[Samba] Connect to share (ads security) from non-domain computer

Vinz Focker vinz.focker at gmail.com
Mon Nov 16 04:40:22 MST 2009


Replying to my own message in case someone runs into the same issue:

The samba 2008R2 ADS support in Ubuntu Hardy (8.04.3 LTS) is obviously
incomplete although joining the 2008R2 AD works fine.
We were able to solve the described problem simply by upgrading to
Samba 3.4.0 using the source package from Ubuntu Karmic (9.10) :
[ https://launchpad.net/ubuntu/karmic/+source/samba/2:3.4.0-3ubuntu5.1 ]

If you want to build this karmic source package on ubuntu hardy you
also need to build the following 2 source packackes from karmic first:

libcap2: [ https://launchpad.net/ubuntu/+source/libcap2/1:2.16-5ubuntu1 ]
talloc: [ https://launchpad.net/ubuntu/+source/talloc/1.4.0~git20090718-1 ]


Regards,
Vinz


On Fri, Nov 13, 2009 at 1:38 AM, Vinz Focker <vinz.focker at gmail.com> wrote:
> Environment: Samba 3.0.28a on Ubuntu 8.04.3 LTS joined to 2008 R2
> Security: ads
>
> Now sometimes there is the need to connect to a share from a Computer
> that is not joined to the domain (by entering some valid domain
> account after opening the share of course)
>
> If one opens the samba server in the network browser (or start->run
> \\SMBSRV) the following error popup message is immediately is
> displayed and credentials get never asked:
>
> ---------------------
>  \\SMBSRV
>  no process is on the other end of the pipe
> ---------------------
> and on the samba side the following errors get logged:
>
> auth/auth.c:check_ntlm_password(319)
> check_ntlm_password:  Authentication for user [xxxxx] -> [xxxxx]
> FAILED with error NT_STATUS_PIPE_DISCONNECTED
>
> rpc_client/cli_pipe.c:rpc_api_pipe(790)
> rpc_api_pipe: Remote machine ADS.xxxxxx.com pipe \NETLOGON fnum 0x4005
> returned critical error. Error was NT_STATUS_PIPE_DISCONNECTED
>
>
> However, everything works perfectly on computers joined to the domain.
> In addition if one logs on locally on a computer joined to the domain
> the same error occurs.
>
> Any hints how to allow resp. enable connections to samba shares in ads
> mode from within non-domain accounts ?
>
> Thanks,
> Vinz
>


More information about the samba mailing list