[Samba] Problems with Samba 2.2.3a in a Windows 2000 Domain
Bill Gardner
billg at transzap.com
Wed Apr 10 10:52:02 GMT 2002
Help!
I have been trying to get a samba server running on a sun host to join a NT
2000 domain without much luck.
I am running:
o - W2K in Native mode with two domain controllers (TOPAZ and TZI)
both at 5.00.2195, service pack 2
o - Sun Host ZIRCON running Solaris 8; path level 108528-06
o - Newly compiled (accepted all configure defaults) samba 2.2.3a
I have been able to get the samba server to successfully join the domain by
stopping smbd and nmbd daemons and issuing the command:
smbpasswd -j TRANSZAP -r TOPAZ -u administrator
password:
Joined domain TRANSZAP.
I then set the following parameters in the smb.conf to:
netbios name = ZIRCON
workgroup = TRANSZAP
security = domain
password server = TOPAZ TZI
encrypt passwords = yes
I can successfully list the shares while on the sun host, ZIRCON
zircon> smbclient -L zircon
added interface ip=192.168.2.25 bcast=192.168.2.255 nmask=255.255.255.0
Password:
Anonymous login successful
Domain=[TRANSZAP] OS=[Unix] Server=[Samba 2.2.3a]
Sharename Type Comment
--------- ---- -------
source Disk Local source tree
home$ Disk Home directories
IPC$ IPC IPC Service (zircon Samba Server)
ADMIN$ Disk IPC Service (zircon Samba Server)
Server Comment
--------- -------
ZIRCON zircon Samba Server
Workgroup Master
--------- -------
TRANSZAP TZI
but I am unable to get to the shares on any windows 2000 server or
workstation. I have turned on debug (level 4) to smbd and the relevant
errors in the log file when I connect from a windows workstation are:
[2002/04/09 21:19:16, 3] libsmb/namequery.c:resolve_hosts(792)
resolve_hosts: Attempting host lookup for name TOPAZ<0x20>
[2002/04/09 21:19:16, 3] lib/util_sock.c:open_socket_out(830)
Connecting to 192.168.2.36 at port 445
[2002/04/09 21:19:16, 4] rpc_client/cli_netlogon.c:cli_net_req_chal(220)
cli_net_req_chal: LSA Request Challenge from TOPAZ to ZIRCON:
1209F02679D7B948
[2002/04/09 21:19:16, 4] libsmb/credentials.c:cred_session_key(60)
cred_session_key
[2002/04/09 21:19:16, 4] libsmb/credentials.c:cred_create(91)
cred_create
[2002/04/09 21:19:16, 4] rpc_client/cli_netlogon.c:cli_net_auth2(130)
cli_net_auth2: srv:\\TOPAZ acct:ZIRCON$ sc:2 mc: ZIRCON chal
E74DD66BEA134E78 neg: 1ff
[2002/04/09 21:19:16, 0] rpc_client/cli_netlogon.c:cli_net_auth2(157)
cli_net_auth2: Error NT_STATUS_ACCESS_DENIED
[2002/04/09 21:19:16, 0] rpc_client/cli_login.c:cli_nt_setup_creds(74)
cli_nt_setup_creds: auth2 challenge failed
[2002/04/09 21:19:16, 0]
smbd/password.c:connect_to_domain_password_server(1335)
connect_to_domain_password_server: unable to setup the PDC credentials to
machine TOPAZ. Error was : NT_STATUS_OK.
Just after this, it attempts the same thing to the other domain controller
and I get the same results.
Even more confusing is this:
If I then change the smb.conf to
security = server
everything works fine.
I have searched the archives and the documentation extensively and have
found nothing to help me resolve this issue.
Does anybody have any ideas? I also have output from two sniffer sessions
between ZIRCON and TOPAZ, one with ZIRCON configured 'security = domain' and
the other with 'security = server' (generated with etheral) if someone
thinks this would help.
Thanks,
..billg
More information about the samba
mailing list