[Samba] Samba, AD and non AD Machines

Shawn Everett shawn at tandac.com
Tue Oct 23 21:42:26 GMT 2007 

Thanks Dale,

This makes a lot of sense...

The Windows 2003 Domain controller is a cluster.  Made up of
node1.domain.local and node2.domain.local.  The cluster itself is
cluster.domain.local

Being clever I set things to use cluster.domain.local thinking that if
either node failed it would be mostly transparent to Samba.  Perhaps this
was a bad assumption on my part.

Shown below is the first part of my smb.conf file.  data2 is in DNS and
resolves fully.

Based on the link you provided I'd suspect password server should be set
to * or cluster (as the NetBIOS name) or a specific node...

Shawn

[global]
 # global options needed by samba to communicate with
 # Windows 2003 Active Directory
 realm = DOMAIN.LOCAL
 netbios name = data2
 workgroup=DLL
 password server = cluster.domain.local
 security = ADS
 encrypt passwords = yes
 os level = 1


> Shawn,
>
> See if the following has any bearing on your situation:
>
> http://lists.samba.org/archive/samba-ntdom/2000-September/014489.html
>
> If not, you may want to post your smb.conf.
>
> Dale
>
> Shawn Everett wrote:
>> Hi All,
>>
>> I have configured Samba 3.0.23 to work with Active Directory.  Based on
>> all the tests shown here:
>> http://us3.samba.org/samba/docs/man/Samba-Guide/unixclients.html#adssdm
>>
>> Things are working as expected.
>>
>> Most machines and users are working as expected.
>>
>> I do have some Windows machines on another subnet, NOT joined to the
>> domain that are giving me grief.  Going to
>> Start->Run->\\ip.of.samba.server I get the following error: The format
>> for
>> the computer name is invalid
>>
>> I can ping the samba server without problems.
>>
>> Reviewing the Samba logs I see:
>> "pam auth crap domain" messages in winbind.log
>>
>> In the machine.log file I see:
>> [2007/10/23 03:05:17, 3] auth/auth.c:check_ntlm_password(221)
>>   check_ntlm_password:  Checking password for unmapped user
>> [domain]\[acronis]@[COMPUTER] with the new password interface
>> [2007/10/23 03:05:17, 3] auth/auth.c:check_ntlm_password(224)
>>   check_ntlm_password:  mapped user is: [domain]\[acronis]@[SORTER]
>> [2007/10/23 03:05:17, 3] smbd/sec_ctx.c:push_sec_ctx(208)
>>   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
>> [2007/10/23 03:05:17, 3] smbd/uid.c:push_conn_ctx(345)
>>   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
>> [2007/10/23 03:05:17, 3] smbd/sec_ctx.c:set_sec_ctx(241)
>>   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
>> [2007/10/23 03:05:17, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
>>   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
>> [2007/10/23 03:05:17, 2] auth/auth.c:check_ntlm_password(319)
>>   check_ntlm_password:  Authentication for user [acronis] -> [acronis]
>> FAILED with error NT_STATUS_INVALID_COMPUTER_NAME
>> [2007/10/23 03:05:17, 3] smbd/error.c:error_packet(146)
>>   error packet at smbd/sesssetup.c(99) cmd=115 (SMBsesssetupX)
>> NT_STATUS_INVALID_COMPUTER_NAME
>>
>>
>> Any thoughts or suggestions would be appreciated.
>>
>> Shawn

More information about the samba mailing list