AW: [Samba] authentication from win2k DC

Ilko Iliev I.Iliev at Curecomp.com
Fri Jul 11 12:21:54 GMT 2003


I'm not sure if my last email was correctly posted, because I can't see it in this thread and I didn't get any further reply till now, therefore I'm repeating it here again - sorry for the inconvenience caused :

I've added it in the way as described in 2. 

smbpasswd -r XXX -j TELIT -U mydomainuser

and I got the message successfully joined domain telit (or something similar)

XXX - here this is the same server, which I use with security = server and this is the PDC of the win2k domain

I don't know what kind of account has the machine in the win2k domain - as I said I don't have any direct access to the domain administration of the win2k side... What type of account should the machine have in the win2k domain in order domain authentication to be able to work ?

Tks,
Ilko


-----Ursprüngliche Nachricht-----
Von: John H Terpstra [mailto:jht at samba.org] 
Gesendet: Wednesday, July 09, 2003 3:34 PM
An: Ilko Iliev
Cc: samba at lists.samba.org
Betreff: Re: [Samba] authentication from win2k DC

On Wed, 9 Jul 2003, Ilko Iliev wrote:

> Hi,
>
> I've followed the instructions in the chapter 8 of the documentation to
> connect my AIX 4.3.3 machine with Samba 2.2.8.1 (taken from bull as
> binary for AIX).
> The server is in the domain now, but the domain users can't log on to
> the samba server. The first problem in the log file is:
>
> [2003/07/08 18:00:46, 0] smbd/password.c:domain_client_validate(1558)
>   domain_client_validate: could not fetch trust account password for
> domain TELIT
>
> What exactly has to be done on the Win2k side? I don't have
> administrator privileges (we are using corporate domain and I have to
> give exact instructions to the domain administrator according our samba
> server), but my account has privileges to add machines to the domain and
> I've added the samba server with this account. If I change the security
> = server and use as password server the PDC server the domain users will
> be successfully authenticated.

Sorry. Not enough information provided.

1. How did you add 'the account' to the domain?

1a. If done using the Server manager or the MMC Computer Manager, what
type of account did you add? A workstation account or a domain controller
(PDC or BDC)?

1b. If done by joining the domain from the samba end, exactly what command
did you execute?

2. To join the domain you need to do:
	smbpasswd -r 'PDC_NAME' -j telit -U'administrative_account'

You should succeed with the account that can add machines to the domain.

- John T.

>
> My global section of the smb.conf:
>
> [global]
>         workgroup = TELIT
>         server string = Samba Server
>         encrypt passwords = Yes
>         security = domain
>         password server = *
>         log file = /var/adm/samba/log.%m
>         max log size = 50
>         dns proxy = No
>         wins server = 10.7.2.4
>         hosts allow = 10.70.34.0/255.255.255.0 127.0.0.1
>         code page directory = /usr/local/lib/codepages
>         smb passwd file = /usr/local/private
>         lock dir = /var/adm/samba/locks
>         pid directory = /var/adm/samba/locks
>         winbind separator = +
>         winbind uid = 10000-20000
>         winbind gid = 10000-20000
>         smb passwd file = /etc/smbpasswd
>         ;log level = 3
>         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>         netbios name = ccdev1
>
> A note: with winbind a list of the domain groups and users can be
> obtained from the samba server using winfo -u and winfo -g
>
> Any help will be appreciated !
>
> Tks,
> Ilko
>
>
> Dipl.-Ing. Ilko ILIEV
> application developer
>
> CureComp IT-Solutions GmbH
> Hafenstr. 47-51
> A-4040 Linz, Austria
>
> Tel   : +43-(0)70-9015-5562
> Fax   : +43-(0)70-9015-5579
> Mobile: +43-(0)664-8209556
> mailto:  <mailto:i.iliev at curecomp.com> i.iliev at curecomp.com
>  <http://www.curecomp.com> www.curecomp.com,
> <http://www.clevercure.com> www.clevercure.com
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>

-- 
John H Terpstra
Email: jht at samba.org




More information about the samba mailing list