NT (sometimes) refusing to authenticate samba server

Bas Vermeulen B.Vermeulen at wumn.wegener.nl
Thu Oct 19 11:04:58 GMT 2000 

Hi,

> Did u make an machine account on the samba PDC?

I made a machine account on the NT PDC. The samba machine is 
not a PDC, although it is integrated in the NT domain, and
uses domain security with a password server. (Sorry if this
wasn't clear in my original message). I've got a problem with
W95 clients connecting to a share on the samba server, which
sometimes fails with the messages in my original mail.
I have not (manually) created a machine account for the PDC
on the samba box.

> > cli_net_auth2: Error NT_STATUS_ACCESS_DENIED
> > cli_nt_setup_creds: auth2 challange failed
> > connect_to_domain_password_server: unable to setup the PDC 
> credentials to
> > machine 003_C00001. Error was : NT_STATUS_ACCESS_DENIED.

<snip>

> > The PDC shows the following errors in it's eventlog:
> >
> > Source: NETLOGON
> > Event ID: 5722
> > Type: Error
> > Description: The session setup from the computer 003_H00001 
> failed to
> > authenticate. The name of the account referenced in the 
> security database
> > is 003_H00001$.  The following error occurred: Access is denied.

My smb.conf is as follows; the socket options don't seem to work
on solaris (I'll have to change those to some more usefull values)

# Samba config file created using SWAT
# from 194.26.204.82 (194.26.204.82)
# Date: 2000/10/19 12:54:28

# Global parameters
[global]
	workgroup = 003_D00001
	netbios name = 003_H00001
	server string = Enterprise Productie Samba 2.0.7
	interfaces = 194.26.203.0/24 127.0.0.1
	bind interfaces only = Yes
	security = DOMAIN
	encrypt passwords = Yes
	password server = 003_C00001 003_C00003
	debug level = 3
	log file = /var/opt/samba/log.%m
	time server = Yes
	deadtime = 30
	keepalive = 60
	lpq cache time = 30
	read prediction = Yes
	socket options = TCP_NODELAY IPTOS_LOWDELAY
	load printers = No
	add user script = /opt/samba/bin/adduser %u
	wins server = 194.26.203.10
	remote announce = 194.26.204.255
	comment = Samba ver. %v
	invalid users = smtp, daemon, sys, bin, adm, noaccess
	admin users = root
	preserve case = No
	short preserve case = No
	map system = Yes
	map hidden = Yes
	level2 oplocks = Yes

[enterprise$]
	comment = Enterprise Productie
	path = /enterprise
	writeable = Yes
	create mask = 0774
	directory mask = 0775
	inherit permissions = Yes

More information about the samba mailing list