Samba, NT4 and W2K trust/authentication problem.

Jensen, Rolf jensen at nettspes.no
Mon Mar 5 14:54:06 GMT 2001


Hi all,

Set-up:
Local NT4-RESOURCE domain which the Samba server is a member off.
One NT4-ADMIN domain with users accounts and one W2K domain
with some other user accounts. A one way trust from NT4-ADMIN 
to NT4-RESOURCE and a one way trust from W2K to NT4-RESOURCE. 
Samba version 2.0.7 running on Solaris 2.6.

According to the NT admins, the W2K domain is in native mode, 
but they still use Netbios.

The problem is that passthrough authentication only works for 
users in the NT4-ADMIN domain and not for users in the W2K domain
connecting with W2K workstations.

The relevant section from smb.conf:
workgroup = NT4-RESOURCE
security = domain 
password server = NT4-RESOURCE-PDC
encrypt passwords = yes


The error message I get in the client log file:
domain_client_validate: unable to validate password for user jensero
in domain W2K to Domain controller NT4-RESOURCE-PDC . 
Error was code 0.

More debug info is at the end of this mail.

I've tried to use a W2K domain controller as the password server, 
but then I get the following error:
connect_to_domain_password_server: unable to setup the PDC credentials 
to machine W2KDC1. Error was : NT_STATUS_NO_TRUST_SAM_ACCOUNT.


Any help is appreciated.

Thanks

Rolf Jensen


PS: All Domains are fictitious.


[2001/03/05 14:22:43, 0] smbd/password.c:domain_client_validate(1470)
  domain_client_validate: unable to validate password for user jensero in
domain W2K to Domain controller NT4-RESOURCE-PDC. Error was code 0.
[2001/03/05 14:22:43, 1] smbd/password.c:pass_check_smb(500)
  Couldn't find user 'jensero' in smb_passwd file.
[2001/03/05 14:22:43, 2] smbd/reply.c:reply_sesssetup_and_X(914)
  NT Password did not match for user 'jensero' ! Defaulting to Lanman
[2001/03/05 14:22:43, 1] smbd/password.c:pass_check_smb(500)
  Couldn't find user 'jensero' in smb_passwd file.
[2001/03/05 14:22:43, 1] smbd/reply.c:reply_sesssetup_and_X(925)
  Rejecting user 'jensero': authentication failed
[2001/03/05 14:22:43, 3] smbd/error.c:error_packet(127)
  32 bit error packet at line 639 cmd=115 (SMBsesssetupX) eclass=c000006d
[Error: Unknown error (109,49152)]



  




More information about the samba mailing list