win2k domain-less client failing to authenticate when securit y=domain

'Jonathan Detert' detertj at msoe.edu
Mon Apr 23 21:05:22 GMT 2001


* MCCALL,DON (HP-USA,ex1) <don_mccall at hp.com> [010423 15:32]:
> Hi Jonathan,
> Yep, samba sends the domain name as well as the username to the domain
> controller, and what I think happens is the NT controller sees that the
> domainname passed is NOT his domain, checks his list of trusted domains,
> doesn't find it, and says sayonara buddy...  I am assuming that 'SATURN' is
> the netbios name of the win2k client machine?  I'm not real clear on how

bingo

> You SHOULD be able to have these clients connect by specifying in the
> username and password window that comes up when you fail to attach initally
> the username: MSOE\detertj  (in your example) with the appropriate password
> for the detertj user account in the MSOE domain.

jackpot

> But if you want to avoid this entirely, then you probably SHOULD add your
> win2k clients to the MSOE domain (if they are regular users of resources in
> this domain...)
> Hope this helps,

yes.  Thanks a lot!  I'll work on the NT guys here to see if I can
change their minds about workstations belonging to the domain.

> Don
> 
> -----Original Message-----
> From: Jonathan Detert [mailto:detertj at msoe.edu]
> Sent: Monday, April 23, 2001 3:09 PM
> To: samba at lists.samba.org
> Subject: win2k domain-less client failing to authenticate when
> security=domain
> 
> 
> Hello,
> 
> I've got a linux box running smbd & nmbd versions 2.0.6 with security =
> DOMAIN,
> and an NT4 box as the password server.  The sole domain controlled by that
> NT4
> box is named "MSOE".  All is well with win98 clients.  However, Win2k
> clients
> that are not part of an NT domain, but simply belong to a "workgroup" named
> "MSOE",
> are unable to authenticate.  The /var/log/samba/log.%m file on the linux box
> says
> this:
> 
>         [2001/04/23 13:39:52, 0]
> smbd/password.c:domain_client_validate(1470)
>           domain_client_validate: unable to validate password for user
>           detertj in domain SATURN to Domain controller JUPITER. Error
>           was NT_STATUS_NO_SUCH_USER.          
> 
> I assume that the problem is that the client says it's in the "SATURN"
> domain rather than the "MSOE" domain (which is the domain that JUPITER
> is PDC for).
> 
> Any idea how to fix this?  I assume adding SATURN to the MSOE domain
> would fix this, but I'm told by others here that we don't want to do
> that.  Ideas?
> 
> Thanks
> -- 
> Happy Landings,
> 
> Jon Detert
> Unix System Administrator, Milwaukee School of Engineering
> 1025 N. Broadway, Milwaukee, Wisconsin 53202
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
Happy Landings,

Jon Detert
Unix System Administrator, Milwaukee School of Engineering
1025 N. Broadway, Milwaukee, Wisconsin 53202




More information about the samba mailing list