One correction to my original email; I am running Solaris 9 rather than Solaris 8 (typo).
Following are my smb.conf settings: [global] workgroup = AMER netbios name = USAHSSMC001 netbios aliases = USAHSSMC001 server string = EDS GSCO security = DOMAIN encrypt passwords = Yes password server = usahd100 uspld100 usahd101 usahd102 usahd103 usahd104 username map = /etc/samba/username.map log level = 4 preferred master = No local master = No domain master = No dns proxy = No create mask = 0664 name resolve order = lmhosts My issue is: Everything was fine until the AD domain controllers were "upgraded" to Windows Server 2003 SP1. User authentication would no longer function until I pointed the password server entry to domain controllers that have not been upgraded to SP1. I upgraded to Samba 3.0.21c, downloaded the pre-compiled version for Solaris 9 and installed with no problems. At this point, I cannot get Samba 3.0.21c to be recognized by either Windows Server 2003 or Windows Server 2003 SP1. I have tried rejoining the domain with no success. Samba log entries: cli_nt_create failed on pipe \NETLOGON to machine <name>. Error was NT_STATUS_ACCESS_DENIED failed to get schannel session key from server <name> for domain <domainname>. domain_client_validate: Domain password server not available check_ntlm_password: Authentication for user [id] -> [id] FAILED with error NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE At this point, I can not get domain security to function for either Samba version when pointed to a Windows Server 2003 SP1 AD controller. Any help with this situation would be appreciated. Jeff Bradish * mailto: [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Craig White Sent: Thursday, March 16, 2006 10:58 AM To: samba@lists.samba.org Subject: RE: [Samba] Domain Authentication Problem On Thu, 2006-03-16 at 16:16 +0100, Johannes Michler wrote: > I've got similar Problems: > When I try to connect to our samba server I get an "Die Anforderung > wird nicht unterstützt" Error Message. > >From our other Machines (even some Win2k3 Servers) I can access the > >Files, > what could be wrong? > > The samba server has the following conf-file: > > # This is the main Samba configuration file. You should read the # > smb.conf(5) manual page in order to understand the options listed # > here. Samba has a huge number of configurable options (perhaps too # > many!) most of which are not shown in this example # # Any line which > starts with a ; (semi-colon) or a # (hash) # is a comment and is > ignored. In this example we will use a # # for commentry and a ; for > parts of the config file that you # may wish to enable # # NOTE: > Whenever you modify this file you should run the command "testparm" > # to check that you have not many any basic syntactic errors. > # > #======================= Global Settings > ===================================== > [global] > > # workgroup = NT-Domain-Name or Workgroup-Name, eg: REDHAT4 > workgroup = FZI > > # Unter welchem Namen soll der Server sichtbar sein - vorzugsweise > gleich dem DNS-Namen > netbios name = goedel > > # server string is the equivalent of the NT Description field > server string = SWT Samba Server > > # This option is important for security. It allows you to restrict # > connections to machines which are on your local network. The # > following example restricts access to two C class networks and # the > "loopback" interface. For more examples of the syntax see # the > smb.conf man page > ; hosts allow = 192.168.1. 192.168.2. 127. > hosts allow = ############ 127. > > > # If you want to automatically load your printer list rather # than > setting them up individually then you'll need this > load printers = yes > > # you may wish to override the location of the printcap file > ; printcap name = /etc/printcap > > # on SystemV system setting printcap name to lpstat should allow # you > to automatically obtain a printer list from the SystemV spool # system > ; printcap name = lpstat > > # It should not be necessary to specify the print system type unless # > it is non-standard. Currently supported print systems include: > # bsd, sysv, plp, lprng, aix, hpux, qnx > ; printing = bsd > > # Uncomment this if you want a guest account, you must add this to > /etc/passwd # otherwise the user "nobody" is used ; guest account = > pcguest > > # this tells Samba to use a separate log file for each machine # that > connects > ; log file = /usr/sfw/lib/smb.conf.