win2k domain-less client failing to authenticate when securit y=domain
'Jonathan Detert'
detertj at msoe.edu
Mon Apr 23 21:05:22 GMT 2001
* MCCALL,DON (HP-USA,ex1) <don_mccall at hp.com> [010423 15:32]:
> Hi Jonathan,
> Yep, samba sends the domain name as well as the username to the domain
> controller, and what I think happens is the NT controller sees that the
> domainname passed is NOT his domain, checks his list of trusted domains,
> doesn't find it, and says sayonara buddy... I am assuming that 'SATURN' is
> the netbios name of the win2k client machine? I'm not real clear on how
bingo
> You SHOULD be able to have these clients connect by specifying in the
> username and password window that comes up when you fail to attach initally
> the username: MSOE\detertj (in your example) with the appropriate password
> for the detertj user account in the MSOE domain.
jackpot
> But if you want to avoid this entirely, then you probably SHOULD add your
> win2k clients to the MSOE domain (if they are regular users of resources in
> this domain...)
> Hope this helps,
yes. Thanks a lot! I'll work on the NT guys here to see if I can
change their minds about workstations belonging to the domain.
> Don
>
> -----Original Message-----
> From: Jonathan Detert [mailto:detertj at msoe.edu]
> Sent: Monday, April 23, 2001 3:09 PM
> To: samba at lists.samba.org
> Subject: win2k domain-less client failing to authenticate when
> security=domain
>
>
> Hello,
>
> I've got a linux box running smbd & nmbd versions 2.0.6 with security =
> DOMAIN,
> and an NT4 box as the password server. The sole domain controlled by that
> NT4
> box is named "MSOE". All is well with win98 clients. However, Win2k
> clients
> that are not part of an NT domain, but simply belong to a "workgroup" named
> "MSOE",
> are unable to authenticate. The /var/log/samba/log.%m file on the linux box
> says
> this:
>
> [2001/04/23 13:39:52, 0]
> smbd/password.c:domain_client_validate(1470)
> domain_client_validate: unable to validate password for user
> detertj in domain SATURN to Domain controller JUPITER. Error
> was NT_STATUS_NO_SUCH_USER.
>
> I assume that the problem is that the client says it's in the "SATURN"
> domain rather than the "MSOE" domain (which is the domain that JUPITER
> is PDC for).
>
> Any idea how to fix this? I assume adding SATURN to the MSOE domain
> would fix this, but I'm told by others here that we don't want to do
> that. Ideas?
>
> Thanks
> --
> Happy Landings,
>
> Jon Detert
> Unix System Administrator, Milwaukee School of Engineering
> 1025 N. Broadway, Milwaukee, Wisconsin 53202
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
--
Happy Landings,
Jon Detert
Unix System Administrator, Milwaukee School of Engineering
1025 N. Broadway, Milwaukee, Wisconsin 53202
More information about the samba
mailing list