Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

win2k PDC: "password server is not connected"

4 views
Skip to first unread message

Sven Geggus

unread,
Apr 30, 2002, 5:59:04 AM4/30/02
to
Hi there,

I'm about to setup a Windows Terminal Server to give People Access to
Windows Applications from our Linus Desktops.

People need to access there files from the Terminal Server as well, thus I
set up samba which however did not work as expected.

From time to time I get some strange authentication failures.

My Setup:

security=server & 2 Win2k Active Directory Servers as PDC, client is a
Windows Terminal Server.

Sometime (if everything works) samba logfile looks like this:

[2002/04/26 14:02:52, 3] smbd/process.c:process_smb(860)
Transaction 2 of length 188
[2002/04/26 14:02:52, 3] smbd/process.c:switch_message(667)
switch message SMBsesssetupX (pid 8094)
[2002/04/26 14:02:52, 3] smbd/sec_ctx.c:set_sec_ctx(314)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2002/04/26 14:02:52, 3] smbd/reply.c:reply_sesssetup_and_X(848)
Domain=[PC] NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0]
[2002/04/26 14:02:52, 3] smbd/reply.c:reply_sesssetup_and_X(858)
sesssetupX:name=[rf]
[2002/04/26 14:02:52, 3] param/loadparm.c:lp_add_home(1904)
adding home directory rf at /home/rf
[2002/04/26 14:02:52, 3] smbd/sec_ctx.c:push_sec_ctx(282)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2002/04/26 14:02:52, 3] smbd/uid.c:push_conn_ctx(285)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2002/04/26 14:02:52, 3] smbd/sec_ctx.c:set_sec_ctx(314)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2002/04/26 14:02:52, 3] smbd/sec_ctx.c:get_current_groups(162)

Otherwise if it does not work it looks like this:

[2002/04/26 13:58:33, 3] smbd/process.c:process_smb(860)
Transaction 6425 of length 188
[2002/04/26 13:58:33, 3] smbd/process.c:switch_message(667)
switch message SMBsesssetupX (pid 7732)
[2002/04/26 13:58:33, 3] smbd/sec_ctx.c:set_sec_ctx(314)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2002/04/26 13:58:33, 3] smbd/reply.c:reply_sesssetup_and_X(848)
Domain=[PC] NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0]
[2002/04/26 13:58:33, 3] smbd/reply.c:reply_sesssetup_and_X(858)
sesssetupX:name=[rf]
[2002/04/26 13:58:33, 1] smbd/password.c:server_validate(1117)
password server is not connected

How can I get this working?

Sven

--
Der "normale Bürger" ist nicht an der TU Dresden und schreibt auch
nicht mit mutt. (Ulli Kuhnle in de.comp.os.unix.discussion)

/me is giggls@ircnet, http://geggus.net/sven/ on the Web

Don Hiscock

unread,
May 4, 2002, 3:42:37 PM5/4/02
to
You can't fix this unless you use your smbpasswd file for authentication.
For
each share, w2k ts only uses 1 connection to the samba server. If someone
else on the TS connects to a share and the connection to the DC drops in the
meantime, you'll get the error below. There used to be a registry setting to
make the TS use multiple connections, but Microsoft removed it in w2k.

"Sven Geggus" <sv...@geggus.net> wrote in message
news:aalpt8$rt9$1...@benzin.geggus.net...


> Hi there,
>
> I'm about to setup a Windows Terminal Server to give People Access to
> Windows Applications from our Linus Desktops.
>
> People need to access there files from the Terminal Server as well, thus I
> set up samba which however did not work as expected.
>
> From time to time I get some strange authentication failures.
>

... cut ...

Sven Geggus

unread,
May 5, 2002, 11:04:20 AM5/5/02
to
Don Hiscock <don.h...@shaw.ca> wrote:
> You can't fix this unless you use your smbpasswd file for authentication.

Which is not a real Option, because I'm about to build a setup where any
authentication is done using a win2k Domain Controller.

BTW, will there be a possibility doing authentication in samba using
pam_krb5 and a Win2k AD-Server instead of smbpasswd, to solve the Problem?

> For
> each share, w2k ts only uses 1 connection to the samba server. If someone
> else on the TS connects to a share and the connection to the DC drops in the
> meantime, you'll get the error below. There used to be a registry setting to
> make the TS use multiple connections, but Microsoft removed it in w2k.

Hm, this has the potential to Kill the intended win2k TS setup altogether.

Sven

--
wenn ping auf localhost nicht funktioniert, solltest Du zuerst TCP/IP
de- und neuinstallieren.
(Mario Arndt in de.comm.protocols.tcp-ip)

Don Hiscock

unread,
May 6, 2002, 1:01:14 PM5/6/02
to
> BTW, will there be a possibility doing authentication in samba using
> pam_krb5 and a Win2k AD-Server instead of smbpasswd, to solve the Problem?
>
I beleive in this case you have to change some registry settings in the
clients to send
clear text passwords.


Don Hiscock

unread,
May 13, 2002, 12:18:19 PM5/13/02
to
I found a way around this for now. Setting up the terminal server as a
trusted host for samba allows users to map without passwords. You should use
a file different from /etc/hosts.equiv, though.

"Sven Geggus" <sv...@geggus.net> wrote in message
news:aalpt8$rt9$1...@benzin.geggus.net...

Sven Geggus

unread,
May 14, 2002, 8:40:37 AM5/14/02
to
Don Hiscock <dhis...@ssbux1.env.gov.bc.ca> wrote:
> I found a way around this for now. Setting up the terminal server as a
> trusted host for samba allows users to map without passwords. You should use
> a file different from /etc/hosts.equiv, though.

Looks like using security=domain is another possible solution.

Sven

--
/* Fuck me gently with a chainsaw... */
(David S. Miller in /usr/src/linux/arch/sparc/kernel/ptrace.c)

0 new messages