Samba & XP Pro PDC Access Denied

[artfulbodger]

Help!

I am slowly making my way through setting up a Linux 9 Server with Samba 3.0.10 as a PDC for a small office (5 computers). I know, seems like a big project for a small office, but I have "sales people" logging into this server and I NEED to authenticate these guys and ensure they are not roaming where they don't belong.

Anyway.... Samba is working. I can see and access shares (read/write) from XP to Linux and vice versa. However, when I try to log in to the Domain, it gives me the message "Access Denied."

I have created a user and added it to smbpasswd
I also created the machine and added it to smbpasswd
(Can you tell I have been reading these forums?)

Everything seems to be in place, but I just don't know what I am missing at this point. Any help or a point in a direction would be great!

My smb.conf file is as follows:

# Global parameters
[global]
workgroup = STSI-NET
server string = %n --- SambaServer %v
log level = 2
log file = /var/log/samba/%m.log
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
domain logons = Yes
os level = 64
preferred master = Yes
domain master = Yes

[homes]
comment = Home Directories
read only = No
browseable = No

[netlogon]
path = /home/netlogon
write list = @admins
guest ok = Yes

[profiles]
path = /home/profiles
read only = No
guest ok = Yes
profile acls = Yes
browseable = No

 

[ned209]

Run some debugging output to give you an idea of where samba is failing. To turn up the output you can run this:

smbcontrol smbd debug 2

or you can put a log level = 2 line in the smb.conf and reload the config.

Then tail the log, on my deb box the log is /var/log/samba/log.smbd, could be similar on RH 9, I dunno.

you should get a pile of debugging info, look for errors and google any lines you think could be the culprit, that will give you more to work with.

I've never setup samba as a PDC, all my experiences have been trying to shoehorn samba into a AD or NT4.0 domain.

hope that helps,

--ned

 

[artfulbodger]

Ok... my logs are below. From what I can understand, the user "allan_reed" is being authenticated properly. Ok. That works. Next, I see this line:

"rpc_server/srv_samr_nt.c:access_check_samr_function(115)
_samr_create_user: ACCESS DENIED (granted: 0x00000201; required: 0x00000010)"

Does this mean that my SAM user database is wrong in some way? Did I miss a step in my configuration?

Again, thanks in advance.


[2005/01/21 09:08:47, 2] smbd/sesssetup.c:setup_new_vc_session(608)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2005/01/21 09:08:47, 2] auth/auth.c:check_ntlm_password(305)
check_ntlm_password: authentication for user [allan_reed] -> [allan_reed] -> [allan_reed] succeeded
[2005/01/21 09:08:48, 2] smbd/sesssetup.c:setup_new_vc_session(608)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2005/01/21 09:08:48, 2] smbd/sesssetup.c:setup_new_vc_session(608)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2005/01/21 09:08:48, 2] auth/auth.c:check_ntlm_password(305)
check_ntlm_password: authentication for user [allan_reed] -> [allan_reed] -> [allan_reed] succeeded
[2005/01/21 09:08:48, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
Returning domain sid for domain STSI-NET -> S-1-5-21-1237284537-1646074261-241649853
[2005/01/21 09:08:48, 2] rpc_server/srv_samr_nt.c:access_check_samr_object(93)
_samr_open_domain: ACCESS DENIED (requested: 0x00000211)
[2005/01/21 09:08:48, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
Returning domain sid for domain STSI-NET -> S-1-5-21-1237284537-1646074261-241649853
[2005/01/21 09:08:48, 2] rpc_server/srv_samr_nt.c:access_check_samr_function(115)
_samr_create_user: ACCESS DENIED (granted: 0x00000201; required: 0x00000010)
[2005/01/21 09:10:48, 2] smbd/process.c:timeout_processing(1370)
Closing idle connection
[2005/01/21 09:10:48, 2] smbd/server.c:exit_server(571)
Closing connections