[Samba] Linux Primary Domain Controller Authentication
CJeness at bellsouth.net
Mon Nov 7 14:13:02 GMT 2005
Felipe Augusto van de Wiel wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Cynthia Jeness escreveu:
>>I have setup my Linux server as a Primary Domain Controller using Samba
>>3. All other computers on the network run various versions of Windows
>>from 95 to XP. All computers are able to join my Samba domain and the
>>user computers can log onto the network. However, if they try to
>>access a file resource on one of the Windows 2003 file servers, the
>>authentication fails with System Error 1789.
> With "they" you mean "all computers"? Or some particular version?
>AFAICT, Win95 does not have crypto passwords, which means that it is not
>going to work properly.
Windows users computers (all versions 98, 2000, XP Pro) can access all
shared resources on the Linux server. However, if one of these Windows
user computers attempts to share a resource on the Windows 2003 File
Server (which did successfully join the domain), then error 1789 is
returned. Encryption is turned on and the passwords are stored on
>>The Windows 2003 file
>>server did successfully join my domain. I am not running Winbindd
>>primarily because it was not part of the Samba packaging provided by
>>Suse. Is it necessary to run Winbindd in order to have the Windows
>>2003 servers validate?
> Looks like more a permission problem than a 2003 validation
>problem. The idea behind winbindd is share the user list between
>servers and, from your description, does not sounds like you need it,
>althoght there is not enough information to be sure. :-)
> Did you map users? Which version of Samba are you running? In
>which MS Windows versions the problem occurs?
>>Any suggestions would be greatly appreciated.
> Hope it helps, kind regards.
We added the users as regular users on the Linux computer and to the
smbpasswd file. Except for Administrator which I did map to root, the
user name on the Windows end user computer is the same as the user name
on the Linux Samba Primary Domain Controller. We are using Samba
version 3.0. The latest available from Suse. If I make the Windows
2003 computer a member of a workgroup and add the users directly to the
Windows 2003 computer, then the users can access resources on the
Windows 2003 file server. The error (1789) indicates that the Windows
2003 Server cannot verify the user name and password against the primary
domain controller; i.e., the Linux box. As part of one of my Google
searches, some news group responder indicated that Windbind was
necessary to make this work.
>Felipe Augusto van de Wiel <felipe at paranacidade.org.br>
>Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
>http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300)
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.4.1 (GNU/Linux)
>Comment: Using GnuPG with Debian - http://enigmail.mozdev.org
>-----END PGP SIGNATURE-----
More information about the samba