[Samba] HPUX 11.00 & CIFS/9000 Server - Domain authentication problem

Eric Roseme eroseme at emonster.rose.hp.com
Thu Jul 25 15:12:02 GMT 2002 

Log a Response Center call and ask for site-specific patch PHNE-27562.
This contains fixes to smbpasswd for 15-char NetBIOS name, and for
smbpasswd -j -r -U.  However, you also must have EVERYONE nested in
"pre-Windows 2000 compatibile access" (check the pre-windows box when
using the W2000 computer managment snap-in).  This should work even
in Native Mode.

Eric Roseme
Hewlett-Packard

"Cheney, Richard" wrote:
> 
> Hi,
> 
> I have been using Samba and CIFS/9000 happily with  security=user for
> some time now, for simple read-only filesharing. Three days ago I
> decided to get a bit more clever....
> 
> I now have a test server and I'm trying to get it to work against our
> Win2K PDC (UKNT19), which is running Active Directory in native mode for
> our Windows domain UKNT001. The UNIX server (uk209) is HPUX 11.00 and
> the CIFS is v2.2a, based on the Samba 2.2.3a source.
> 
> I got it working with security=user, then with security=server, but I
> cannot get it working with security=domain. I have added the UNIX server
> into the domain using the Active Directory User and Computers plug-in. I
> have also added the machine into the domain using "smbpasswd -j UKNT001
> -r UKNT19 -Uadministrator%domain_password".
> 
> When I issue "net use Y: \\uk209\tmp" from a WinXP client, I get the
> following:
> 
> > C:\Documents and Settings\uerrc\Desktop>net use Y: \\uk209\uerrc
> > System error 1240 has occurred.
> >
> > The account is not authorized to log in from this station.
> 
> When I try smbclient from uk209, I get the following:
> 
> > root at uk209:/etc/opt/samba> smbclient //uk209/tmp -Uuerrc%beckham7 |
> sed 's/^/> /1'
> > added interface ip=170.118.131.12 bcast=170.118.131.255
> nmask=255.255.255.0
> > session setup failed: NT_STATUS_LOGON_FAILURE
> 
> and the /var/opt/samba/log.uk209 has the following lines:
> 
> > [2002/07/25 17:26:14, 2] libsmb/namequery.c:(420)
> 
> >   Got a positive name query response from 170.118.131.10 (
> 170.118.131.10 )
> > [2002/07/25 17:26:15, 0] rpc_client/cli_netlogon.c:(157)
> 
> >   cli_net_auth2: Error NT_STATUS_ACCESS_DENIED
> 
> > [2002/07/25 17:26:15, 0] rpc_client/cli_login.c:(74)
> 
> >   cli_nt_setup_creds: auth2 challenge failed
> 
> > [2002/07/25 17:26:15, 0] smbd/password.c:(1335)
> 
> >   connect_to_domain_password_server: unable to setup the PDC
> credentials to machine UKNT19. Error was : NT_STATUS_OK.
> > [2002/07/25 17:26:15, 0] smbd/password.c:(1554)
> 
> >   domain_client_validate: Domain password server not available.
> 
> > [2002/07/25 17:26:15, 2] smbd/reply.c:(971)
> 
> >   NT Password did not match for user 'uerrc'!
> 
> > [2002/07/25 17:26:15, 2] smbd/reply.c:(981)
> 
> >   Defaulting to Lanman password for uerrc
> 
> > [2002/07/25 17:26:15, 1] smbd/reply.c:(1002)
> 
> >   Rejecting user 'uerrc': authentication failed
> 
> > [2002/07/25 17:26:15, 2] smbd/server.c:(458)
> 
> >   Closing connections
> 
> Can anyone help?
> 
> Thanks,
> 
> Rich.
> 
>   ------------------------------------------------------------------------
>                   Name: smb.conf
>    smb.conf       Type: unspecified type (application/octet-stream)
>               Encoding: base64
>            Description: smb.conf

More information about the samba mailing list