programming question: authenticating to a domain controller

Luke Kenneth Casson Leighton lkcl at
Thu Apr 2 21:38:57 GMT 1998

yes it does work.

you must first do the sub-command lsaquery, followed by the nltest (or
ntlogin) command.

you do not need DES libraries; you will need (in the BRANCH_NTDOM version,
which you say you are using).

use a samba BRANCH_NTDOM server with debug level 20 to 30, because you
will get nice pretty output in the log.smb file :-)  alternatively, use
NETMON on the nt server.


On Fri, 3 Apr 1998, Jens B. Jorgensen wrote:

> Folks,
> I'd like to add authentication into my program and I want to
> authenticate users to an NT domain controller. I used CVS to get the
> latest domain branch of the samba codebase and found that smbclient has
> an 'ntlogin' command. I figured if this works I could cut and paste code
> into my program. However, this code doesn't work. That is to say,
> ntlogin fails to log in. First I needed to add the computer to the
> domain, which I did. Even then I got back a wrong user or password
> status, ie 'NET_SAMLOGON: NT_STATUS_WRONG_PASSWORD'. I tried compiling
> with RC4 support (linked against ssleay libs, generated my own 'arcfour'
> functions), without, and with DES support (which didn't compile for lack
> of a des_encrypt8 function which I couldn't see how to do even using the
> ssl des libs). Is this code supposed to work? As a side note, I'm
> authenticating to an NT4.0 server machine and although I have enabled
> the logging of auth failures (and tested, they do indeed generate
> events) I *never* get a message in the event log about the login
> failure.
> --
> Jens B. Jorgensen
> jjorgens at

<a href="mailto:lkcl at" > Luke Kenneth Casson Leighton  </a>
<a href=""> Samba and Network Development </a>
<a href=""       > Samba and Network Consultancy </a>

More information about the samba-ntdom mailing list