Hi there,

I'm currently experiencing intermittent logon issues with Ubuntu 7.04, when users log on using the Windows Domain account.

Just a bit of background: What we would like to do is have our Linux users’ logon to their machines using the same credentials as stored on our Windows Active Directory. This simplifies things for the Linux users as they then only have to remember one password, and also makes life easier for us, the administrators, since we can enforce password policy etc. We've successfully connected our Ubuntu Desktops to the domain using instructions I have found on the Ubuntu forums. The computer shows up on the Active Directory correctly, and I can perform a "wbinfo -u" and a "wbinfo -g" successfully from a shell on the desktop after it has been joined.

Now the problem is, once connected to the domain, a domain user sometimes can login and sometimes cannot. That is, at the Gnome logon screen, half the time a domain user can logon successfully, and the other half of the time they get a "incorrect username/password" error message even though the credentials are correct. If the user cannot logon, they have to reboot their machine constantly until the desktop allows them to logon. Typically this means they have to reboot once, since 50% of the time the desktop lets you logon, but sometimes they must reboot more than once.

Now, I've done a bit of troubleshooting to try work out the problem:
- When the user cannot logon, I drop out to a shell, logon as root, and perform a "wbinfo -u" and "wbinfo -g" and it successfully lists all the users and groups. I can also logon to that domain user by going "su - [domain user]", however, I still cannot logon as that user from the Gnome logon screen.
- From a clean install of Ubuntu 7.04 desktop, I get the same issue, so its not another program conflicting and causing the problem.
- I've tried on several different machines of the same or similar type (Intel 915/945 Motherboard), and the problem remains.
- The logs in /var/log/samba don't show anything. That is, there is no log information in any of the log.wb-* files, when the user can or cannot login.

It would be greatly appreciated if anyone could give me an idea as to why this is happening.

Thanks in advance.

Gene

Hey GeneNZ,

Please, if you can, post your smb.conf file. I seem to remember certain options in regards to nt_passwords that need to be set in smb.conf for things to work correctly with Windows AD. Obviously, linux crypt isn't the same as nt_passwd so there's some translation that has to happen. Also, please give us a little more detail on your Samba setup and how that ties in with the connection to your domain. It's been a while since I've had to set up any sort of Samba and Windows AD configuration, but my general impression last time was that they tend not to play very well together.

Thanks for the reply. I've been meaning to come back to linuxquestions.org to post a reply to indicate that I've sorted out the problem. It took alot of kicking but its working alot more reliably now. So thanks for reminding me. The fix for the problem is below:

Now here is my smb.conf file that was causing the problem:

The fixed Smb.conf file which stops the problem is here:
As you can see, the "password server" variable was originally set to * which must have confused the computer (and having vmware setup on the computer also doesn't help).

By setting this value to the actual domain server, i.e. domainserver.XXXXX.co.nz, fixed the problem.

Thanks for the reply, and I hope this post helps someone else.