[Samba] Domain Authentication Problem
craigwhite at azapple.com
Thu Mar 16 16:43:48 GMT 2006
On Thu, 2006-03-16 at 11:26 -0500, Bradish, Jeff wrote:
> One correction to my original email; I am running Solaris 9 rather than Solaris 8 (typo).
> Following are my smb.conf settings:
> workgroup = AMER
> netbios name = USAHSSMC001
> netbios aliases = USAHSSMC001
> server string = EDS GSCO
> security = DOMAIN
> encrypt passwords = Yes
> password server = usahd100 uspld100 usahd101 usahd102 usahd103 usahd104
> username map = /etc/samba/username.map
> log level = 4
> preferred master = No
> local master = No
> domain master = No
> dns proxy = No
> create mask = 0664
> name resolve order = lmhosts
> My issue is: Everything was fine until the AD domain controllers were "upgraded" to Windows Server 2003 SP1. User authentication would no longer function until I pointed the password server entry to domain controllers that have not been upgraded to SP1.
> I upgraded to Samba 3.0.21c, downloaded the pre-compiled version for Solaris 9 and installed with no problems. At this point, I cannot get Samba 3.0.21c to be recognized by either Windows Server 2003 or Windows Server 2003 SP1. I have tried rejoining the domain with no success.
> Samba log entries:
> cli_nt_create failed on pipe \NETLOGON to machine <name>. Error was NT_STATUS_ACCESS_DENIED
> failed to get schannel session key from server <name> for domain <domainname>.
> domain_client_validate: Domain password server not available
> check_ntlm_password: Authentication for user [id] -> [id] FAILED with error NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE
> At this point, I can not get domain security to function for either Samba version when pointed to a Windows Server 2003 SP1 AD controller.
> Any help with this situation would be appreciated.
I'm out of my league here but try...
client schannel = no
(see man smb.conf)
More information about the samba