[Samba] Cannot access samba users from Windows Server 2008 r2 trust
in [Samba]
|
Prev: cupsaddsmb error: cli_pipe_validate_current_pdu: RPC fault code?DCERPC_FAULT_OP_RNG_ERROR received
Next: [Samba] duplicate print job checking
From: Harald Strack on 22 Mar 2010 09:50 Hi, our setup is Samba 3.3.12 as the Trusted Domain (Domain name: SAMBA) Windows 2008r2 as the Trusting Domain (Domain name: W2008) The trust itself works quite well, users of the SAMBA Domain are able to log into the workstations of the W2008 domain and even roaming profiles are working. However, when I try to configure permissions on a share of the W2008r2 server to users from the SAMBA domain (e.g. SAMBA\jsmith), while I am logged in as a user from the W2008 domain (e.g. W2008\Administrator) I do not find any user from the SAMBA domain. Background: Whenever a users wants to access the SAMBA domain, even when he only wants to search users for granting permissions, he has to authenticate first. As far as I know, the user has to authenticate, not the machine. Now, when I am logged in as a user from another domain (e.g. W2008 \Administrator) I cannot authenticate in the SAMBA domain with my actual credentials (desktop single sign-on). However, Windows 2008 R2 tries to authenticate at the SAMBA domain controller several times with the credentials (User: Administrator) of the W2008 domain. Samba Log of a SAMBA domain controller: [2010/03/22 12:07:51, 2] lib/access.c:check_access(406) Allowed connection from (10.10.20.167) [2010/03/22 12:07:51, 2] lib/smbldap.c:smbldap_open_connection(890) smbldap_open_connection: connection opened [2010/03/22 12:07:51, 2] auth/auth.c:check_ntlm_password(318) check_ntlm_password: Authentication for user [Administrator] -> [Administrator] FAILED with error NT_STATUS_NO_SUCH_USER [2010/03/22 12:07:51, 2] auth/auth.c:check_ntlm_password(318) check_ntlm_password: Authentication for user [Administrator] -> [Administrator] FAILED with error NT_STATUS_NO_SUCH_USER [2010/03/22 12:07:51, 2] auth/auth.c:check_ntlm_password(318) check_ntlm_password: Authentication for user [Administrator] -> [Administrator] FAILED with error NT_STATUS_NO_SUCH_USER [2010/03/22 12:07:51, 2] auth/auth.c:check_ntlm_password(318) check_ntlm_password: Authentication for user [Administrator] -> [Administrator] FAILED with error NT_STATUS_NO_SUCH_USER [2010/03/22 12:07:51, 2] auth/auth.c:check_ntlm_password(318) check_ntlm_password: Authentication for user [Administrator] -> [Administrator] FAILED with error NT_STATUS_NO_SUCH_USER However, Earlier versions of Windows tried only once to connect with the wrong credentials and then appeared a prompt where the user could enter its credentials in the other domain (SAMBA) to gain access to their ressources. Does anyone know a registry setting or sth. similar that forces W2008R2 to offer me a prompt for credentials if it gets a NT_STATUS_NO_SUCH_USER? Or any other solution? I greatly appreciate any comments! Best Regards Harry -- Harald Strack, Dipl.Inf.(FH) IT Development ssystems c/o todo GmbH Alt-Moabit 60a 10555 Berlin http://www.ssystems.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba |