[Samba] Problem with Samba 2.2.4

Frank Fürst ffrank at rz.uni-potsdam.de
Mon Jun 17 03:53:02 GMT 2002

"Stefan Demarmels @ Digitag AG" <s.demarmels at digitag.ch> schrieb:

> My Problem is:
> I can't connect with a Win2kmachine to Sambaserver2 witch get the
> passwords on Sambaserver1. I can create the machine account, but I
> can't login with a user. Also i have to create a smbpasswd (with the
> machineaccount only) on Sambaserver2, otherwise the Sambaserver2 isn't
> able to check the W2kclients machineaccount on sambaserver1 and the
> message appears "Can't finde the Domain XXX".
> If I connect with a WinMe- oder a Win9x-client at the Sambaserver2 I
> don't have any problem and I don't have to create a smbpasswd or
> eather use the "encrypted password"-parameter on Sambaserver2. All is
> working just fine!
> When I connect with the same Win2k,9x,Me-client's to the Sambaserver1
> -> I don't have any problem.
> About my configuration:
> Sambaserver1 on Subnet 1 (
> - security = user
> - encrypt passwords = yes
> - smb passwd file = /etc/samba/smbpasswd
> - domain logons = yes
> Sambaserver2 on Subnet2 (
> - security = server
> - domain logons = yes

It seems to as what you want to implement is a kind of trust
relationship: Sambaserver2 is a domain controller of its own, but trusts
users authenticated by Sambaserver1. I'm not sure about this, but as far
as I know this is impossible with Samba 2.2.4.

What you should do is set up Sambaserver2 as a member server in the
domain for which Sambaserver1 is domain controller. Give them identical
workgroup names and set domain logons to false for Sambaserver2.

> This two Subnets are connected via a IPSec-Tunnel and all things else
> works just fine.

Perhaps you can synchronize /etc/samba/smbpasswd and /etc/passwd every
day or the other, in order to be able to quickly switch Sambaserver2 to
an ordinary, standalone PDC in case the tunnel is unusable.

Bye, Frank
Frank Fürst, physikalische Biochemie, Universität Potsdam, Germany
Tel.: +49-331-977-5244		Fax: +49-331-977-5062

More information about the samba mailing list