Trouble mapping shares using domain authentication with a Win2K P
DC
Auleta, Michael
michael.auleta at boeing.com
Tue Jan 15 08:50:06 GMT 2002
I'm having problems with domain security. I've pared down my smb.conf to
the minimum, and have successfully joined the Windows 2000 domain. I can
map the temp share as the guest account. When I try and map the home share
as a regular user, I see the following errors in my log.smbd file:
[2002/01/15 09:41:06, 3] libsmb/namequery.c:resolve_lmhosts(749)
resolve_lmhosts: Attempting lmhosts lookup for name DOM<0x1b>
[2002/01/15 09:41:06, 3] libsmb/namequery.c:resolve_wins(691)
resolve_wins: Attempting wins lookup for name DOM<0x1b>
[2002/01/15 09:41:06, 3] libsmb/namequery.c:resolve_wins(709)
resolve_wins: WINS server == <192.168.5.200>
[2002/01/15 09:41:06, 3] lib/util_sock.c:open_socket_in(839)
bind succeeded on port 0
[2002/01/15 09:41:06, 2] libsmb/namequery.c:name_query(417)
Got a positive name query response from 192.168.5.200 ( 10.0.22.14 )
[2002/01/15 09:41:06, 3] lib/util_sock.c:open_socket_in(839)
bind succeeded on port 0
[2002/01/15 09:41:06, 3] libsmb/namequery.c:resolve_lmhosts(749)
resolve_lmhosts: Attempting lmhosts lookup for name PDC<0x20>
[2002/01/15 09:41:06, 3] lib/util_sock.c:open_socket_out(871)
Connecting to 10.0.22.14 at port 139
[2002/01/15 09:41:07, 0] rpc_client/cli_netlogon.c:cli_net_auth2(160)
cli_net_auth2: Error NT_STATUS_ACCESS_DENIED
[2002/01/15 09:41:07, 0] rpc_client/cli_login.c:cli_nt_setup_creds(72)
cli_nt_setup_creds: auth2 challenge failed
[2002/01/15 09:41:07, 0]
smbd/password.c:connect_to_domain_password_server(1372)
connect_to_domain_password_server: unable to setup the PDC credentials to
mach
ine ADC-NE-01. Error was : NT_STATUS_ACCESS_DENIED.
[2002/01/15 09:41:07, 0] smbd/password.c:domain_client_validate(1591)
domain_client_validate: Domain password server not available.
My smb.conf is below:
# Global parameters
[global]
workgroup = DOM
netbios name = UNIX-NT-TST
interfaces = 10.0.25.36/255.255.255.0
security = DOMAIN
encrypt passwords = Yes
password server = *
username map = /var/opt/samba/lib/users.map
os level = 14
wins server = 192.168.5.200
hosts deny = ALL EXCEPT 10.0. 127.0.0.1
mangled names = No
[homes]
path = /home/users/%g/%u
valid users = bver17
read only = No
browseable = No
[temp]
path = /tmp
guest ok = Yes
The nt username to unix username mapping works correctly (ie: the unixid =
ntid is correct).
More information about the samba
mailing list