Samba in a Win2k domain (repeat)

Paul Allen paul.l.allen at boeing.com
Thu Mar 2 21:50:11 GMT 2000


I asked this question back on Monday and haven't seen any responses.
Have I not stated the problem clearly enough?  Does it appear as if
I have not done my homework?  Is nobody actually trying to integrate
Samba with Win2k domains?  Am I not being patient enough?

If you've got a clue about how to get Samba to authenticate a user
who happens to have his account in a Win2k domain, please drop me
a note.  If it works fine for you and you can't imagine what my
problem is, that's also useful data.  If it's a known problem with no
known near-term fix, I'd really like an excuse to stop banging my
head on it.  :-)

Here's what Ii wrote:

> John Dodge asked this same question back in December, but I haven't
> seen any response in the archives.  So, here it is again:
> 
> Samba appears not to be able to authenticate users whose account
> lives in a Win2k domain.  I have a couple Samba 2.0.4b servers that
> use the local NT 4 PDC for authentication.  The NT admins tell me
> that the new Win2k domain has a trust relationship with the old NT 4
> domain and that Win2k users can see all of the old NT 4 resources.
> However, PC users who are logged into the Win2k domain are unable
> to get to my Samba servers.
> 
> Here's a snip of my smb.conf:
> 
> [global]
>    workgroup = iss-tech
>    security = domain
>    password server = iss-tech-f
>    encrypt passwords = yes
> 
> Iss-tech is the local resource domain, and iss-tech-f is the local PDC.
> Things work nicely if the user is in one of the trusted master account
> domains.  Users are starting to be forced over into the new Win2k
> domain,
> and this cuts off their access to Samba.  The error I see in the log is
> "Unknown NT Error".  My error is similar to this one reported by John:
> 
> >[1999/12/06 09:54:18, 0] rpc_client/cli_netlogon.c:cli_net_sam_logon(371)
> >  cli_net_sam_logon: Unknown NT error
> >[1999/12/06 09:54:18, 0] smbd/password.c:domain_client_validate(1365)
> >  domain_client_validate: unable to validate password for user saf6723 in
> >domain NW to Domain controller SSG-WWW-IIS01. Error was Unknown NT error.
> 
> Since this problem isn't being discussed, I can only conclude that it's
> caused by some sort of mis-configuration on my part.  Does anybody have
> this
> working and know why it's working?

I need a fix, but even knowing that others are (or are not) seeing
the same problem would be more than I've got now.  Any input you
care to offer will be appreciated.

Paul Allen


-- 
Paul L. Allen           | voice: (425) 865-3297  fax: (425) 865-2964
Unix Technical Support  | paul.l.allen at boeing.com
Boeing Phantom Works Math & Computing Technology Site Operations,
POB 3707 M/S 7L-68, Seattle, WA 98124-2207


More information about the samba mailing list