Hello!
I have a samba fileserver (Debian Woody, Samba 2.2.3a) that I am
trying to join into an NT domain (smbpasswd -j ...); the command says that
it joined the domain successfully.
Then I setup security=domain, workgroup name etc. as outlined in the samba
howtos. However whenever I try to access a share on the Samba server I am
prompted for a password (even though I already logged in through the
domain controller) and am subsequently denied access.
The logfiles on the fileserver contain the following on the failed mount
attempt:
[2002/09/26 18:53:28, 0] rpc_client/cli_netlogon.c:cli_net_req_chal(246)
cli_net_req_chal: Error NT_STATUS_INVALID_COMPUTER_NAME
[2002/09/26 18:53:28, 0] rpc_client/cli_login.c:cli_nt_setup_creds(48)
cli_nt_setup_creds: request challenge failed
[2002/09/26 18:53:28, 0]
smbd/password.c:connect_to_domain_password_server(1336)
connect_to_domain_password_server: unable to setup the PDC credentials
to machine ADLER.INFORMATIK.TU-FREIBERG.DE. Error was : NT_STATUS_OK.
[2002/09/26 18:53:28, 0] smbd/password.c:domain_client_validate(1554)
domain_client_validate: Domain password server not available.
[2002/09/26 18:53:28, 0] passdb/pdb_smbpasswd.c:pdb_getsampwnam(1367)
unable to open passdb database.
[2002/09/26 18:53:28, 0] passdb/pdb_smbpasswd.c:pdb_getsampwnam(1367)
unable to open passdb database.
I don't know what to make of this -- does someone have any suggestion on
what went wrong? I am rather green on this.
Things that may be notable to our setup:
- Samba server and PDC live in different IP domains and different IP
subnets
- I had to manually insert the machine name of the PDC in the smb.conf
file; putting in "*" to let Samba find out the PDC on it's own
results
in "Domain password server not available" message in the logfiles
Thanks for your patience.
--
Helge Bahmann <bahmann@math.tu-freiberg.de> /| \__
The past: Smart users in front of dumb terminals /_|____\
_/\ | __)
$ ./configure \\ \|__/__|
checking whether build environment is sane... yes \\/___/ |
checking for AIX... no (we already did this) |
Hi!> Try disabling ipchains, iptablesnot active>, and set security=share (no security) > in smb.conf.Even easier, I just created a password for one of the Samba users (smbpasswd -a); then I am able to mount the directory using this password as Samba falls back to the smbpasswd database when the DC is not available> If this works, you have a firewall or user name problem.no filtering rules active on either client or server; user name in domain and on the fileserver are identical too the messages logged by samba are similiar to those quoted below, apart from the fact the fallback to passdb database succeeds in this case> Firewall must be open for tcp and udp on 137, 138 and 139. Get that > working and then work on the security issue.I am afraid this does not help me at all. Thanks for your assistance nevertheless.> >Hello! > > > >I have a samba fileserver (Debian Woody, Samba 2.2.3a) that I am > >trying to join into an NT domain (smbpasswd -j ...); the command says that > >it joined the domain successfully. > > > >Then I setup security=domain, workgroup name etc. as outlined in the samba > >howtos. However whenever I try to access a share on the Samba server I am > >prompted for a password (even though I already logged in through the > >domain controller) and am subsequently denied access. > > > >The logfiles on the fileserver contain the following on the failed mount > >attempt: > > > >[2002/09/26 18:53:28, 0] rpc_client/cli_netlogon.c:cli_net_req_chal(246) > > cli_net_req_chal: Error NT_STATUS_INVALID_COMPUTER_NAME > >[2002/09/26 18:53:28, 0] rpc_client/cli_login.c:cli_nt_setup_creds(48) > > cli_nt_setup_creds: request challenge failed > >[2002/09/26 18:53:28, 0] > >smbd/password.c:connect_to_domain_password_server(1336) > > connect_to_domain_password_server: unable to setup the PDC credentials > >to machine ADLER.INFORMATIK.TU-FREIBERG.DE. Error was : NT_STATUS_OK. > >[2002/09/26 18:53:28, 0] smbd/password.c:domain_client_validate(1554) > > domain_client_validate: Domain password server not available. > >[2002/09/26 18:53:28, 0] passdb/pdb_smbpasswd.c:pdb_getsampwnam(1367) > > unable