[Samba] Linux Primary Domain Controller Authentication

Cynthia Jeness CJeness at bellsouth.net
Mon Nov 7 14:13:02 GMT 2005 

Felipe Augusto van de Wiel wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Cynthia Jeness escreveu:
>  
>
>>I have setup my Linux server as a Primary Domain Controller using Samba
>>3.   All other computers on the network run various versions of Windows
>>from 95 to XP.   All computers are able to join my Samba domain and the
>>user computers can log onto the network.   However, if they try to
>>access a file resource on one of the Windows 2003 file servers, the
>>authentication fails with System Error 1789.   
>>    
>>
>
>	With "they" you mean "all computers"? Or some particular version?
>AFAICT, Win95 does not have crypto passwords, which means that it is not
>going to work properly.
>
>  
>
Windows users computers (all versions 98, 2000, XP Pro) can access all 
shared resources on the Linux server.   However, if one of these Windows 
user computers attempts to share a resource on the Windows 2003 File 
Server (which did successfully join the domain), then error 1789 is 
returned.   Encryption is turned on and the passwords are stored on 
smbpasswd.

>  
>
>>The Windows 2003 file
>>server did successfully join my domain.    I am not running Winbindd
>>primarily because it was not part of the Samba packaging provided by
>>Suse.   Is it necessary to run Winbindd in order to have the Windows
>>2003 servers validate?
>>    
>>
>
>	Looks like more a permission problem than a 2003 validation
>problem. The idea behind winbindd is share the user list between
>servers and, from your description, does not sounds like you need it,
>althoght there is not enough information to be sure. :-)
>
>	Did you map users? Which version of Samba are you running? In
>which MS Windows versions the problem occurs?
>
>
>  
>
>>Any suggestions would be greatly appreciated.
>>    
>>
>
>	Hope it helps, kind regards.
>
>  
>

We added the users as regular users on the Linux computer and to the 
smbpasswd file.   Except for Administrator which I did map to root, the 
user name on the Windows end user computer is the same as the user name 
on the Linux Samba Primary Domain Controller.   We are using Samba 
version 3.0.   The latest available from Suse.  If I make the Windows 
2003 computer a member of a workgroup and add the users directly to the 
Windows 2003 computer, then the users can access resources on the 
Windows 2003 file server.   The error (1789) indicates that the Windows 
2003 Server cannot verify the user name and password against the primary 
domain controller; i.e., the Linux box.   As part of one of my Google 
searches, some news group responder indicated that Windbind was 
necessary to make this work.

>- --
>Felipe Augusto van de Wiel <felipe at paranacidade.org.br>
>Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
>http://www.paranacidade.org.br/           Phone: (+55 41 3350 3300)
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.4.1 (GNU/Linux)
>Comment: Using GnuPG with Debian - http://enigmail.mozdev.org
>
>iD8DBQFDb09qCj65ZxU4gPQRAop7AKCf9H9A1CYeiNmoe656Y52w8GV0FQCgmcbt
>3SW8mNYe0tnZwKSAXw9gw1o=
>=KcOE
>-----END PGP SIGNATURE-----
>  
>

More information about the samba mailing list