Trouble mapping shares using domain authentication with a Win2K P DC

Auleta, Michael michael.auleta at boeing.com
Tue Jan 15 08:50:06 GMT 2002 

I'm having problems with domain security.  I've pared down my smb.conf to
the minimum, and have successfully joined the Windows 2000 domain.  I can
map the temp share as the guest account.  When I try and map the home share
as a regular user, I see the following errors in my log.smbd file:

[2002/01/15 09:41:06, 3] libsmb/namequery.c:resolve_lmhosts(749)
  resolve_lmhosts: Attempting lmhosts lookup for name DOM<0x1b>
[2002/01/15 09:41:06, 3] libsmb/namequery.c:resolve_wins(691)
  resolve_wins: Attempting wins lookup for name DOM<0x1b>
[2002/01/15 09:41:06, 3] libsmb/namequery.c:resolve_wins(709)
  resolve_wins: WINS server == <192.168.5.200>
[2002/01/15 09:41:06, 3] lib/util_sock.c:open_socket_in(839)
  bind succeeded on port 0
[2002/01/15 09:41:06, 2] libsmb/namequery.c:name_query(417)
  Got a positive name query response from 192.168.5.200 ( 10.0.22.14 )
[2002/01/15 09:41:06, 3] lib/util_sock.c:open_socket_in(839)
  bind succeeded on port 0
[2002/01/15 09:41:06, 3] libsmb/namequery.c:resolve_lmhosts(749)
  resolve_lmhosts: Attempting lmhosts lookup for name PDC<0x20>
[2002/01/15 09:41:06, 3] lib/util_sock.c:open_socket_out(871)
  Connecting to 10.0.22.14 at port 139
[2002/01/15 09:41:07, 0] rpc_client/cli_netlogon.c:cli_net_auth2(160)
  cli_net_auth2: Error NT_STATUS_ACCESS_DENIED
[2002/01/15 09:41:07, 0] rpc_client/cli_login.c:cli_nt_setup_creds(72)
  cli_nt_setup_creds: auth2 challenge failed
[2002/01/15 09:41:07, 0]
smbd/password.c:connect_to_domain_password_server(1372)
  connect_to_domain_password_server: unable to setup the PDC credentials to
mach
ine ADC-NE-01. Error was : NT_STATUS_ACCESS_DENIED.
[2002/01/15 09:41:07, 0] smbd/password.c:domain_client_validate(1591)
  domain_client_validate: Domain password server not available.

My smb.conf is below:

# Global parameters
[global]
        workgroup = DOM
        netbios name = UNIX-NT-TST
        interfaces = 10.0.25.36/255.255.255.0
        security = DOMAIN
        encrypt passwords = Yes
        password server = *
        username map = /var/opt/samba/lib/users.map
        os level = 14
        wins server = 192.168.5.200
        hosts deny = ALL EXCEPT 10.0. 127.0.0.1
        mangled names = No

[homes]
        path = /home/users/%g/%u
        valid users = bver17
        read only = No
        browseable = No

[temp]
        path = /tmp
        guest ok = Yes

The nt username to unix username mapping works correctly (ie: the unixid =
ntid is correct).

More information about the samba mailing list