Samba can't authenticate in Win2k domain

Jeremy Allison jeremy at
Thu Mar 16 20:00:47 GMT 2000

Paul Allen wrote:

> This setup has been stable for many months, and I routinely point
> to it as a success story for open source.

Glad to hear it :-).

> Now that Windows 2000 has been finally released with all its warts,
> a local Windows 2000 domain has been established.  The PHM's here
> are applying pressure to convert users over onto the new domain.
> Although the NT admins tell me a trust relationship exists with the
> new domain, users logged into the Windows 2000 domain cannot use my
> Samba servers.  The error in the log is "unknown NT error".
> I have reported this problem twice before, and John Dodge reported it
> back in December.  Here's the log excerpt from his message:
> > >[1999/12/06 09:54:18, 0] rpc_client/cli_netlogon.c:cli_net_sam_logon(371)
> > >  cli_net_sam_logon: Unknown NT error
> > >[1999/12/06 09:54:18, 0] smbd/password.c:domain_client_validate(1365)
> > >  domain_client_validate: unable to validate password for user saf6723 in
> > >domain NW to Domain controller SSG-WWW-IIS01. Error was Unknown NT error.
> I've seen no response to John's report or to any of mine.  I understand
> that people are busy, but this looks to me like a show-stopper.  The
> fact
> that Samba does not work will not stop the rollout of Windows 2000 here.
> The PHM's will just say, "Well, just replace those Unix machines with NT
> and all your problems will go away."  They'll also point to the silence
> of
> this list and say, "See?  Open source is just too risky.  You can't
> count
> on any support."

Ok - I just setup my W2K box here as a PDC and explicitly
tested this with the current version of Samba I'm about to
release as 2.0.7pre2. This version has 4 fixes in it for 
Windows 2000 clients (caused by changes in the Microsoft
client code).

Short answer - it works.

Note that I added the Samba box into AD and explicitly
checked the "allow pre-Windows 2000 computers to use this account"

The RPC code has been re-arranged in the 2.0.7 but is
functioally equvalent (in the contacting a PDC path) to
the code that ships with 2.0.6.

I would upgrade to 2.0.6, and ensure that the Samba boxes
have been added into the AD with the correct setting.

Please keep the list updated with the details. This looks
like more of a political issue rather than a technical one,
and I'm sure other admins will be interested to know how
you fare.


	Jeremy Allison,
	Samba Team.

Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.

More information about the samba mailing list