[Samba] clients that are not a part of the domain cannot authenticate

Wolfgang Riedmann wolfgang at riedmann.it
Thu Aug 13 11:08:00 MDT 2009 

Hi,

unfortunately I wasn't able to solve this probelm. I have tried to use the 3.3.7 release from 
Sernet, but the problem remained.

It seems that something has been changed between the 3.0 and the 3.2 release when using 
workgroup = domain and authenticating users on machines that are not within the domain.

Now, as workaround I have changed the line in the kixtart login script to use the username 
prefixed with the domain to log in, so at least the users can work.

Wolfgang


> I have asked that last week with a little different subject, but the problem remains.
> 
> When connecting with a Windows machine (not part of the domain) to the Samba server, the 
> client is not authenticating, even when the user exists in the domain.
> 
> Domain master is a Windows 2003 SBS machine, the Samba server is a Debian Lenny 
> machine.
> The problem is occurring with Samba 3.2.13, with Samba 3.0.24 and the same configuration 
> it works. Unfortunately after the upgrade from Etch to Lenny (Etch has Samba 3.0.24, Lenny 
> 3.2.13) Samba presented this problem.
> 
> In the log file I can find this error message:
> 
> domain_client_validate: unable to validate password for user wolfgang in domain 
> LIFEBOOKWR to Domain controller PDCALPI01. Error was 
> NT_STATUS_NO_SUCH_USER.
> 
> And this is the global part of the configuration:
> 
> [global]
>    workgroup = alpi
>    server string = lxarchiv
>    wins server = 192.168.1.1
>    dns proxy = no
>    log file = /var/log/samba/log.%m
>    max log size = 1000
>    syslog = 0
>    panic action = /usr/share/samba/panic-action %d
>     security = domain
>    encrypt passwords = true
>    passdb backend = tdbsam
>    obey pam restrictions = yes
>    invalid users = root
>    passwd program = /usr/bin/passwd %u
>    passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* 
> %n\n *password\supdated\ssuccessfully* .
>   add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u --gid 1001
>    printing = bsd
>    printcap name = /etc/printcap
>    socket options = TCP_NODELAY
>    domain master = auto
> 
> 
> Thank you in advance for any help!
> 
> Wolfgang
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 


-- 
-- Wolfgang Riedmann
-- Individuelle EDV-Lösungen - Soluzioni informatiche personalizzate
-- I-39012 Meran, Postgranz 16b
-- Telefon +39 0473 201 239
-- http://www.riedmann.it - wolfgang at riedmann.it

More information about the samba mailing list