Hi there!
I appear to be having problems with trusted domains using 3.0a21.
Using Samba as a member server, as user "nirs" on domain
"Exanet-il" I
am unable to log on to a member server ("snow") who is a member of the
"Exanet-qa" domain. The "exanet-qa" is supposed to trust
"exanet-il",
and it all worked with 2.2 . This is the relevant log snippet I can
find:
[2002/11/28 18:26:05, 0] auth/auth_domain.c:domain_client_validate(425)
domain_client_validate: unable to validate password for user nirs in
domain EX
ANET-QA to Domain controller \\KENGURO. Error was
NT_STATUS_NO_SUCH_USER.
[2002/11/28 18:26:05, 2] auth/auth.c:check_ntlm_password(271)
check_password: Authentication for user [nirs] -> [nirs] FAILED with
error NT
_STATUS_NO_SUCH_USER
[2002/11/28 18:26:05, 3] smbd/sesssetup.c:do_map_to_guest(38)
No such user nirs [EXANET-IL] - using guest account
[2002/11/28 18:26:05, 3] smbd/sec_ctx.c:push_sec_ctx(255)
Anyone have any idea? Is this supposed to work in 3.0 now?
thanks,
Nir.
--
Nir Soffer -=- Software Engineer, Exanet Inc. -=-
"The poor little kittens; They lost their mittens;
And now you all must die. Mew, Mew, Mew, Mew,
And now you all must die." www.sluggy.com, 24/10/02
On Fri, 2002-11-29 at 03:29, Nir Soffer wrote:> > Hi there! > > I appear to be having problems with trusted domains using 3.0a21. > > Using Samba as a member server, as user "nirs" on domain "Exanet-il" I > am unable to log on to a member server ("snow") who is a member of the > "Exanet-qa" domain. The "exanet-qa" is supposed to trust "exanet-il", > and it all worked with 2.2 . This is the relevant log snippet I can > find: > > [2002/11/28 18:26:05, 0] auth/auth_domain.c:domain_client_validate(425) > domain_client_validate: unable to validate password for user nirs in > domain EX > ANET-QA to Domain controller \\KENGURO. Error was > NT_STATUS_NO_SUCH_USER. > [2002/11/28 18:26:05, 2] auth/auth.c:check_ntlm_password(271) > check_password: Authentication for user [nirs] -> [nirs] FAILED with > error NT > _STATUS_NO_SUCH_USER > [2002/11/28 18:26:05, 3] smbd/sesssetup.c:do_map_to_guest(38) > No such user nirs [EXANET-IL] - using guest account > [2002/11/28 18:26:05, 3] smbd/sec_ctx.c:push_sec_ctx(255) > > > Anyone have any idea? Is this supposed to work in 3.0 now?That error is returned by the remote server. The event log on both DCs might be useful. Andrew Bartlett -- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20021128/6f90195e/attachment.bin
> On Fri, 2002-11-29 at 03:29, Nir Soffer wrote: > > > > Hi there! > > > > I appear to be having problems with trusted domains using 3.0a21. > > > > Using Samba as a member server, as user "nirs" on domain > "Exanet-il" I > > am unable to log on to a member server ("snow") who is a > member of the > > "Exanet-qa" domain. The "exanet-qa" is supposed to trust > "exanet-il", > > and it all worked with 2.2 . This is the relevant log snippet I can > > find: > > > > [2002/11/28 18:26:05, 0] > auth/auth_domain.c:domain_client_validate(425) > > domain_client_validate: unable to validate password for > user nirs in > > domain EX > > ANET-QA to Domain controller \\KENGURO. Error was > > NT_STATUS_NO_SUCH_USER. > > [2002/11/28 18:26:05, 2] auth/auth.c:check_ntlm_password(271) > > check_password: Authentication for user [nirs] -> [nirs] > FAILED with > > error NT > > _STATUS_NO_SUCH_USER > > [2002/11/28 18:26:05, 3] smbd/sesssetup.c:do_map_to_guest(38) > > No such user nirs [EXANET-IL] - using guest account > > [2002/11/28 18:26:05, 3] smbd/sec_ctx.c:push_sec_ctx(255) > > > > > > Anyone have any idea? Is this supposed to work in 3.0 now? > > That error is returned by the remote server. The event log > on both DCs > might be useful.I only have access to the first PDC in the line, and it shows nothing I can spot of any value. Any hints and tips on what exactly I should be looking for? I'd like to stress that the behaviour differs for 2.2.5 which I had installed previously. (Also - another behaviour change I noticed, and please tell me if I'm wrong, is that once if the trust relationship was not established properly, I'll log on as a guest, and now I can a "Can't get domain info" error. I'm assuming this came with the new NT status codes and is correct behaviour, I'm just wondering if this should be documented somewhere to avoid confusion) Thanks, Nir. -- Nir Soffer -=- Software Engineer, Exanet Inc. -=- "The poor little kittens; They lost their mittens; And now you all must die. Mew, Mew, Mew, Mew, And now you all must die." www.sluggy.com, 24/10/02