I think I've sufficiently searched this forum and other forums without finding anyone with my unigue issues. Honestly, I have no idea what these issues are, simply that they are driving me up a wall at the moment.

After a lot of tinkering and hair pulling, I've come to the following using winbind:

Mandrake 9.1
Samba 2.2.7a
2k3 Domain

~~~~~smb.conf~~~~~

[global]
workgroup = DOMAIN
netbios name = TestLinux
server string = Samba Server %v
security = domain
encrypt passwords = Yes
password server = TestPDC
log file = /var/log/samba/log.%m
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
character set = ISO8859-15
os level = 18
local master = No
dns proxy = No
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind separator = +
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%D/%U
template shell = /bin/bash
winbind use default domain = yes

~~~~~~~~~~
root# smbpasswd -j DOMAIN -r TestPDC -U Administrator
Error connecting to TestPDC - NT_STATUS_ACCESS_DENIED
Unable to join domain DOMAIN

root# ps -ae | grep winbindd
2441 ? 00:00:00 winbindd

root# rpm -qa | grep samba
samba-client-2.2.7a-8mdk
samba-winbind-2.2.7a-8mdk
samba-common-2.2.7a-8mdk
samba-server-2.2.7a-8mdk

root# wbinfo -u
Administrator
Guest
krbtgt
SUPPORT_388945a0
#Other Misc users as well

root# wbinfo -g
Domain Admins
Domain Users
Domain Guests
Domain Computers
Domain Controllers
Schema Admins
Enterprise Admins
Group Policy Creator Owners
DnsUpdateProxy

root# wbinfo -a Domain_User
plaintext password authentication failed
error code was NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc00000da)
Could not authenticate user Domain_User with plaintext password
challenge/response password authentication failed
error code was NT_STATUS_ACCESS_DOMAIN_INFO (0xc00000da)
Could not authenticate user Domain_User with challenge/response

root# wbinfo -p
'ping' to winbindd succeeded

root# wbinfo -t
Secret is bad
0xc00000e5

root# getent passwd
#Too much to type out, however it seems to display a list of users
#and their specific info for both my machine and for the domain.
#UIDs match what they should according to the specifications in smb.conf
#If specific lines are needed, I'll type it all/part out.

root# getent group
#Too much to type out, however it seems to display a list of groups
#and their specific info for both my machine and for the domain.
#GIDs match what they should according to the specifications in smb.conf
#If specific lines are needed, I'll type it all/part out.

~~~~~~~~~~

Tried:
root# cat /etc/passwd | /usr/bin/mksmbpasswd.sh > /etc/samba/smbpasswd
root# smbpasswd Test_User
New SMB password:
Retype new SMB password:
Password changed for Test_User.
Password changed for Test_User.

root# smbpasswd -j DOMAIN -r TestPDC -U Administrator
Error connecting to TestPDC - NT_STATUS_ACCESS_DENIED
Unable to join domain DOMAIN

Tried:
Removing "Encrypt Passwords = Yes" from smb.conf (as suggested in one forum).

root# smbpasswd -j DOMAIN -r TestPDC -U Administrator
ERROR: Must have both SECURITY = DOMAIN and ECRYPT PASSWORDS = YES!

Returned "Encrypt Passwords = Yes" to smb.conf

~~~~~~~~~~

Thanks in advance for all of your help.

Just tried:
Pre-adding TestLinux to the Computer List as a Pre-Win200 System in the "Active Directory Users and Computers"

root# smbpasswd -j DOMAIN -r TestPDC -U Administrator
Error connecting to TestPDC - NT_STATUS_ACCESS_DENIED
Unable to join domain DOMAIN

Removed TestLinux from the Computer List in the "Active Directory Users and Computers"

~~~~~~~~~~

Once again, thanks in advance for any help that you all may provide.

With what little response that I'm getting, I'm beginning to wonder if I've stumped the experts?

Course I'll give it a little more time to completely fade away.

i'v managed to have active directory users logon to my linux machine. what version of windows domains are you using?

Win2k3 (first post, line 8; also in Subject)

you have to turn off smb signing. i went through the same problem. you can disable it in group policies some where under the computer policy settings, there will be two setting right next to each other. i'm not at home right now so i can't give you the exact path but i'm 100% positive that this is the answer.

good luck and let me know how ti turned out. maybe you can help me with my problem. i can't get the users to run startx. i always get an error.

seriously try samba 3, I had a lot of unknown samba problems with a pre3 release. I upgraded and bam, everything worked.

i tried samba 3 and ran into the exact same problem. the problem lies in window security. since microsoft wants windows to be secure they have configured it to be this way. the problem with samba is that it emulates a pre-windows 2000 computer that needs netbios. microsoft is trying to due away with all operating systems that need it. so if smb signing is enabled on the post-windows DC, no 95/98/me/nt computer will be able to communicate effectively.

on the domain controller policy,

the path to disable smb signing is computer settings, security settings, local policies, security options. there should be two settings that look like : microsoft network server: digitally sign communications.

disable those and it will work.

Thanks for the reply ...

Maybe I'm not trying hard enough, but I cant seem to find where you're getting this path from. I've gone to my computer manager and can't find it. Control Panel, Network properties, etc ... can't find it. You're talking Win2k3, right?

Thanks for your help though. I seem to be stuck atm on where this is found, I'll keep digging around.

just one question: do you have a domain?
Cos kidd is talking about a DC with acive directory installed.

I found it:

Administrative Tools - Default Domain Controller Security Settings - Security Settings - Local Policies - Security Options ...

Thanks. Testing now ... Everything the same except:

root# smbpasswd -j DOMAIN -r TestPDC -U Administrator
When run by root:
smbpasswd [options] [username] [password]
otherwise:
smbpasswd [options] [password]

Version: 2.2.7a
options:
(Menu ... no need to post)

The thing that bother me is:

root# wbinfo -t
Secret is bad
0xc00000e5

root# wbinfo -u
Administrator
Guest
krbtgt
SUPPORT_388945a0
#Other Misc users as well

SHOULD BE:
DOMAIN/User

root# wbinfo -g
Domain Admins
Domain Users
Domain Guests
Domain Computers
Domain Controllers
Schema Admins
Enterprise Admins
Group Policy Creator Owners
DnsUpdateProxy

SHOULD BE:
DOMAIN/Group

Am I correct in assuming these are problems?

Yes, I rebooted ...
Next step is to start over using Samba3 and possibly Mandrake 9.2

I'm lost at the moment, any more suggestions?
Am I possibly logging into the domain wrong?
How do I log into the domain? (Make sure I'm doing it right)

Thanks again for all your help.
Thanks in advance for all your help.

Hello,

I have no chance to change the Win2000 AD settings (smb signing). We have to live with them.

Is there a other way to get access?

Its FreeBSD 4.9 with samba 3.0.3 pre2 and MIT kerberos


Thanks for help