[Samba] Windows NT Domain Support for Samba Shares

Hetman, Greg (CSC) HetmanG at DNB.com
Mon Sep 23 18:27:19 GMT 2002

I am looking for assistance in configuring Samba to support shares in a
Windows NT Domain.  I believe I have everything configured properly, however
I am unable to get a Windows NT Domain userid to work in a Samba share.  

In my smb.conf, I have the following options


workgroup = resdomain
netbios name = hetmanlinux
security = domain
password server = *
username map = /etc/samba/users.map
allow trusted domains = yes
encrype passwords = yes
smb passwd file = /etc/samba/smbpasswd
wins server = x.x.x.x
dns proxy = yes

comment = Linux Files
path = /home/hetmang/linuxshare
read only = no
valid users = hetmang \\domain\\whtest
create mask = 644

Now my /etc/samba/users/map has the following:

hetmang = \\domain\\whtest

** hetmang is a valid UNIX user on this machine **

Here are some questions regarding this setup.  

My machine has an NT computer account created in resdomain.  I ran the
utility to add the SMB server to that domain, and it appears to work. 

If I go on a client machine, which is logged into a Windows NT Domain
domain\whtest, and connect to \\hetmanlinux I see the share.  When I double
click on it, I should connect right into it, instead I get prompted for a
username and password.  If I enter in a correct username and password, it
keeps prompting me for a username and password.  If I type domain\whtest2
and a password (whtest2 is not a valid username), I get an error in my
log.machinename which says "domain_client_validate: unable to validate
password for user whtest2 in domain domain to domain controller *. Error was
NT_STATUS_NO_SUCH_USER.".  If I enter a correct username and password, I get
no errors in the log file.  This leads me to believe that Domain
Authentication is working properly, just my userid does not have access to
the share.  

What is the correct way to allow users to have access to a share using
domain authentication?  I see no documentation that shows an example of how
to do this.  Would "valid users" be a UNIX user or a domain user?  What is
the format for putting a Domain users in this field if this is required?  If
a valid users is only a mapped unix user, what is the format in which file
to do this mapping.  I saw in some documentation that there were commands
"domain logins = yes" and "domain user map = /etc/samba/domuser.map" for
Domain user mappings, however when I enter these settings under Global, I
get errors that this is an unknown parameter.  I do not see these commands
in the smb.conf man pages though..  

I was running smb 2.2.3a and upgraded to 2.2.5 to see if this helps.  I also
installed samba-winbind along with samba-server, samba-common, and
samba-client.  Any help would be really appreciated as I have been working
on this problem for days and have not gotten anywhere.  Thanks.

					Greg Hetman

More information about the samba mailing list