I have been running Samba 2.2.8 on a Solaris 8 server with a valid NetBIOS server name on the AD domain. The Samba 2.2.8 configuration was configured for security = domain. Everything was fine until the AD domain controllers were "upgraded" to Windows Server 2003 SP1. User authentication would no longer function with the following error message in the samba 2.2.8 log:
connect_to_domain_password_server: unable to open the domain client session to machine <name>. Error was : NT_STATUS_ACCESS_DENIED. I was able to point the password server entry to another controller that has not been upgraded to Server 2003 SP1 and all is fine. Authentication is processed and granted as expected. Problem is that these controllers are scheduled to be upgraded to 2003 SP1 in the next few weeks. So decided to upgrade Samba to 3.0.21c. Downloaded the pre-compiled version for Solaris 9 and installed with no problems. I copied the smb.conf and smbpasswd files from 2.2.8 to 3.0.21c. I did not copy the secrets.tdb file over, although I did validate the SIDs for each Samba version. At this point, I cannot get Samba 3.0.21c to be recognized by either Windows Server 2003 or Windows Server 2003 SP1. I have tried rejoining the domain with no success. I have verified the SIDs for both Samba 2.2.8 and 3.0.21c. Some of the 3.0.21c log errors I am seeing are: cli_nt_create failed on pipe \NETLOGON to machine <name>. Error was NT_STATUS_ACCESS_DENIED failed to get schannel session key from server <name> for domain <domainname>. domain_client_validate: Domain password server not available check_ntlm_password: Authentication for user [id] -> [id] FAILED with error NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE If anyone has seen this problem I would greatly appreciate any feedback on possible work-around or fixes. At this point, I can not get domain security to work for either Samba version when pointed to a Windows Server 2003 SP1 AD controller. Thanks Jeff Bradish * mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
