win2k domain-less client failing to authenticate when securit y=domain

MCCALL,DON (HP-USA,ex1) don_mccall at hp.com
Mon Apr 23 20:34:35 GMT 2001 

Hi Jonathan,
Yep, samba sends the domain name as well as the username to the domain
controller, and what I think happens is the NT controller sees that the
domainname passed is NOT his domain, checks his list of trusted domains,
doesn't find it, and says sayonara buddy...  I am assuming that 'SATURN' is
the netbios name of the win2k client machine?  I'm not real clear on how
this works with win2k clients...

You SHOULD be able to have these clients connect by specifying in the
username and password window that comes up when you fail to attach initally
the username: MSOE\detertj  (in your example) with the appropriate password
for the detertj user account in the MSOE domain.
But if you want to avoid this entirely, then you probably SHOULD add your
win2k clients to the MSOE domain (if they are regular users of resources in
this domain...)
Hope this helps,
Don

-----Original Message-----
From: Jonathan Detert [mailto:detertj at msoe.edu]
Sent: Monday, April 23, 2001 3:09 PM
To: samba at lists.samba.org
Subject: win2k domain-less client failing to authenticate when
security=domain


Hello,

I've got a linux box running smbd & nmbd versions 2.0.6 with security =
DOMAIN,
and an NT4 box as the password server.  The sole domain controlled by that
NT4
box is named "MSOE".  All is well with win98 clients.  However, Win2k
clients
that are not part of an NT domain, but simply belong to a "workgroup" named
"MSOE",
are unable to authenticate.  The /var/log/samba/log.%m file on the linux box
says
this:

        [2001/04/23 13:39:52, 0]
smbd/password.c:domain_client_validate(1470)
          domain_client_validate: unable to validate password for user
          detertj in domain SATURN to Domain controller JUPITER. Error
          was NT_STATUS_NO_SUCH_USER.          

I assume that the problem is that the client says it's in the "SATURN"
domain rather than the "MSOE" domain (which is the domain that JUPITER
is PDC for).

Any idea how to fix this?  I assume adding SATURN to the MSOE domain
would fix this, but I'm told by others here that we don't want to do
that.  Ideas?

Thanks
-- 
Happy Landings,

Jon Detert
Unix System Administrator, Milwaukee School of Engineering
1025 N. Broadway, Milwaukee, Wisconsin 53202

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list