[Samba] Auth problem with AD member server

Jeff Thurston jthurston at skyline-ats.com
Tue Feb 10 19:32:44 GMT 2009

I am having trouble with certain versions of Windows accessing shares
provided by our Samba (3.0.24) servers which are AD members (Windows Server
2003 AD Controller).
The problem seems to be with the hyphen in the domain name; if a (domain)
user of XP, Server2003, or Linux accesses a share, everything works.
If a domain user on Vista or Windows7 tries to access the same share (same
user as above), they get permission denied.
HOWEVER, if the user provides the credentials as DOMAIN\User instead of
DOMAIN-NAME\User, then everything works.
We're using the LM/NTLM settings in Vista, not NTLM2.
Does anyone have an idea how to resolve this?
Our smb.conf file is below;
workgroup = DOMAIN-NAME
preferred master = no
server string = Debian
security = ADS
encrypt passwords = yes
log level = 3
log file = /var/log/samba/%m
max log size = 50
printcap name = cups
printing = cups
winbind use default domain = Yes
winbind nested groups = Yes
winbind separator = +
allow trusted domains = No
idmap backend = idmap_rid:DOMAIN-NAME=100000-100000000
idmap uid = 100000-100000000
idmap gid = 100000-100000000
template shell = /bin/bash
winbind enum users = yes
winbind enum groups = yes

More information about the samba mailing list