Samba can't authenticate in Win2k domain

Paul Allen paul.l.allen at
Thu Mar 16 18:14:55 GMT 2000

I have three Sun fileservers running Samba 2.0.4b.  They're setup
to authenticate with the local NT PDC, "iss-tech-f".  In  particular,
they've got this in their smb.conf files:

   security = domain
   password server = iss-tech-f
   encrypt passwords = yes

This setup has been stable for many months, and I routinely point
to it as a success story for open source.

Now that Windows 2000 has been finally released with all its warts,
a local Windows 2000 domain has been established.  The PHM's here
are applying pressure to convert users over onto the new domain.
Although the NT admins tell me a trust relationship exists with the 
new domain, users logged into the Windows 2000 domain cannot use my
Samba servers.  The error in the log is "unknown NT error".

I have reported this problem twice before, and John Dodge reported it
back in December.  Here's the log excerpt from his message:

> >[1999/12/06 09:54:18, 0] rpc_client/cli_netlogon.c:cli_net_sam_logon(371)
> >  cli_net_sam_logon: Unknown NT error
> >[1999/12/06 09:54:18, 0] smbd/password.c:domain_client_validate(1365)
> >  domain_client_validate: unable to validate password for user saf6723 in
> >domain NW to Domain controller SSG-WWW-IIS01. Error was Unknown NT error.

I've seen no response to John's report or to any of mine.  I understand
that people are busy, but this looks to me like a show-stopper.  The
that Samba does not work will not stop the rollout of Windows 2000 here.
The PHM's will just say, "Well, just replace those Unix machines with NT
and all your problems will go away."  They'll also point to the silence
this list and say, "See?  Open source is just too risky.  You can't
on any support."

If you've got users in a Win2k domain successfully using Samba, please
drop me a note.  Even if you just say, "It works for me.", that's more
than I have now.  If you're seeing the same problem I am, I'd like to
about that, too.  If this is a known problem that's being worked on,
somebody please just say so?  And, if a newer version of Samba is known
work with users in a Win2k domain, what version would that be?


Paul Allen
Paul L. Allen           | voice: (425) 865-3297  fax: (425) 865-2964
Unix Technical Support  | paul.l.allen at
Boeing Phantom Works Math & Computing Technology Site Operations,
POB 3707 M/S 7L-68, Seattle, WA 98124-2207

More information about the samba mailing list