2 domain auth prob using VPN and MS DNS/WINS

Paul Lantinga PLantinga at DIGITAL-REN.COM
Thu Feb 4 17:21:06 GMT 1999

Greetings all.  We've run into a rather nasty problem with samba and a dual
NT domain setup.  The two domains, domainX and domainY are connected via a
VPN as they sit behind two firewalls.  We're having problems with some users
on domainY authenticating to a samba2.0.0 server in domainX.  
The samba server is set to security = server and
password server = domainX-pdc and
encrypt passwords = yes
The machines in domainX are all statically entered into the WINS database on
the pdc for domainX and then pulled via the pdc WINS server of domainY.
This allows domainX and its machines to show up in the network neighborhood.

All of the NT domainX machines are in a DNS subdomain
developer.ourcompany.com.  The machines in the NT domainY are in the DNS
domain ourcomany.com.  The NT workstations in domainY get their addresses
via the ms DHCP server on the pdc for domainY.  That same DHCP server is
also running msDNS (and as mentioned above, WINS also.)  
So, an NT workstation in domainY that wants to get to the samba server in
domainX merely finds the samba server in explorer and clicks on the samba
server.  After a few seconds a dialog box pops up requesting a
username/password to make the connection.

Now, for most of our users and workstations in domainY, we enter the
user/passwd combo for them in domainX and the resources are available.
However, for a couple of users, when they enter the info, it fails.  Looking
at the security log on the pdc for domainX, I see the following:

More information about the samba mailing list