Is it a bug? Is it a feature? Samba 2.2.6-pre vs. Samba 3.0.alpha

Bogdan Iamandei bogdan at
Sun Aug 11 22:02:00 GMT 2002


	I thought about asking this question on the list, since it
seems to me that it more of a bug rather than a feature.


	I've got a Samba server that acts as PDC for say domain A.
Authentication is done via Kerberos5. However, for some reason, the
W2K/XP orc-stations refuse to play nice with the shares, hence the
next server.

	The other Samba server authenticates to a MS-AD in domain B. This way, 
the W2K/XP clients can get their shares nicely.


	Case "Samba 3.0"
	Win9x clients still pertaining to the domain A will authenticate to the 
Samba PDC but will mount the shares from the second Samba server. The 
W2K/XP clients are already in domain B so they have no problem whatsoever.

	Case "Samba 2.2.6"
	Replacing the Samba 3.0 ( the one that does MS-AD in domain B)
with Samba 2.2.6-pre I get the W2K/XP authentication allright, but the
W9X will fail. Apparently Samba 2.2.6 passes on to the MS-AD the domain
name as well, along with the username and password.

Here is the error message I am receiving:

2002/08/12 11:32:31, 0] smbd/password.c:domain_client_validate(1605)
domain_client_validate: unable to validate password for user <USERNAME> 
in domain <DOMAIN_A> to Domain controller <MS-AD>. Error was 

	As far as I know, users from one domain can use resources from a 
different domain as long as 1).there is no trust relationship in between 
the domains and 2).the user has the same username and password in both 

	My question is: why is Samba 2.2.6 different? it seems to me that when it 
goes for authentication to the MS-AD server it basically asks for 
\DOMAIN_NAME\USERNAME:PASSWORD and of course - the authentication server 
will say "bugger off - I don't know anything about your 


