Problems with server = domain SAMBA digest 1996

Lubin Wang at
Thu Feb 25 04:48:54 GMT 1999

>Date: Wed, 24 Feb 1999 15:27:19 +0100 (CET)
>From: "\"Johan Roos\"" <roos at>
>To: samba at
>Subject: Problems with server=domain
>Message-ID: <Pine.LNX.4.04.9902241526040.3422-100000 at>

>        workgroup = INFO
>        netbios name = RUT
>        security = DOMAIN
>        encrypt passwords = Yes
>        password server = ARCH BERMUDA
>Now the problems starts, when a user on an NT-machine on our network try
>access the shares on RUT he gets promted for password and username
>allthough it
>works fine on other servers getting their authentication through ARCH and
>BERMUDA. If I add a user on RUT with smbpasswd -a that user can access the
>shares but the smbclient then reports that the server is in user mode.
>Please help.

In your case, it seems to be that NT-login-name is not a domain user, and
NT client gets a prompt for ID/Password, it does not pass a correct
to ARCH .

Case 1:
    If you login NT client( which is a member of INFO) with domain user
    ---for example, roos--- and correct password, then you would not get
   any prompt for username/password.

Case 2:
   if you login NT client with a local user ID -- for example, johan who is
   a user of domain INFO--, when you access RUT, you will get that prompt
   for username/password. Then if you type in
              info\roos -- domain user name -- with its password
   ARCH will pass you, otherwise such as roos alone or johan as the
username, then
   the authentication will be failure and RUT will do its own authentication
   SAMBA password file( return to security = user).

I have a similar network structure except I do not set up a Samba password
file, I just use usernames map file to map domain users to UNIX users. I am
not so sure about the authentication algorithm, just from my experience, the
authentication way is like that
   when a client make the access to RUT, client will pass the
to ARCH via RUT, if it is the first time access to RUT, then the
will be your client-login-ones, if it is failure, then RUT will check its
own password
file(for NT server usually do authentication in encrypted mode, SAMBA will
check UNIX password file). if it is failure too, then you will get prompt
here your need to pass SID(?) but not RID(?).

I hope these will help to solve your problem


My problems

(a)Do someones know how to pass a SID to a domain PDC with Windows95/98
             workgroup = domain
              security = domain
             password server = PDC, BDC
     SAMBA 2.0.2 on Solaris 2.5, NIS++,  PDC is NT4.0 SP4.
    I have tried to mount a share on SAMBA server with
               drive: \\SAMBA-Server\share%domain\username
    but it did not work.

(b)Strange log ?

    From Windows95 with username fred who is a domain user and has a map to
    a Samba server, I did a mount as below
           drive: \\SAMBA-Server\andy%domain\andy
    where domain\andy is a domain user, and andy is a unix user. then I got
         connected to service andy as user fred.
                                       ~~~~            ~~~~
    in Samba logfile.
    but in fact the connection was to fred's unix home not andy's home!
    there was no any errors appeared.
    (home section in smb.conf is set as below
         path = /home/%u/PChome
         browseable = no

    Something was wrong?


Lubin at

More information about the samba mailing list