conf
* Adding the line: logon home = \\[FILESERVER]\%U
* Removing the line: #logon path = \\%N\profiles\%u
Adding a group mapping with the command net
net groupmap add ntgroup="Domain Admins" unixgroup="admin" type=domain
net groupmap cleanup
but also reverted back to default group mappings.
Reconfigured the Windows service by removing /var/samba and /etc/smb.conf. Didn't help.
Editing /etc/openldap/slapd.conf:
* Adding a schema from ldapuserdata ( a Squirrelmail plug-in) but has removed this schema now.
Are there other services/configuration files I have to look at?
Do you have ANY tips? This is starting to get urgent for me now!
Regards,
Lars-Gunnar Persson
xServe G5 Mac OS X (10.4.7)