Samba in a Win2k domain
Paul Allen
paul.l.allen at boeing.com
Mon Feb 28 19:20:51 GMT 2000
John Dodge asked this same question back in December, but I haven't
seen any response in the archives. So, here it is again:
Samba appears not to be able to authenticate users whose account
lives in a Win2k domain. I have a couple Samba 2.0.4b servers that
use the local NT 4 PDC for authentication. The NT admins tell me
that the new Win2k domain has a trust relationship with the old NT 4
domain and that Win2k users can see all of the old NT 4 resources.
However, PC users who are logged into the Win2k domain are unable
to get to my Samba servers.
Here's a snip of my smb.conf:
[global]
workgroup = iss-tech
security = domain
password server = iss-tech-f
encrypt passwords = yes
Iss-tech is the local resource domain, and iss-tech-f is the local PDC.
Things work nicely if the user is in one of the trusted master account
domains. Users are starting to be forced over into the new Win2k
domain,
and this cuts off their access to Samba. The error I see in the log is
"Unknown NT Error". My error is similar to this one reported by John:
>[1999/12/06 09:54:18, 0] rpc_client/cli_netlogon.c:cli_net_sam_logon(371)
> cli_net_sam_logon: Unknown NT error
>[1999/12/06 09:54:18, 0] smbd/password.c:domain_client_validate(1365)
> domain_client_validate: unable to validate password for user saf6723 in
>domain NW to Domain controller SSG-WWW-IIS01. Error was Unknown NT error.
Since this problem isn't being discussed, I can only conclude that it's
caused by some sort of mis-configuration on my part. Does anybody have
this
working and know why it's working?
Thanks!
Paul Allen
--
Paul L. Allen | voice: (425) 865-3297 fax: (425) 865-2964
Unix Technical Support | paul.l.allen at boeing.com
Boeing Phantom Works Math & Computing Technology Site Operations,
POB 3707 M/S 7L-68, Seattle, WA 98124-2207
More information about the samba
mailing list