access for local machine NT user using security=domain

Christian Barth barth at
Wed Apr 11 06:13:10 GMT 2001

> I am using Samba 2.0.6 on SCO OS 5.0.5, using security=DOMAIN.  On one of
> the WinNT member servers, I  need to run some processes as administrator.
> Because I do not want to have the standard user for this system having
> network administrator privileges, I have set up the user on the local
> machine with administrator privileges,  ie the standard login on this server
> is user 'rs1user' on to domain 'ccsydrs1' (the machine name).   With this
> login, I can access shares on other WinNT servers, but not on any of the
> unix/samba servers.  The same username is set up on the network, as a normal
> user, and connects to the shares fine, I just can not run the processes.
> It is obvious from the log messages, below, why the samba connection is
> working the way it is.  My question is, does anyone know how to make samba
> work like WinNT, so that I can access the samba shares whilst logged on
> locally, rather than to the domain. 
> I have attached the relevant log messages, and my smb.conf
> Thanks
> Rick Day
> Senior Systems Engineer
> Clints Crazy Bargains/The Warehouse Group
> email: at
> [2001/04/11 12:36:11, 0] rpc_client/cli_netlogon.c:cli_net_sam_logon(392)
>   cli_net_sam_logon: NT_STATUS_NO_SUCH_USER
> [2001/04/11 12:36:11, 0] smbd/password.c:domain_client_validate(1431)
>   domain_client_validate: unable to validate password for user rs1user in
> domain CCSYDRS1 to Domain controller CCSYDFS2. Error was

Just my thoughts:

the local NT machine is ccsydrs1,
the domain controlers are ccsydfs2, ccsydfs1, ....
the local user is rs1user
the user on the domain controlers is rs1user
the password for the local user and the domain user rs1user are the 
the domain name ist TWA
the name of the samba server is ....(I'll call it samba),

Wenn connecting a network dirve in NT you get a dialog box, where you 
can chose:
the drive name
the network share
the user name
(pretty standard, just to make sure you don't go the network 
neighbourhood first)

I recommend to start playing with the user name supplied in this box. 
(I had to do it once to connect to local accounts on domain member 

If you connect to \\smaba\share without supplying a user name or with 
supplying rs1user, you supply ccsydrs1\rs1user, not only rs1user, not 
twa\rs1user as rs1user is logged in localy. Try what happens if you 
enter twa\rs1user, samba\rs1user or ccsydfs2\rs1user, compare the -W 
option of smbclient and syntax of the NT "net use" comand (net use 

Hope this points to the right direction


> [global]
>    workgroup = TWA
>    server string = CBA Live Server
>    log file = /usr/local/samba/log/log.%m
>    max log size = 5000
>    security = DOMAIN
>    password server = CCSYDFS2, CCSYDFS1, CCSYDMS1, CCMELFS2, CCBRIFS2,
>    encrypt passwords = yes
>    smb passwd file = /usr/local/samba/private/smbpasswd
>    socket options = TCP_NODELAY 
>    local master = No
>    dns proxy = no 
>    default case = lower
>    case sensitive = No
>    preserve case = Yes
>    short preserve case = No
>    deadtime = 15
>    oplocks = Yes
> [homes]
>    comment = Home Directories
>    browseable = no
>    writable = yes
> [vol]
>    comment = CBA Data share
>    path = /u/vol
>    writable = yes
>    printable = no

In a world without walls and fences, who needs windows and gates? (SUN)

More information about the samba-ntdom mailing list