NTWS, password=domain, and account=workstation not domain

Bill Brandt brandtwr-samba at draaw.net
Fri Oct 29 12:33:23 GMT 1999

I have a need to move between multiple domains which do not share userlists.  In
order to do this, I've found it's best to have accounts in both domains with the
same userid/passwd combination but to log into the workstation with an account
that matches those.


bill at WORKSTATION password
bill at DOMAIN1 password
bill at DOMAIN2 password

When you do this with NT servers involved, the user will automatically attempt
to logon as bill at WORKSTATION when talking to something in DOMAIN1.  When
rejected, it will say... Okay try bill at DOMAIN1 with the cached password for
bill at WORKSTATION.  This works fine in samba if you run password=server and
encrypt passwords=off.  However, with the encryption off, the password
authentication time is around 10 or more seconds.  I assume it's trying
encrypted passwords first.  Since multiple clients Win95 and NTWS use the two
domains, I don't want to play with setting everyone to non-encrypted passwords.

So... that's the background... here's the problem.  I created a domain account
and used smbpasswd to add a samba server to DOMAIN1 (will be adding two to
DOMAIN2 at a later time).  I set password=domain and encrypt passwords=on.  The
clients which are logging on as joe at DOMAIN1 connect almost instantly; however,
the client logging on as bill at WORKSTATION never gets a connect.  It gets
prompted to supply user and password and none of the combinations work (bill
password, domain1\bill password, domain1/bill password, etc.).  Has anyone delt
with this issue before?  Is there a parameter to fix it?  For now, I've created
a bill account in smbpasswd for the samba machine; however, now I'm looking at
having 6 places to keep passwords in sync instead of 3.

Any ideas?


More information about the samba-ntdom mailing list