Cheney, Richard
2002-Jul-25 09:34 UTC
[Samba] HPUX 11.00 & CIFS/9000 Server - Domain authentication problem
Hi, I have been using Samba and CIFS/9000 happily with security=user for some time now, for simple read-only filesharing. Three days ago I decided to get a bit more clever.... I now have a test server and I'm trying to get it to work against our Win2K PDC (UKNT19), which is running Active Directory in native mode for our Windows domain UKNT001. The UNIX server (uk209) is HPUX 11.00 and the CIFS is v2.2a, based on the Samba 2.2.3a source. I got it working with security=user, then with security=server, but I cannot get it working with security=domain. I have added the UNIX server into the domain using the Active Directory User and Computers plug-in. I have also added the machine into the domain using "smbpasswd -j UKNT001 -r UKNT19 -Uadministrator%domain_password". When I issue "net use Y: \\uk209\tmp" from a WinXP client, I get the following:> C:\Documents and Settings\uerrc\Desktop>net use Y: \\uk209\uerrc > System error 1240 has occurred. > > The account is not authorized to log in from this station.When I try smbclient from uk209, I get the following:> root@uk209:/etc/opt/samba> smbclient //uk209/tmp -Uuerrc%beckham7 |sed 's/^/> /1'> added interface ip=170.118.131.12 bcast=170.118.131.255nmask=255.255.255.0> session setup failed: NT_STATUS_LOGON_FAILUREand the /var/opt/samba/log.uk209 has the following lines:> [2002/07/25 17:26:14, 2] libsmb/namequery.c:(420)> Got a positive name query response from 170.118.131.10 (170.118.131.10 )> [2002/07/25 17:26:15, 0] rpc_client/cli_netlogon.c:(157)> cli_net_auth2: Error NT_STATUS_ACCESS_DENIED> [2002/07/25 17:26:15, 0] rpc_client/cli_login.c:(74)> cli_nt_setup_creds: auth2 challenge failed> [2002/07/25 17:26:15, 0] smbd/password.c:(1335)> connect_to_domain_password_server: unable to setup the PDCcredentials to machine UKNT19. Error was : NT_STATUS_OK.> [2002/07/25 17:26:15, 0] smbd/password.c:(1554)> domain_client_validate: Domain password server not available.> [2002/07/25 17:26:15, 2] smbd/reply.c:(971)> NT Password did not match for user 'uerrc'!> [2002/07/25 17:26:15, 2] smbd/reply.c:(981)> Defaulting to Lanman password for uerrc> [2002/07/25 17:26:15, 1] smbd/reply.c:(1002)> Rejecting user 'uerrc': authentication failed> [2002/07/25 17:26:15, 2] smbd/server.c:(458)> Closing connectionsCan anyone help? Thanks, Rich. -------------- next part -------------- A non-text attachment was scrubbed... Name: smb.conf Type: application/octet-stream Size: 587 bytes Desc: smb.conf Url : http://lists.samba.org/archive/samba/attachments/20020725/4684a6d2/smb.obj
Eric Roseme
2002-Jul-25 15:12 UTC
[Samba] HPUX 11.00 & CIFS/9000 Server - Domain authentication problem
Log a Response Center call and ask for site-specific patch PHNE-27562. This contains fixes to smbpasswd for 15-char NetBIOS name, and for smbpasswd -j -r -U. However, you also must have EVERYONE nested in "pre-Windows 2000 compatibile access" (check the pre-windows box when using the W2000 computer managment snap-in). This should work even in Native Mode. Eric Roseme Hewlett-Packard "Cheney, Richard" wrote:> > Hi, > > I have been using Samba and CIFS/9000 happily with security=user for > some time now, for simple read-only filesharing. Three days ago I > decided to get a bit more clever.... > > I now have a test server and I'm trying to get it to work against our > Win2K PDC (UKNT19), which is running Active Directory in native mode for > our Windows domain UKNT001. The UNIX server (uk209) is HPUX 11.00 and > the CIFS is v2.2a, based on the Samba 2.2.3a source. > > I got it working with security=user, then with security=server, but I > cannot get it working with security=domain. I have added the UNIX server > into the domain using the Active Directory User and Computers plug-in. I > have also added the machine into the domain using "smbpasswd -j UKNT001 > -r UKNT19 -Uadministrator%domain_password". > > When I issue "net use Y: \\uk209\tmp" from a WinXP client, I get the > following: > > > C:\Documents and Settings\uerrc\Desktop>net use Y: \\uk209\uerrc > > System error 1240 has occurred. > > > > The account is not authorized to log in from this station. > > When I try smbclient from uk209, I get the following: > > > root@uk209:/etc/opt/samba> smbclient //uk209/tmp -Uuerrc%beckham7 | > sed 's/^/> /1' > > added interface ip=170.118.131.12 bcast=170.118.131.255 > nmask=255.255.255.0 > > session setup failed: NT_STATUS_LOGON_FAILURE > > and the /var/opt/samba/log.uk209 has the following lines: > > > [2002/07/25 17:26:14, 2] libsmb/namequery.c:(420) > > > Got a positive name query response from 170.118.131.10 ( > 170.118.131.10 ) > > [2002/07/25 17:26:15, 0] rpc_client/cli_netlogon.c:(157) > > > cli_net_auth2: Error NT_STATUS_ACCESS_DENIED > > > [2002/07/25 17:26:15, 0] rpc_client/cli_login.c:(74) > > > cli_nt_setup_creds: auth2 challenge failed > > > [2002/07/25 17:26:15, 0] smbd/password.c:(1335) > > > connect_to_domain_password_server: unable to setup the PDC > credentials to machine UKNT19. Error was : NT_STATUS_OK. > > [2002/07/25 17:26:15, 0] smbd/password.c:(1554) > > > domain_client_validate: Domain password server not available. > > > [2002/07/25 17:26:15, 2] smbd/reply.c:(971) > > > NT Password did not match for user 'uerrc'! > > > [2002/07/25 17:26:15, 2] smbd/reply.c:(981) > > > Defaulting to Lanman password for uerrc > > > [2002/07/25 17:26:15, 1] smbd/reply.c:(1002) > > > Rejecting user 'uerrc': authentication failed > > > [2002/07/25 17:26:15, 2] smbd/server.c:(458) > > > Closing connections > > Can anyone help? > > Thanks, > > Rich. > > ------------------------------------------------------------------------ > Name: smb.conf > smb.conf Type: unspecified type (application/octet-stream) > Encoding: base64 > Description: smb.conf
Reasonably Related Threads
- HPUX 11.00 & CIFS/9000 Server - Domain authenticatio n problem
- Re: Which Samba (CIFS ?) For HPUX 11.00 ?
- Problems Getting Kerberos Compiled in with Samba 3.0 Alpha9 o n HPUX 11.00 64 Bit
- openssh compile errors on hpux 11.00
- Antw: openssh compile errors on hpux 11.00