Zoran Pucar Zoran.Pucar at era.ericsson.se
Wed Dec 5 04:12:07 GMT 2001

Hi all!

I wonder what this problem may depend on.
I got 3 servers running solaris 8 and samba 2.2.2. One, in this case
ZDLFILES is configured to be a PDC for domain OSSFLU. Following is
smb.conf on this machine. 
        workgroup = OSSFLU
        security = user #I even tried server och domain with same result
        encrypt passwords = Yes
        os level = 128
        preferred master = True
        domain master = True
        domain logons = yes
        add user script = /usr/sbin/useradd -g machines -d /dev/null -s
/bin/false -c Machine %m$
        log file = /usr/local/samba/var/log.%m
        log level = 4
        max log size = 50

Rest of the machines ie. lager and zdlcomp2 are clients. Their smb.conf
        workgroup = OSSFLU
        security = DOMAIN
        encrypt passwords = Yes
        password server = zdlfiles
        log file = /usr/local/samba/var/log.%m
        log level = 4
        max log size = 50
....shares and stuff...

I have joined OSSFLU domain on both zdlcomp2 and lager with.

smbpasswd -jOSSFLU -rZDLFILES -Uroot 

and i got the message that everything was successfull. However when I
try to access zdlcomp2 from lager as user ezoranp, this user exists on
all 3 servers with same group and uid (in fact zdlfiles is nis server of
all machines), it fails complaining about bad user/password. 

log.lager on zdlcomp2 says following.

  cli_net_req_chal: LSA Request Challenge from ZDLFILES to ZDLCOMP2:
[2001/12/05 10:43:18, 4] libsmb/credentials.c:cred_session_key(64)
[2001/12/05 10:43:18, 4] libsmb/credentials.c:cred_create(95)
[2001/12/05 10:43:18, 4] rpc_client/cli_netlogon.c:cli_net_auth2(134)
  cli_net_auth2: srv:\\ZDLFILES acct:ZDLCOMP2$ sc:2 mc: ZDLCOMP2 chal
957EC33D2FF3FBDB neg: 1ff
[2001/12/05 10:43:18, 0] rpc_client/cli_netlogon.c:cli_net_auth2(160)
  cli_net_auth2: Error NT_STATUS_ACCESS_DENIED
[2001/12/05 10:43:18, 0] rpc_client/cli_login.c:cli_nt_setup_creds(72)
  cli_nt_setup_creds: auth2 challenge failed
[2001/12/05 10:43:18, 0]
  connect_to_domain_password_server: unable to setup the PDC credentials
to machine ZDLFILES. Error was : NT_STATUS_A
[2001/12/05 10:43:18, 0] smbd/password.c:domain_client_validate(1591)
  domain_client_validate: Domain password server not available.

If I set security = server on clients (zdlcomp2 and lager) everything
seams to be working just fine, however I would like to optimize access
by using domain security.


Zoran Pucar

More information about the samba-ntdom mailing list