AW: [Samba] add user script going Horribly Wrong (tm)

Vicky Clarke vclarke at
Thu Aug 15 01:15:00 GMT 2002

At 10:02 13/08/2002 +0200, you wrote:
>Good Morning, Vicky!

Good morning :)

>Seems your smb.conf is messed up a little.
>As I can see you're using security = domain. With this configuration the
>smbpasswd-file/feature isn't need at all. Authentication is done encrypted
>with the domain user database, not with the smbpasswd file.

This was the theory, yes, but it doesn't appear to be working; I _think_ I 
may have fixed it (see below) but I'm not quite certain yet.

>But at this point, login should work either, aside of the misconfiguration.
>What exactly is the error message in the log-files when a user tries to
>connect? You should be aware that some unix-version do not allow usernames
>longer than eight characters. Our AIX doesn't like it at all. But as the
>addition of users to the passwd-file already works, this does not seem to
>affect you (or you simply have max eight character user names).

We don't have 8-char user names, but the Unix passwd program we use is 
exceptionally bad-tempered and won't accept passwords which are too simple, 
longer than 8 characters or shorter than 6. As far as error messages go, 
I'm seeing a lot of this sort of thing:

[2002/08/15 09:17:17, 5] rpc_parse/parse_prs.c:prs_ntstatus(588)
       0024 status: NT_STATUS_NO_TRUST_SAM_ACCOUNT
[2002/08/15 09:17:17, 0] rpc_client/cli_netlogon.c:cli_net_auth2(157)
   cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT
[2002/08/15 09:17:17, 0] rpc_client/cli_login.c:cli_nt_setup_creds(74)
   cli_nt_setup_creds: auth2 challenge failed
[2002/08/15 09:17:17, 0] rpc_client/cli_trust.c:modify_trust_password(142)
   modify_trust_password: unable to setup the PDC credentials to machine 
[2002/08/15 09:17:17, 6] lib/util_sock.c:write_socket(518)

Checking against the PDC, it seems to think there's an account for SAMBA, 
which was until quite recently the name advertised by the Samba server - 
I've reinstated the netbios name and the netlogon errors seem to have 
stopped, although now I'm seeing in the event log on the PDC an event ID 
2006 with message 'The server received an incorrectly formatted request 
from \\SAMBA'.

If I don't absolutely need them, should i remove the passwd-related entries 
from my smb.conf so as not to confuse Samba, or will it use NT passwords by 
default anyway?

Thanks for the advice,

More information about the samba mailing list