Unable to authenticate user from trusted domain
MCCALL,DON (HP-USA,ex1)
don_mccall at hp.com
Wed Dec 13 14:31:07 GMT 2000
Hi David,
any chance you could send me privately a level 10 log file for the client
that is having this problem? I notice that instead of specifying "*" for
your password server, you are giving a list of DC's - is the PDC of your HR
domain the first one in the list (ie, is DRIZZLE the PDC for your HR
domain)? I have some interest in this behavior, and would like to look at
what's being sent over from Samba to the DC, and which DC is answering, etc.
You would need to change your log file entry to be "log file =
/var/log/samba/log.%m" and only send the log file for the
log.<machinename=the failing clients netbios name>...
you can reply to don_mccall at hp.com.
Thanks,
Don
-----Original Message-----
From: David Evans-Roberts [mailto:daveer at hrwallingford.co.uk]
Sent: Wednesday, December 13, 2000 8:51 AM
To: 'samba at lists.samba.org'
Subject: Unable to authenticate user from trusted domain
Purely for file serving we are running Samba 2.0.7 under Solaris 2.6. NIS+
is the name service on Solaris. We have an NT PDC and 3 NT BDC s in our
domain. A user in a trusted domain needs to access some files on the
server. Under Samba we are set up for domain authentication. Users in our
domain have no problems, but when the user from the trusted domain tries to
access a file it asks for a username and password. Supplying his username
and NT password fails. We use username mapping for some users in the HR
domain, but this user has the same username in NT and Unix. Is this a
limitation of Samba or this there a way around this. My smb.conf file is
shown below:
# Samba config file created using SWAT
# from dhcp262 (192.9.203.8)
# Date: 2000/11/24 17:42:39
# Global parameters
[global]
workgroup = HR
security = DOMAIN
encrypt passwords = Yes
password server = DRIZZLE HAIL SNOW SUPERIOR
username map = /etc/samba/usermap.txt
log file = /var/log/samba
socket options = TCP_NODELAY IPTOS_LOWDELAY
load printers = No
os level = 0
dns proxy = No
admin users = djer iwp ahs
create mask = 0664
directory mask = 0775
[archive]
comment = The Archive
path = /sandford/archive
admin users = Administrator djer iwp ahs
writeable = Yes
[Projects]
comment = Projects Folder
path = /software/Projects
write list = @comp
____________________________________________________________________________
________________
Thanks in advance
David Evans-Roberts
daveer at hrwallingford.co.uk
Systems Administrator
HR Wallingford
-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-
HR Wallingford uses Faxes and Emails for confidential and
legally privileged business communications. They do not of
themselves create legal commitments. Disclosure to parties
other than addressees requires our specific consent. We are
not liable for unauthorised disclosures nor reliance upon
them. If you have received this message in error please
advise us immediately and destroy all copies of it.
-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-
More information about the samba
mailing list