Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: No logon with smb / AD users (10.4.9 update?)


Am 15.03.2007 um 11:53 schrieb David Colville:


On 15/03/2007, at 9:25 PM, Tina Siegenthaler wrote:

Hi list

Yesterday, I did the 10.4.9 update on my servers, and now I can no longer login with smb on one of them. This server is bound to an AD server, and we had to tweak smb.conf a little to make it work, in particular, it was necessary to uncomment this line: "auth methods = guest opendirectory" and to run "sudo dsconfigad - enableSSO", but since then, it has worked fine (about a year now). Now, as I said, I did the update yesterday, and since then, I can no longer log on.
Error message was first
"check_ntlm_password: Authentication for user [nid0475] -> [nid0475] FAILED with error NT_STATUS_NO_LOGON_SERVERS"
for AD users and for users of the local NIDB. "id <some_AD_user>" gives back uids and guids, so the binding to the AD server is still OK.

I tried de-uncommenting "auth methods", thinking maybe this was fixed, and could then at least log on with local users, but the AD users still don't work. I get the well-known error

NT_STATUS_WRONG_PASSWORD.... as I always did when "auth methods" wasn't uncommented.

I stopped and restarted Windows services, ran dsconfigad again, but to no avail. I unbound and rebound the server to the AD server - dito. I'm now always getting "NT_STATUS_WRONG_PASSWORD" when I try to log on with an AD user, not matter if "auth methods" is uncommented or not.

Anyone else having problems with smb in 10.4.9? I'm not absolutely sure that this is caused by 10.4.9, but it is the only thing that changed yesterday afternoon, and yesterday morning, it was still working.


Thanks, Tina



Tina,
Maybe you'd like to post the content of your smb.conf and we can have a look at it? 


Sure - here it is:

[global]
        encrypt passwords = yes
        log level = 2
        display charset = UTF-8-MAC
        security = ads
        deadtime = 5
        guest account = unknown
        client ntlmv2 auth = no
        preferred master = no
        defer sharing violations = no
        winbind separator = +
        allow trusted domains = no
        netbios name = zhs1
        lanman auth = YES
        vfs objects = darwin_acls
        wins support = no
        brlm = yes
        max smbd processes = 0
        server string = Mac OS X
        os level = 8
        domain logons = no
        passdb backend = opendirectorysam guest
        dos charset = CP437
        realm = ZOOL.D.UNIZH.CH
        unix charset = UTF-8-MAC
;       auth methods = guest opendirectory
        local master = no
        domain master = no
        map to guest = Never
        use spnego = yes
        printer admin = @admin, @staff
        ntlm auth = YES
        workgroup = ZOOL


It's the same as it was before the update when it worked fine...

Tina


_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden

This email sent to email@hidden
References: 
 >No logon with smb / AD users (10.4.9 update?) (From: Tina Siegenthaler <email@hidden>)



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.