[Samba] AD native mode authentication on OpenSolaris

Chris Dollmont samba at dollmont.net
Wed Aug 22 05:06:04 GMT 2007


I am running Samba 3.0.24 on OpenSolaris build 69, x86. I built Kerberos,
LDAP and Samba from source so that I could join an AD domain in native mode.
After many trials and tribulations, I successfully did a 'net ads join'.

Here's the problem:

When a user tries to connect to the Solaris server, I get the following
error in the Samba log for the client machine:

[2007/08/21 16:37:49, 0] auth/auth_domain.c:(246)
  domain_client_validate: unable to validate password for user <myuser> in
domain <mydomain> to Domain controller <my dc>. Error was
NT_STATUS_WRONG_PASSWORD.

On the Domain Controller, however, the security log shows a login attempt
with Success as the return code--in other words, the user successfully
authenticated against the DC. Why is the Samba server misinterpreting this?

On the Samba server, kinit works. klist works. 'net ads user' and 'net ads
group' work. Everything *appears* to be fine, but the user connection is
always failing.

Chris


More information about the samba mailing list