%m > ; log file =/var/samba/log/%m.log > log file =/var/samba/log/smbd.log > > # Put a capping on the size of the log files (in Kb). > max log size = 100 > > > > security = server > password server = ad > encrypt passwords = yes > os level = 1 > > # starke Verschluesselung fuer eingehende Verbindungen > ; server NTLMv2 = auto > > # starke Verschluesselung fuer ausgehende Verbindungen ; client > NTLMv2 = auto > > # Gastzugriffe laufen unter diesem Account > guest account = nobody > > # Unbekannte Benutzer werden als Gast behandelt > map to guest = Bad User > > # Samba versucht nicht, Masterbrowser zu werden > local master = no > > > > > # Security mode. Most people will want user level security. See # > security_level.txt for details. > ; security = user > > # Use password server option only with security = server # The > argument list may include: > # password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name] > # or to auto-locate the domain controller/s > # password server = * > ; password server = <NT-Server-Name> > > # Note: Do NOT use the now deprecated option of "domain controller" > # This option is no longer implemented. > > # You may wish to use password encryption. Please read # > ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. > # Do not enable this option unless you have read those documents ; > encrypt passwords = yes > > # Using the following line enables you to customise your configuration > # on a per machine basis. The %m gets replaced with the netbios name # > of the machine that is connecting > ; include = /var/samba/log.%m > > # Most people will find that this option gives better performance. > # See speed.txt and the manual pages for details # You may want to add > the following on a Linux system: > # SO_RCVBUF=8192 SO_SNDBUF=8192 > socket options = TCP_NODELAY > > # Configure Samba to use multiple interfaces # If you have multiple > network interfaces then you must list them # here. See the man page > for details. > ; interfaces = 192.168.12.2/24 192.168.13.2/24 > > # Browser Control Options: > # set local master to no if you don't want Samba to become a master # > browser on your network. Otherwise the normal election rules apply > ; local master = no > > # OS Level determines the precedence of this server in master browser > # elections. The default value should be reasonable > ; os level = 33 > > # Domain Master specifies Samba to be the Domain Master Browser. This > # allows Samba to collate browse lists between subnets. Don't use this > # if you already have a Windows NT domain controller doing this job > ; domain master = yes > > # Preferred Master causes Samba to force a local browser election on > startup # and gives it a slightly higher chance of winning the election > ; preferred master = yes > > # Enable this if you want Samba to be a domain logon server for # > Windows95 workstations. > ; domain logons = yes > > # if you enable domain logons then you may want a per-machine or # per > user logon script # run a specific logon batch file per workstation > (machine) > ; logon script = %m.bat > # run a specific logon batch file per username > ; logon script = %U.bat > > # Where to store roving profiles (only for Win95 and WinNT) > # %L substitutes for this servers netbios name, %U is username > # You must uncomment the [Profiles] share below > ; logon path = \\%L\Profiles\%U > > # Windows Internet Name Serving Support Section: > # WINS Support - Tells the NMBD component of Samba to enable it's WINS > Server > ; wins support = yes > > # WINS Server - Tells the NMBD components of Samba to be a WINS Client > # Note: Samba can be either a WINS Server, or a WINS Client, but NOT > both > ; wins server = w.x.y.z > wins server = ############ > > # WINS Proxy - Tells Samba to answer name resolution queries on # > behalf of a non WINS capable client, for this to work there must be # > at least one WINS Server on the network. The default is NO. > ; wins proxy = yes > > # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS > names # via DNS nslookups. The built-in default for versions 1.9.17 is > yes, # this has been changed in version 1.9.18 to no. > dns proxy = yes > > # Case Preservation can be handy - system default is _no_ # NOTE: > These can be set on a per share basis > preserve case = yes > short preserve case = yes > # Default case is normally upper case for all DOS files ; default > case = lower # Be very careful with case sensitivity - it can break > things! > case sensitive = no > ; mangle case = no > > force create mode = 644 > force directory mode = 755 > map archive = no > > #============================ Share Definitions > ============================== [homes] > comment = UNIX Home Directories > browseable = yes > writable = yes > invalid users = root > > [fzi] > comment = FZI NFS-Wurzel > path = /fzi > writable = true > > > [public] > comment = Public Stuff > path = /export/home/samba > public = yes > browseable = yes > writable = yes > printable = no > write list = @swt @rud @dtp > ---- It would help if you don't include all of the unnecessary stuff (especially comments)... testparm -s > /tmp/samba-config.txt # would be better your usage of security = server password server = ad doesn't seem correct. is ad a netbios name? are you sure you want to use security = server and not security = ADS ? at least you should make sure that 'password server = WHATEVER' has WHATEVER either an ip address or a resolvable domain controller. see 'man smb.conf' Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba