last desperate plea for help with NetWkstaUserLogon

Tom Lieuallen toml at ENGR.ORST.EDU
Wed Apr 8 20:06:12 GMT 1998

I posted a message about a week ago concerning my ongoing battles
with NetWkstaUserLogon (aka networkstation user login).  I would
be very grateful for answers to ANY of my questions...

We have 1.9.18p4 on Solaris 2.6.  We are doing pass-through authentication
(security=server, password server = <NT PDC>).

It will allow administrators to login, map drives, etc. etc.  
However, non administrators are not allowed.  The response from 
the NetWkstaUserLogon is that non-administrators have been allowed,
but they have been given guest privileges.  Since guest access isn't
good enough, access is denied.

Does anyone have 'networkstation user login = yes' (the default for
1.9.18p3 and p4) working with a similar configuration (passing the 
authentication through to an NT server)?

Can anyone explain why this could be happening?  My guess is that
the NT server is seeing the request coming from the samba server,
not the NT client.  Since the samba machine is part of a workgroup
and not the NT domain, the NT server won't give anything more
than guest access except to these special account.  I'm stabbing
in the dark...

Can anyone explain the security risks involved with turning off this
authentication rule set?

I found a very thorough description of NetWkstaUserLogon, but 
unfortunately, the samba debuging information doesn't map directly to
the variables mentioned -- and I'm just not understanding the
samba source code.

I've traced our problem back to 1.9.17p4.  Previous versions (17p2)
worked fine.  The following is in the 17p4 release notes.

   4). Fix for security = server. Problem with previous workaround
   which caused machine logon restrictions on an NT server to fail.
   This code has been completely re-written.

If anyone can identify these login restrictions, I would be forever

Thank you.

Tom Lieuallen                                        Phone: 541.737.6784
Oregon State University                              Fax:   541.737.5545
College of Engineering                               Email: toml at
Network Research Assistant

More information about the samba mailing list