samba - Dec 2000 - Unable to authenticate user from trusted domain

Purely for file serving we are running Samba 2.0.7 under Solaris 2.6.  NIS+
is the name service on Solaris.  We have an NT PDC and 3 NT BDC s in our
domain.  A user in a trusted domain needs to access some files on the
server.  Under Samba we are set up for domain authentication.  Users in our
domain have no problems, but when the user from the trusted domain tries to
access a file it asks for a username and password.  Supplying his username
and NT password fails.  We use username mapping for some users in the HR
domain, but this user has the same username in NT and Unix.  Is this a
limitation of Samba or this there a way around this.  My smb.conf file is
shown below:

# Samba config file created using SWAT
# from dhcp262 (192.9.203.8)
# Date: 2000/11/24 17:42:39

# Global parameters
[global]
        workgroup = HR
        security = DOMAIN
        encrypt passwords = Yes
        password server = DRIZZLE HAIL SNOW SUPERIOR
        username map = /etc/samba/usermap.txt
        log file = /var/log/samba
        socket options = TCP_NODELAY IPTOS_LOWDELAY
        load printers = No
        os level = 0
        dns proxy = No
        admin users = djer iwp ahs
        create mask = 0664
        directory mask = 0775

[archive]
        comment = The Archive
        path = /sandford/archive
        admin users = Administrator djer iwp ahs
        writeable = Yes

[Projects]
        comment = Projects Folder
        path = /software/Projects
        write list = @comp 

____________________________________________________________________________
________________

Thanks in advance

David Evans-Roberts
daveer@hrwallingford.co.uk
Systems Administrator
HR Wallingford			
 


-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-
HR Wallingford  uses  Faxes and  Emails for  confidential and
legally  privileged  business communications.  They do not of
themselves  create legal  commitments.  Disclosure to parties
other than addressees  requires our specific consent.  We are
not  liable for  unauthorised  disclosures nor  reliance upon
them.  If you  have  received  this  message  in error please
advise   us  immediately  and  destroy   all  copies  of  it.
-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-

Hi David,
any chance you could send me privately a level 10 log file for the client
that is having this problem?  I notice that instead of specifying "*"
for
your password server, you are giving a list of DC's - is the PDC of your HR
domain the first one in the list (ie, is DRIZZLE the PDC for your HR
domain)?  I have some interest in this behavior, and would like to look at
what's being sent over from Samba to the DC, and which DC is answering, etc.
You would need to change your log file entry to be "log file
/var/log/samba/log.%m" and only send the log file for the
log.<machinename=the failing clients netbios name>...
you can reply to don_mccall@hp.com.
Thanks,
Don
-----Original Message-----
From: David Evans-Roberts [mailto:daveer@hrwallingford.co.uk]
Sent: Wednesday, December 13, 2000 8:51 AM
To: 'samba@lists.samba.org'
Subject: Unable to authenticate user from trusted domain


Purely for file serving we are running Samba 2.0.7 under Solaris 2.6.  NIS+
is the name service on Solaris.  We have an NT PDC and 3 NT BDC s in our
domain.  A user in a trusted domain needs to access some files on the
server.  Under Samba we are set up for domain authentication.  Users in our
domain have no problems, but when the user from the trusted domain tries to
access a file it asks for a username and password.  Supplying his username
and NT password fails.  We use username mapping for some users in the HR
domain, but this user has the same username in NT and Unix.  Is this a
limitation of Samba or this there a way around this.  My smb.conf file is
shown below:

# Samba config file created using SWAT
# from dhcp262 (192.9.203.8)
# Date: 2000/11/24 17:42:39

# Global parameters
[global]
        workgroup = HR
        security = DOMAIN
        encrypt passwords = Yes
        password server = DRIZZLE HAIL SNOW SUPERIOR
        username map = /etc/samba/usermap.txt
        log file = /var/log/samba
        socket options = TCP_NODELAY IPTOS_LOWDELAY
        load printers = No
        os level = 0
        dns proxy = No
        admin users = djer iwp ahs
        create mask = 0664
        directory mask = 0775

[archive]
        comment = The Archive
        path = /sandford/archive
        admin users = Administrator djer iwp ahs
        writeable = Yes

[Projects]
        comment = Projects Folder
        path = /software/Projects
        write list = @comp 

____________________________________________________________________________
________________

Thanks in advance

David Evans-Roberts
daveer@hrwallingford.co.uk
Systems Administrator
HR Wallingford			
 


-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-
HR Wallingford  uses  Faxes and  Emails for  confidential and
legally  privileged  business communications.  They do not of
themselves  create legal  commitments.  Disclosure to parties
other than addressees  requires our specific consent.  We are
not  liable for  unauthorised  disclosures nor  reliance upon
them.  If you  have  received  this  message  in error please
advise   us  immediately  and  destroy   all  copies  of  it.
-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-