[Samba] security = domain and Mac OS X

Michael Bartosh mbartosh at mac.com
Mon Jan 6 05:38:01 GMT 2003

At 5:05 PM -0800 1/5/03, Michael Bartosh wrote:
>I've set up Samba on Mac OS X to do pass through authentication to 
>the nt domain in AD several times now. No big deal, it usually just 
>Now, however, it doesn't appear to be working. Note the relevant 
>part of the transaction below (loglevel 4).
>Steps to replicate:
>	a) Add pre-Win2K account with AD Users and computers
>	b) sudo smbpasswd -j EXAMPLE -r WINSERVER -U Administrator%passwd
>		(happens successfully)
>	c) in smb.conf:
>		security = domain
>		password server = WINSERVER
>nmblookup works for WINSERVER.

ps (to answer a couple of off list questions) I should also point out 
that there's no need for winbindd in this case since the system can 
lookup AD users via LDAP.

Again- this has always worked before- so I'm a little confused.

The errors again (none of which seem to have much of an answer on google)

[2003/01/05 16:49:38, 3]
    Connecting to at port 445
[2003/01/05 16:49:38, 4]
    cli_net_req_chal: LSA Request Challenge from WINSERVER to XSERVE:
[2003/01/05 16:49:38, 4]
[2003/01/05 16:49:38, 4]
[2003/01/05 16:49:38, 4]
    cli_net_auth2: srv:\\WINSERVER acct:XSERVE$ sc:2 mc: XSERVE chal
B58AF439B186C221 neg: 1ff
[2003/01/05 16:49:38, 0]
    cli_net_auth2: Error NT_STATUS_ACCESS_DENIED
[2003/01/05 16:49:38, 0]
    cli_nt_setup_creds: auth2 challenge failed
[2003/01/05 16:49:38, 0]
    connect_to_domain_password_server: unable to setup the PDC
credentials to machine WINSERVER. Error was : NT_STATUS_OK.
[2003/01/05 16:49:38, 0]
    domain_client_validate: Domain password server not available.

Mac OS X Consulting and Training
Michael Bartosh
mbartosh at 4am-media.com
Denver, CO

"The surest way to corrupt a youth is to instruct him to hold in higher
regard those who think alike than those who think differently."

- -- Nietzsche
			Think Different.

More information about the samba mailing list