[Fwd: Authentication problem with Windows 2000 User Domain]

Ray Frush ray_frush at agilent.com
Tue Apr 25 19:59:38 GMT 2000



-------- Original Message --------
Subject: Authentication problem with Windows 2000 User Domain
Date: Tue, 25 Apr 2000 13:43:14 -0600
From: Ray Frush <ray_frush at agilent.com>
Reply-To: ray_frush at agilent.com
Organization: GIO Consumer and Site Servcies; Agilent Technologies
To: samba-bugs at samba.org



I have a couple of Samba (2.0.6/2.0.3) servers running on Linux and
HP-UX which are having a problem with a new account domain.  The servers
are running in "security = domain" mode.

Our environment has multiple Account Domains, and hundreds of Resource
Domains.  The new Account Domain is being implemented with Windows 2000
servers in "NT Domain Emulation Mode" so that the remaining resource
domains (running NT 4.0) think they're looking at an NT 4.0 Account
domain.

The new (W2K) Account Domain accounts are clones of accounts in the old
domain, and the new accounts have "SID History" enabled which means the
new accounts have both the new and old SID from each domain.

The authentication to the old (NT 4.0) Account domains is still working
fine.

Here's a section of the samba log file generated for the client
connection...

[2000/04/24 18:30:51, 0] rpc_client/cli_pipe.c:rpc_read(89)
  rpc_read: Error 234 in cli_read
[2000/04/24 18:30:51, 0] smbd/password.c:domain_client_validate(1431)
  domain_client_validate: unable to validate password for user frush in
domain USERDOM2 to Domain controller *. Error was ERRDOS - ERRmoredata
(There is more data to be returned.).
[2000/04/24 18:30:51, 0] passdb/smbpass.c:startsmbfilepwent(50)


So, this tells me that Windows 2000 is trying to say more than Samba is
willing to listen to.

I also just tried 2.0.7pre4, with very similar results:

[2000/04/25 13:34:30, 0] rpc_client/cli_pipe.c:rpc_read(89)
  rpc_read: Error 234 in cli_read
[2000/04/25 13:34:30, 0] smbd/password.c:domain_client_validate(1470)
  domain_client_validate: unable to validate password for user frush in domain
USERDOM2 to Domain controller *. Error was ERRDOS - ERRmoredata (There is more
data to be returned.).


Thoughts from the developers on this one will be greatly appreciated.


More information about the samba-ntdom mailing list