samba - Aug 2009 - clients that are not a part of the domain cannot authenticate

Hi,

I have asked that last week with a little different subject, but the problem
remains.

When connecting with a Windows machine (not part of the domain) to the Samba
server, the
client is not authenticating, even when the user exists in the domain.

Domain master is a Windows 2003 SBS machine, the Samba server is a Debian Lenny 
machine.
The problem is occurring with Samba 3.2.13, with Samba 3.0.24 and the same
configuration
it works. Unfortunately after the upgrade from Etch to Lenny (Etch has Samba
3.0.24, Lenny
3.2.13) Samba presented this problem.

In the log file I can find this error message:

domain_client_validate: unable to validate password for user wolfgang in domain 
LIFEBOOKWR to Domain controller PDCALPI01. Error was 
NT_STATUS_NO_SUCH_USER.

And this is the global part of the configuration:

[global]
   workgroup = alpi
   server string = lxarchiv
   wins server = 192.168.1.1
   dns proxy = no
   log file = /var/log/samba/log.%m
   max log size = 1000
   syslog = 0
   panic action = /usr/share/samba/panic-action %d
    security = domain
   encrypt passwords = true
   passdb backend = tdbsam
   obey pam restrictions = yes
   invalid users = root
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:*
%n\n *password\supdated\ssuccessfully* .
  add user script = /usr/sbin/adduser --quiet --disabled-password --gecos
"" %u --gid 1001
   printing = bsd
   printcap name = /etc/printcap
   socket options = TCP_NODELAY
   domain master = auto


Thank you in advance for any help!

Wolfgang

Hi,

unfortunately I wasn't able to solve this probelm. I have tried to use the
3.3.7 release from
Sernet, but the problem remained.

It seems that something has been changed between the 3.0 and the 3.2 release
when using
workgroup = domain and authenticating users on machines that are not within the
domain.

Now, as workaround I have changed the line in the kixtart login script to use
the username
prefixed with the domain to log in, so at least the users can work.

Wolfgang

> I have asked that last week with a little different subject, but the
problem remains.
> 
> When connecting with a Windows machine (not part of the domain) to the
Samba server, the
> client is not authenticating, even when the user exists in the domain.
> 
> Domain master is a Windows 2003 SBS machine, the Samba server is a Debian
Lenny
> machine.
> The problem is occurring with Samba 3.2.13, with Samba 3.0.24 and the same
configuration
> it works. Unfortunately after the upgrade from Etch to Lenny (Etch has
Samba 3.0.24, Lenny
> 3.2.13) Samba presented this problem.
> 
> In the log file I can find this error message:
> 
> domain_client_validate: unable to validate password for user wolfgang in
domain
> LIFEBOOKWR to Domain controller PDCALPI01. Error was 
> NT_STATUS_NO_SUCH_USER.
> 
> And this is the global part of the configuration:
> 
> [global]
>    workgroup = alpi
>    server string = lxarchiv
>    wins server = 192.168.1.1
>    dns proxy = no
>    log file = /var/log/samba/log.%m
>    max log size = 1000
>    syslog = 0
>    panic action = /usr/share/samba/panic-action %d
>     security = domain
>    encrypt passwords = true
>    passdb backend = tdbsam
>    obey pam restrictions = yes
>    invalid users = root
>    passwd program = /usr/bin/passwd %u
>    passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:*
> %n\n *password\supdated\ssuccessfully* .
>   add user script = /usr/sbin/adduser --quiet --disabled-password --gecos
"" %u --gid 1001
>    printing = bsd
>    printcap name = /etc/printcap
>    socket options = TCP_NODELAY
>    domain master = auto
> 
> 
> Thank you in advance for any help!
> 
> Wolfgang
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 

-- 
-- Wolfgang Riedmann
-- Individuelle EDV-L?sungen - Soluzioni informatiche personalizzate
-- I-39012 Meran, Postgranz 16b
-- Telefon +39 0473 201 239
-- http://www.riedmann.it - wolfgang at riedmann.it