I have three Sun fileservers running Samba 2.0.4b. They're setup to authenticate with the local NT PDC, "iss-tech-f". In particular, they've got this in their smb.conf files: security = domain password server = iss-tech-f encrypt passwords = yes This setup has been stable for many months, and I routinely point to it as a success story for open source. Now that Windows 2000 has been finally released with all its warts, a local Windows 2000 domain has been established. The PHM's here are applying pressure to convert users over onto the new domain. Although the NT admins tell me a trust relationship exists with the new domain, users logged into the Windows 2000 domain cannot use my Samba servers. The error in the log is "unknown NT error". I have reported this problem twice before, and John Dodge reported it back in December. Here's the log excerpt from his message:> >[1999/12/06 09:54:18, 0] rpc_client/cli_netlogon.c:cli_net_sam_logon(371) > > cli_net_sam_logon: Unknown NT error > >[1999/12/06 09:54:18, 0] smbd/password.c:domain_client_validate(1365) > > domain_client_validate: unable to validate password for user saf6723 in > >domain NW to Domain controller SSG-WWW-IIS01. Error was Unknown NT error.I've seen no response to John's report or to any of mine. I understand that people are busy, but this looks to me like a show-stopper. The fact that Samba does not work will not stop the rollout of Windows 2000 here. The PHM's will just say, "Well, just replace those Unix machines with NT and all your problems will go away." They'll also point to the silence of this list and say, "See? Open source is just too risky. You can't count on any support." If you've got users in a Win2k domain successfully using Samba, please drop me a note. Even if you just say, "It works for me.", that's more than I have now. If you're seeing the same problem I am, I'd like to know about that, too. If this is a known problem that's being worked on, will somebody please just say so? And, if a newer version of Samba is known to work with users in a Win2k domain, what version would that be? Thanks! Paul Allen -- Paul L. Allen | voice: (425) 865-3297 fax: (425) 865-2964 Unix Technical Support | paul.l.allen@boeing.com Boeing Phantom Works Math & Computing Technology Site Operations, POB 3707 M/S 7L-68, Seattle, WA 98124-2207
Paul Allen wrote:> This setup has been stable for many months, and I routinely point > to it as a success story for open source.Glad to hear it :-).> Now that Windows 2000 has been finally released with all its warts, > a local Windows 2000 domain has been established. The PHM's here > are applying pressure to convert users over onto the new domain. > Although the NT admins tell me a trust relationship exists with the > new domain, users logged into the Windows 2000 domain cannot use my > Samba servers. The error in the log is "unknown NT error". > > I have reported this problem twice before, and John Dodge reported it > back in December. Here's the log excerpt from his message: > > > >[1999/12/06 09:54:18, 0] rpc_client/cli_netlogon.c:cli_net_sam_logon(371) > > > cli_net_sam_logon: Unknown NT error > > >[1999/12/06 09:54:18, 0] smbd/password.c:domain_client_validate(1365) > > > domain_client_validate: unable to validate password for user saf6723 in > > >domain NW to Domain controller SSG-WWW-IIS01. Error was Unknown NT error. > > I've seen no response to John's report or to any of mine. I understand > that people are busy, but this looks to me like a show-stopper. The > fact > that Samba does not work will not stop the rollout of Windows 2000 here. > The PHM's will just say, "Well, just replace those Unix machines with NT > and all your problems will go away." They'll also point to the silence > of > this list and say, "See? Open source is just too risky. You can't > count > on any support."Ok - I just setup my W2K box here as a PDC and explicitly tested this with the current version of Samba I'm about to release as 2.0.7pre2. This version has 4 fixes in it for Windows 2000 clients (caused by changes in the Microsoft client code). Short answer - it works. Note that I added the Samba box into AD and explicitly checked the "allow pre-Windows 2000 computers to use this account" box. The RPC code has been re-arranged in the 2.0.7 but is functioally equvalent (in the contacting a PDC path) to the code that ships with 2.0.6. I would upgrade to 2.0.6, and ensure that the Samba boxes have been added into the AD with the correct setting. Please keep the list updated with the details. This looks like more of a political issue rather than a technical one, and I'm sure other admins will be interested to know how you fare. Regards, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. --------------------------------------------------------