<div id="mb_0"> Hi,Since September 2006, I've been using a samba PDC (3.0.20) with tdbsam, to authenticate the users of a school network (90 XP boxes). All the users are able to log in the network from XP boxes. Recently, I've installed a samba client (K12LTSP) in the domain, but, I' ve a problem getting linux client to authenticate against the Samba PDC. After setup all the config files (smb.conf, nsswitch, system-auth/pam amd pam_mount.conf) and start all services, I can't log in. The error message is "Account disabled by the administrator". This happen with all accounts. When I try to logon into the linux client machine with a username and password stored in samba I get the following in /var/log/messages: ==> messages <== Jan 31 17:41:38 ltspserver1 nmbd[2954]: Jan 31 17:41:38 ltspserver1 nmbd[2954]: ***** Jan 31 17:42:29 ltspserver1 pam_winbind[3455]: user 'p1012' OK Jan 31 17:42:29 ltspserver1 pam_winbind[3455]: user 'p1012' granted access Jan 31 17:42:29 ltspserver1 gdm[3740]: session_child_run: Utilizador não autorizado a iniciar sessão Jan 31 17:59:44 ltspserver1 restorecond: Reset file context /etc/mtab: system_u:object_r:etc_t:s0->system_u:object_r:etc_runtime_t:s0 Jan 31 18:00:18 ltspserver1 pam_winbind[3832]: user 'p1012' OK Jan 31 18:00:18 ltspserver1 pam_winbind[3832]: user 'p1012' granted access Jan 31 18:00:18 ltspserver1 gdm[3846]: session_child_run: Utilizador não autorizado a iniciar sessão Jan 31 18:08:28 ws253.ltsp -- MARK -- TRANSLATION of "Utilizador não autorizado a iniciar sessão": User not allowed to start session In Samba PDC the command pdbedit -Lv p1012, prints: Unix username: p1012 NT username: Account Flags: [UX ] User SID: S-1-5-21-3881466999-1126814743-3210567677-7692 Primary Group SID: S-1-5-21-3881466999-1126814743-3210567677-2113 Full Name: Carlos Carvalho Home Directory: \\servlinux\p1012 HomeDir Drive: X: Logon Script: logon.bat Profile Path: Domain: ESCOLA Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Tue, 19 Jan 2038 03:14:07 GMT Kickoff time: Tue, 19 Jan 2038 03:14:07 GMT Password last set: Thu, 04 Jan 2007 18:00:11 GMT Password can change: Thu, 04 Jan 2007 18:00:11 GMT Password must change: Tue, 19 Jan 2038 03:14:07 GMT Last bad password : 0 Bad password count : 0 Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF All the following commands succeeded: wbinfo -u wbinfo -g wbinfo -t getent passwd My config files are: SMB.CONF (SAMBA PDC): [global] unix charset = iso8859-1 display charset = cp850 workgroup = ESCOLA server string = Samba Server passdb backend = tdbsam passwd chat = *new*password* %n\n re-enter*new*password* %n\n password*changed* username map = /etc/samba/smbusers log level = 2 auth syslog = 0 log file = /var/log/samba/%m.log max log size = 50 name resolve order = wins bcast hosts time server = Yes printcap name = cups show add printer wizard = No add user script = /usr/sbin/useradd -m %u delete user script = /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupdel %g add user to group script = /usr/sbin/usermod -G %g %u add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody %u logon script = logon.bat logon path = logon drive = X: domain logons = Yes os level = 65 preferred master = Yes domain master = Yes wins support = Yes ldap ssl = no idmap uid = 10000-20000 idmap gid = 10000-20000 admin users = root veto oplock files = /*.doc/*.xls/*.mdb/ [homes] comment = Home Directories - %p valid users = %S read only = No browseable = No [printers] comment = SMB Print Spool path = /var/spool/samba guest ok = Yes printable = Yes use client driver = Yes browseable = No [netlogon] comment = Network Logon Service path = /home/netlogon/%u read only = No browseable = No [software] comment = Instalacao de SW path = /apps/programas create mode = 770 directory mode = 770 valid users = root @ti admin users = p650 p1012 p894 writeable = yes browseable = no [professores] comment = Ficheiros para professores path = /apps/professores create mode = 770 directory mode = 770 valid users = root @professores admin users = p650 p1012 p894 writeable = yes browseable = no [administracao] comment = Programas de Gestao path = /apps/administracao create mode = 775 directory mode = 775 valid users = root @professores @t1213 admin users = p894 p774 p140 writeable = yes browseable = no [software_livre] comment = Software Livre path = /dados/livre create mode = 777 directory mode = 777 valid users = root @professores @alunos @formacao admin users = p1012 p755 p650 p894 writeable = yes browseable = yes SMB.CONF (LINUX CLIENT): [global] workgroup = ESCOLA security = domain log file = /var/log/samba/%m.log max log size = 50 wins server = <a href="http://192.168.1.10/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">192.168.1.10</a> password server = <a href="http://192.168.1.10/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">192.168.1.10</a> idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 winbind enum users = yes winbind enum groups = yes template shell = /bin/false winbind use default domain = yes [homes] comment = Home Directories browseable = no writable = yes [printers] comment = All Printers path = /usr/spool/samba browseable = no SYSTEM-AUTH (LINUX CLIENT): #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth required pam_mount.so auth sufficient pam_unix.so nullok try_first_pass auth sufficient pam_smb_auth.so use_first_pass nolocal auth sufficient pam_winbind.so use_first_pass auth required pam_deny.so account required pam_unix.so broken_shadow account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account [default=bad success=ok user_unknown=ignore] pam_winbind.so account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok password sufficient pam_winbind.so use_authtok password required pam_deny.so session optional pam_mkhomedir.so skel=/etc/skel umask 0022 session optional pam_mount.so use_first_pass session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so PAM_MOUNT (LINUX CLIENT): debug 0 mkmountpoint 1 fsckloop /dev/loop7 options_allow nosuid,nodev,loop,encryption options_require nosuid,nodev lsof /usr/sbin/lsof %(MNTPT) fsck /sbin/fsck -p %(FSCKTARGET) losetup /sbin/losetup -p0 "%(before=\"-e \" CIPHER)" "%(before=\"-k \" KEYBITS)" %(FSCKLOOP) %(VOLUME) unlosetup /sbin/losetup -d %(FSCKLOOP) cifsmount /bin/mount -t cifs //%(SERVER)/%(VOLUME) %(MNTPT) -o "username=%(USER)%(before=\",\" OPTIONS)" smbmount /bin/mount -t smbfs //%(SERVER)/%(VOLUME) %(MNTPT) -o "username=%(USER)%(before=\",\" OPTIONS)" ncpmount /bin/mount -t ncpfs %(SERVER)/%(USER) %(MNTPT) -o "pass-fd=0,volume=%(VOLUME)%(before=\",\" OPTIONS)" umount /bin/umount %(MNTPT) lclmount /bin/mount -p0 %(VOLUME) %(MNTPT) "%(before=\"-o \" OPTIONS)" cryptmount /bin/mount -t crypt "%(before=\"-o \" OPTIONS)" %(VOLUME) %(MNTPT) nfsmount /bin/mount %(SERVER):%(VOLUME) "%(MNTPT)%(before=\"-o \" OPTIONS)" mntagain /bin/mount --bind %(PREVMNTPT) %(MNTPT) mntcheck /bin/mount # For BSD's (don't have /etc/mtab) pmvarrun /usr/sbin/pmvarrun -u %(USER) -d -o %(OPERATION) volume * smb <a href="http://192.168.1.10/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">192.168.1.10</a> & /home/&/online uid=&,dmask=0570 - - I've tested with k12ltsp 5.0/k12ltsp 6.0 and Samba 3.0.23c/Samba 3.0.23d without success. Before testing, I installed all the updates availables. Almost everything is working well and the system is able to create the users home directories with pam_mkhomedir.so skel=/etc/skel umask 0022. I tried the commands <<smbpasswd -e p1012>> and <<pdbedit -r -c "[X ] p1012>> without success. Meanwhile, I joined with success, a linux client Fedora core 4. I need an easy way to deploy terminals, so, could you help me to find correct way to solve my problem? Thank You, Carlos Carvalho </div>