[Samba] Problems with password authentication on Samba as an AD-Member

Felipe Augusto van de Wiel felipe at paranacidade.org.br
Thu Jan 25 13:47:36 GMT 2007

Hash: SHA1

On 01/23/2007 08:14 AM, Ulrich Schwenk escreveu:
> Hello,
> I've got some problems with a Samba Server. The Samba Server is member
> in an Active-Directory Domain (Win2000), it is NOT the domaincontroller.
> Authentication is kerberos-based (smb.conf: securty=ADS, winbind). The
> Sambaserver is accessed by Windows-Clients, that are domainmembers and
> by some Windows-Client, that are not. Originally Users, who were logged
>  on the domain could access the shares simply by typing
> \\servername\sharename in the windows-explorer. Users, who were not
> logged on the domain could also access the shares, but were presented a
> password dialog, where they had to type a domain-user's name and password.
> Everything went fine, until the domaincontroller (Win2000) sufferd a
> severe hardware-crash. I restored the Installation using an
> NT-Systemstate Backup, following this nice procedure
> (http://support.microsoft.com/kb/263532/de -- checkout the listbox on
> the leftside for a translated version). After serveral days of desaster
> recovery, I managed to promote a freshly installed Windows DC and
> finally used dcpromo to downgrade the recovered Version. Replmon,
> dcdiag, netdiag show no errors on the domaincontroller.
> After that, with the new domaincontroller, everything works fine, except
> the passwordbox-thing (only with the Samba-Server, shares offered by
> windows computers can be accessed as before the crash)
> Users are only able to use the Sambaserver, when logged in to a
> windowsbox, which is a member of the domain. Otherwise, instead of the
> password-dialog, a messagebox appears after a long time of waiting,
> saying "file \\servername\sharename not found".
> There are no errors reported. Neigher on the DC, nor on the
> Samba-Server. On the Sambaserver, I found out, that I can browse the
> shares only doing
> kinit <username>
> Password: <mypassword>
> smbclient -k -L SERVERNAME
> (which gives all the shares immediately)
> not and not by
> smbclient -U<username> -L SERVERNAME
> Password: <mypassword>
> which leads to 20 seconds of inactivity and then to an Timeout-message,
> saying "session setup failed: the Server did not respond after 20'000
> milliseconds.
> Could anyone provide a hint for this problem? Can I somehow trace the
> failure? What exactely happens, when the Linuxbox needs to authenticate
> a user from a non-domainmember client?

	This is _really_ a hint that I hope it helps.

	Does your SID changed? Did you changed it also in Samba?
	Don't you need to rejoin your samba machine to the DOMAIN?

> Thanks a lot for the help!

	Kind regards,

- --
Felipe Augusto van de Wiel <felipe at paranacidade.org.br>
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/           Phone: (+55 41 3350 3300)
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org


More information about the samba mailing list