[Date Prev][Date Next] [Chronological] [Thread] [Top]

Can join domain but cannot login



Good day!

I badly need your help.
I can join the domain using the root but after restart i cannot login anymore
My client is windows XP sp4.


The message was this:`

"The system cannot log you on to this domain because the system's computer account in its primary domain
is missing or the password on that account is incorrect."


i have already disable the following in Local Security Settings
1. Domain member: Digitally encrypt or sign secure channel data (always)
2. Domain member: Digitally encrypt secure channel data (when possible)
3. Domain member: Digitally sign secure channel data (when possible)
4. Domain member: Disable machine account password changes

I can add and delete user using smbldap-useradd  and smbldap-userdel
and also using webmin 1.41

Pls help me with this.

This is my config files:

#########################################
-rw-r--r--  1 root root  2715 Dec  1 18:15 smb.conf

[global]
idmap gid = 16777216-33554431
enable privileges = Yes
passwd program = /usr/local/sbin/smbldap-passwd %u
dns proxy = no
netbios name = smbldap
ldap passwd sync = yes
idmap uid = 16777216-33554431
default = global
dos charset = 850
local master = yes
workgroup = fcb.net
os level = 34
security = User
log level = 0
log file = /var/log/samba/log.%m
max log size = 500
socket options = TCP_NODELAY
domain master = yes
encrypt passwords = yes
winbind use default domain = no
keepalive = 10
template shell = /bin/false
netbios aliases = smbldap.fcb.net
password server = smbldap valid users = %U
domain logons = yes
encrypt passwords = yes
unix charset = ISO8859-1
password server = smbldap
# Samba-Ldap Declarations #
passdb backend = ldapsam:ldap://127.0.0.1/
ldap admin dn = cn=Manager,dc=fcb.net,dc=.
ldap suffix = dc=fcb.net,dc=.
ldap delete dn = yes
ldap ssl = on
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
add user script = /usr/local/sbin/smbldap-useradd -a "%u
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
add user to group script = /usr/local/smbldap-groupmod -m "%u" "%g"
add group script = /usr/local/sbin/smbldap-groupadd -p '%g'
set primary group script = /usr/local/sbin/smbldap-groupmod -g "%g" "%u"


delete user script = /usr/local/sbin/smbldap-userdel -r "%u"
delete group script = /usr/local/sbin/smbldap-groupdel '%g'
delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g"


[netlogon]
       comment = Domain Logon Service
       path = /home/netlogon
       browseable = No

[ISD]
       comment = Information Systems Division
       path = /home/isd
       valid users = @isd
       read only = No
       create mask = 0660
       directory mask = 0770

[profiles]
       path = /home/samba/profiles
       valid users = %U, "@Domain Admins"

##########################################
-rwxr-xr-x  1 ldap ldap 1010 Nov 28 16:29 slapd.conf

include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/samba.schema

allow bind_v2

pidfile         /usr/local/var/run/slapd.pid
argsfile        /usr/local/var/run/slapd.args

database        bdb
directory       /var/lib/ldap

suffix          "dc=fcb.net,dc=."
rootdn          "cn=Manager,dc=fcb.net,dc=."

index   objectClass,uidNumber,gidNumber                eq
index   cn,sn,uid,displayName                          eq,pres,sub
index   memberUid,mail,givenname                       eq,subinitial
index   sambaSID,sambaPrimaryGroupSID,sambaDomainName  eq

rootpw smbldap
access to attrs=userPassword,sambaLMPassword,sambaNTPassword,shadowLastChange
by dn.children="dc=fcb.net,dc=." write
by self write
by anonymous auth
by * none


access to *
       by dn.children="dc=fcb.net,dc=." write
       by * read

######################################
-rw-r--r--  1 ldap ldap  851 Dec  1 17:56 ldap.conf

#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

#BASE   dc=example, dc=com
#URI    ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT      12
#TIMELIMIT      15
#DEREF          never
host 127.0.0.1
base dc=fcb.net,dc=.


#inserted nov 24, 2008 #rootbinddn cn=Manager,dc=fcb.net,dc=.

rootbinddn cn=Manager,dc=fcb.net,dc=.

nss_base_passwd             dc=fcb.net,dc=.
nss_base_shadow            dc=fcb.net,dc=.
nss_base_group              dc=fcb.net,dc=.

#Security Options
ssl no
pam_passwd md5

bind_policy soft

TLS_CACERTDIR /etc/openldap/cacerts

########################################
-rw-r--r--  1 root root 1119 Nov 27 13:38 smbldap.conf

SID="S-1-5-21-2796061091-2530429657-3897351620"
sambaDomain="smbldap"
slaveLDAP="127.0.0.1"
slavePort="389"
masterLDAP="127.0.0.1"
masterPort="389"
ldapTLS="0"

#verify=""
#clientcert=""
#clientkey=""

suffix="dc=fcb.net,dc=."
usersdn="ou=User,dc=fcb.net,dc=."
computersdn="ou=Computers,dc=fcb.net,dc=."
groupsdn="ou=Groups,dc=fcb.net,dc=."
binddn="cn=Manager,dc=fcb.net,dc=."
bindpasswd="smbldap"

#idmapdn="fcb,${suffix}"
#sambaUnixIdPooldn="sambaDomainName=workgroup,${suffix}"

scope="sub"
hash_encrypt="SSHA"
crypt_salt_format=""
userLoginShell="/bin/bash"
userHome="/home/samba/users/%U"
userHomeDirectoryMode="700"
userGecos="System User"
defaultUserGid="513"
defaultComputerGid="515"
skeletonDir="/etc/skel"

userSmbHome="\\smbldap\home\samba\users\%U"
userProfile="\\smbldap\home\samba\profiles\%U"
userHomeDrive="H"
userScript="%U.bat"

with_smbpasswd="0"
smbpasswd="/usr/bin/smbpasswd"

with_slappasswd="0"
slappasswd="/usr/sbin/slappasswd"

#######################################
-rw-------  1 root root  428 Nov 25 18:34 smbldap_bind.conf

slaveDN="cn=Manager,dc=fcb.net,dc=."
slavePw="smbldap"
masterDN="cn=Manager,dc=fcb.net,dc=."
masterPw="smbldap"

###############################################
-rw-r--r--  1 root root 1658 Nov 29 15:14 /etc/nsswitch.conf

passwd:     files ldap
shadow:     files ldap
group:      files ldap

hosts:      files dns

bootparams: files
ethers:     files
netmasks:   files
networks:   files
protocols:  files ldap
rpc:        files
services:   files ldap
netgroup:   files ldap
publickey:  files
automount:  files ldap
aliases:    files


Thanks in advance!

Emil Sicad
Cebu Mitsumi Inc
Information Systems Division