to open passdb database. > >[2002/09/26 18:53:28, 0] passdb/pdb_smbpasswd.c:pdb_getsampwnam(1367) > > unable to open passdb database. > > > >I don't know what to make of this -- does someone have any suggestion on > >what went wrong? I am rather green on this. > > > >Things that may be notable to our setup: > >- Samba server and PDC live in different IP domains and different IP > >subnets > >- I had to manually insert the machine name of the PDC in the smb.conf > >file; putting in "*" to let Samba find out the PDC on it's own results > >in "Domain password server not available" message in the logfiles > > > >Thanks for your patience.-- Helge Bahmann <bahmann@math.tu-freiberg.de> /| \__ The past: Smart users in front of dumb terminals /_|____\ _/\ | __) $ ./configure \\ \|__/__| checking whether build environment is sane... yes \\/___/ | checking for AIX... no (we already did this) |
Hi, Before to tune Samba, do you have created the computer account in your nt domain ;-)>Hello! > >I have a samba fileserver (Debian Woody, Samba 2.2.3a) that I am >trying to join into an NT domain (smbpasswd -j ...); the command says that >it joined the domain successfully. > >Then I setup security=domain, workgroup name etc. as outlined in the samba >howtos. However whenever I try to access a share on the Samba server I am >prompted for a password (even though I already logged in through the >domain controller) and am subsequently denied access. > >The logfiles on the fileserver contain the following on the failed mount >attempt: > >[2002/09/26 18:53:28, 0] rpc_client/cli_netlogon.c:cli_net_req_chal(246) > cli_net_req_chal: Error NT_STATUS_INVALID_COMPUTER_NAME >[2002/09/26 18:53:28, 0] rpc_client/cli_login.c:cli_nt_setup_creds(48) > cli_nt_setup_creds: request challenge failed >[2002/09/26 18:53:28, 0] >smbd/password.c:connect_to_domain_password_server(1336) > connect_to_domain_password_server: unable to setup the PDC credentials >to machine ADLER.INFORMATIK.TU-FREIBERG.DE. Error was : NT_STATUS_OK. >[2002/09/26 18:53:28, 0] smbd/password.c:domain_client_validate(1554) > domain_client_validate: Domain password server not available. >[2002/09/26 18:53:28, 0] passdb/pdb_smbpasswd.c:pdb_getsampwnam(1367) > unable to open passdb database. >[2002/09/26 18:53:28, 0] passdb/pdb_smbpasswd.c:pdb_getsampwnam(1367) > unable to open passdb database. > >I don't know what to make of this -- does someone have any suggestion on >what went wrong? I am rather green on this. > >Things that may be notable to our setup: >- Samba server and PDC live in different IP domains and different IP >subnets >- I had to manually insert the machine name of the PDC in the smb.conf >file; putting in "*" to let Samba find out the PDC on it's own results >in "Domain password server not available" message in the logfiles > >Thanks for your patience. > >
> Hi, > I'm using with success an access to nt domain > with the security = user (and password encrypted)for over 1500 users it is not an option to duplicate the password database over to the fileserver Regards -- Helge Bahmann <bahmann@math.tu-freiberg.de> /| \__ The past: Smart users in front of dumb terminals /_|____\ _/\ | __) $ ./configure \\ \|__/__| checking whether build environment is sane... yes \\/___/ | checking for AIX... no (we already did this) |
Helge Bahmann wrote:> > Hello! > > I have a samba fileserver (Debian Woody, Samba 2.2.3a) that I am > trying to join into an NT domain (smbpasswd -j ...); the command says that > it joined the domain successfully. > > Then I setup security=domain, workgroup name etc. as outlined in the samba > howtos. However whenever I try to access a share on the Samba server I am > prompted for a password (even though I already logged in through the > domain controller) and am subsequently denied access. > > The logfiles on the fileserver contain the following on the failed mount > attempt: > > [2002/09/26 18:53:28, 0] rpc_client/cli_netlogon.c:cli_net_req_chal(246) > cli_net_req_chal: Error NT_STATUS_INVALID_COMPUTER_NAMEI think this one got chased down recently - try 2.2.6pre2 (or even 2.2.5). Andrew Bartlett -- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net