bug? Samba ADS member server does _not_ accept userid/pw but only
becks at itereu.de
Wed Feb 4 07:56:28 GMT 2004
sorry for reposting this, but there has been no reply so far. And I
still think there is a bug:
samba ads member server does _NOT_ accept userid/pw but only kerberos auth.
win2k server accept both ...
I set up samba 3.0.2rc2 (also tried 3.0.1 which had other problems) on
Debian sid as an ADS member server:
- joining the domain works flawlessly
- browsing the samba server via 'smbclient -k -L //samba' works flawlessly
- browsing the samba server via 'smbclient -L //samba -U user%pw' fails
with 'session setup failed: NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE'
- browsing an Win2k member server via 'smbclient -L //win2k -U user%pw'
Any sugesstions/hints on this from the samba gurus ?
More debug info is available if required.
btw. there is an interessting little thing:
samba client and samba server negotiated as smb dialect: 'Samba'
according to http://www.ubiqx.org/cifs/SMB.html#SMB.6 this is not used
samba client and win2k negotiated as smb dialect: 'NT LANMAN 1.0'
(as expected I would say).
workgroup = ITER
realm = ITEREU.DE
server string = %h server (Samba %v)
security = ADS
password server = x.x.x.x y.y.y.y
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
server signing = auto
deadtime = 15
keepalive = 0
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE
load printers = No
lm announce = No
preferred master = No
local master = No
domain master = No
dns proxy = No
wins server = x.x.x.x, y.y.y.y
ldap ssl = no
utmp = Yes
panic action = /usr/share/samba/panic-action %d
invalid users = root
hide special files = Yes
delete veto files = Yes
veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/
map archive = No
More information about the samba-technical