[Samba] clients that are not a part of the domain cannot authenticate
Wolfgang Riedmann
wolfgang at riedmann.it
Thu Aug 13 11:08:00 MDT 2009
Hi,
unfortunately I wasn't able to solve this probelm. I have tried to use the 3.3.7 release from
Sernet, but the problem remained.
It seems that something has been changed between the 3.0 and the 3.2 release when using
workgroup = domain and authenticating users on machines that are not within the domain.
Now, as workaround I have changed the line in the kixtart login script to use the username
prefixed with the domain to log in, so at least the users can work.
Wolfgang
> I have asked that last week with a little different subject, but the problem remains.
>
> When connecting with a Windows machine (not part of the domain) to the Samba server, the
> client is not authenticating, even when the user exists in the domain.
>
> Domain master is a Windows 2003 SBS machine, the Samba server is a Debian Lenny
> machine.
> The problem is occurring with Samba 3.2.13, with Samba 3.0.24 and the same configuration
> it works. Unfortunately after the upgrade from Etch to Lenny (Etch has Samba 3.0.24, Lenny
> 3.2.13) Samba presented this problem.
>
> In the log file I can find this error message:
>
> domain_client_validate: unable to validate password for user wolfgang in domain
> LIFEBOOKWR to Domain controller PDCALPI01. Error was
> NT_STATUS_NO_SUCH_USER.
>
> And this is the global part of the configuration:
>
> [global]
> workgroup = alpi
> server string = lxarchiv
> wins server = 192.168.1.1
> dns proxy = no
> log file = /var/log/samba/log.%m
> max log size = 1000
> syslog = 0
> panic action = /usr/share/samba/panic-action %d
> security = domain
> encrypt passwords = true
> passdb backend = tdbsam
> obey pam restrictions = yes
> invalid users = root
> passwd program = /usr/bin/passwd %u
> passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:*
> %n\n *password\supdated\ssuccessfully* .
> add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u --gid 1001
> printing = bsd
> printcap name = /etc/printcap
> socket options = TCP_NODELAY
> domain master = auto
>
>
> Thank you in advance for any help!
>
> Wolfgang
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
--
-- Wolfgang Riedmann
-- Individuelle EDV-Lösungen - Soluzioni informatiche personalizzate
-- I-39012 Meran, Postgranz 16b
-- Telefon +39 0473 201 239
-- http://www.riedmann.it - wolfgang at riedmann.it
More information about the samba
mailing list