samba - Apr 2001 - win2k domain-less client failing to authenticate when securit y=domain

Hi Jonathan,
Yep, samba sends the domain name as well as the username to the domain
controller, and what I think happens is the NT controller sees that the
domainname passed is NOT his domain, checks his list of trusted domains,
doesn't find it, and says sayonara buddy...  I am assuming that
'SATURN' is
the netbios name of the win2k client machine?  I'm not real clear on how
this works with win2k clients...

You SHOULD be able to have these clients connect by specifying in the
username and password window that comes up when you fail to attach initally
the username: MSOE\detertj  (in your example) with the appropriate password
for the detertj user account in the MSOE domain.
But if you want to avoid this entirely, then you probably SHOULD add your
win2k clients to the MSOE domain (if they are regular users of resources in
this domain...)
Hope this helps,
Don

-----Original Message-----
From: Jonathan Detert [mailto:detertj@msoe.edu]
Sent: Monday, April 23, 2001 3:09 PM
To: samba@lists.samba.org
Subject: win2k domain-less client failing to authenticate when
security=domain


Hello,

I've got a linux box running smbd & nmbd versions 2.0.6 with security
DOMAIN,
and an NT4 box as the password server.  The sole domain controlled by that
NT4
box is named "MSOE".  All is well with win98 clients.  However, Win2k
clients
that are not part of an NT domain, but simply belong to a "workgroup"
named
"MSOE",
are unable to authenticate.  The /var/log/samba/log.%m file on the linux box
says
this:

        [2001/04/23 13:39:52, 0]
smbd/password.c:domain_client_validate(1470)
          domain_client_validate: unable to validate password for user
          detertj in domain SATURN to Domain controller JUPITER. Error
          was NT_STATUS_NO_SUCH_USER.          

I assume that the problem is that the client says it's in the
"SATURN"
domain rather than the "MSOE" domain (which is the domain that JUPITER
is PDC for).

Any idea how to fix this?  I assume adding SATURN to the MSOE domain
would fix this, but I'm told by others here that we don't want to do
that.  Ideas?

Thanks
-- 
Happy Landings,

Jon Detert
Unix System Administrator, Milwaukee School of Engineering
1025 N. Broadway, Milwaukee, Wisconsin 53202

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

* MCCALL,DON (HP-USA,ex1) <don_mccall@hp.com> [010423
15:32]:
> Hi Jonathan,
> Yep, samba sends the domain name as well as the username to the domain
> controller, and what I think happens is the NT controller sees that the
> domainname passed is NOT his domain, checks his list of trusted domains,
> doesn't find it, and says sayonara buddy...  I am assuming that
'SATURN' is
> the netbios name of the win2k client machine?  I'm not real clear on
how
bingo
> You SHOULD be able to have these clients connect by specifying in the
> username and password window that comes up when you fail to attach initally
> the username: MSOE\detertj  (in your example) with the appropriate password
> for the detertj user account in the MSOE domain.
jackpot
> But if you want to avoid this entirely, then you probably SHOULD add your
> win2k clients to the MSOE domain (if they are regular users of resources in
> this domain...)
> Hope this helps,
yes.  Thanks a lot!  I'll work on the NT guys here to see if I can
change their minds about workstations belonging to the domain.
> Don
> 
> -----Original Message-----
> From: Jonathan Detert [mailto:detertj@msoe.edu]
> Sent: Monday, April 23, 2001 3:09 PM
> To: samba@lists.samba.org
> Subject: win2k domain-less client failing to authenticate when
> security=domain
> 
> 
> Hello,
> 
> I've got a linux box running smbd & nmbd versions 2.0.6 with
security > DOMAIN,
> and an NT4 box as the password server.  The sole domain controlled by that
> NT4
> box is named "MSOE".  All is well with win98 clients.  However,
Win2k
> clients
> that are not part of an NT domain, but simply belong to a
"workgroup" named
> "MSOE",
> are unable to authenticate.  The /var/log/samba/log.%m file on the linux
box
> says
> this:
> 
>         [2001/04/23 13:39:52, 0]
> smbd/password.c:domain_client_validate(1470)
>           domain_client_validate: unable to validate password for user
>           detertj in domain SATURN to Domain controller JUPITER. Error
>           was NT_STATUS_NO_SUCH_USER.          
> 
> I assume that the problem is that the client says it's in the
"SATURN"
> domain rather than the "MSOE" domain (which is the domain that
JUPITER
> is PDC for).
> 
> Any idea how to fix this?  I assume adding SATURN to the MSOE domain
> would fix this, but I'm told by others here that we don't want to
do
> that.  Ideas?
> 
> Thanks
> -- 
> Happy Landings,
> 
> Jon Detert
> Unix System Administrator, Milwaukee School of Engineering
> 1025 N. Broadway, Milwaukee, Wisconsin 53202
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
-- 
Happy Landings,

Jon Detert
Unix System Administrator, Milwaukee School of Engineering
1025 N. Broadway, Milwaukee, Wisconsin 53202