"Linux Newbie" wrote in message
news:jSdzb.37130$aT.23421@news-server.bigpond.net.au...
> I'm running a W2K3 AD domain: w2k3dom.internal
> Domain is running in domain functional level Windows Server 2003
> Forest is running in forest functional level Windows Server 2003
> My DNS server is: 10.20.1.100
> My WINS server is: 10.20.1.100
> My server name is: dc1site1 (10.20.1.100)
> My Linux workstation name is: linux
>
> I can successfully ping dc1site1 from my Linux workstation.
> I can successfully ping my Linux workstation from my W2K3 server
> The Linux workstation appears in the browse list on my W2K3 server, but no
> shares are visible
> The Linux workstation appears correctly in DNS and WINS on my W2K3 server.
>
> I try to map a drive from W2K32 to Samba with:
> net use * \\linux\sambaroot
> I am prompted for a Linux username. I use root
> I am prompted for a password. I use the root password
> I get "System error 1326 Logon failure: unknown user name or bad password"
> On the Linux machine, the .log file contains the following:
> smbd/password.c:domain_client_validate(1556) domain_client_validate: could
> not fetch trust account password for domain W2K3DOM
> immediately followed by:
> passdb/pdb_smbpasswd.c: pdb_getsampwnam(1369) unable to open passdb
database
>
> My smb.conf is as follows:
> [global]
> workgroup = W2K3DOM
> server string = Samba server
> security = DOMAIN
> encrypt passwords = yes
> smb passwd file = /etc/samba/smbpasswd

The smbpasswd file is not needed if you are using security = DOMAIN.
Authentication is done on the DC's.

> pam password change = yes
> obey pam restrictions = yes
> socket options = TTCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> wins server = 10.20.1.100
> password server = dc1site1.w2k3dom.internal

You can use "password server = *" Samba looks for a password server using
the same methods as a Windows system would. This is a better way to do it if
you have more than one DC as it will find the first available, especially if
the one you specify is not available for some reason.

> dns proxy = no
> [sambaroot]
> path = /shares/sambaroot
> writeable = yes
> guestok = yes
>
guest ok = yes, but that is not part of the problem.

> Any assistance appreciated.
>
I guess the other thing I should ask, have you joined the Samba system to
the domain ? from the docs:

In order to join the domain, first stop all Samba daemons and run the
command:
root# smbpasswd -j DOM -r DOMPDC -UAdministrator%password

as we are joining the domain DOM and the PDC for that domain (the only
machine that has write access to the domain SAM database) is DOMPDC. The
Administrator%password is the login name and password for an account which
has the necessary privilege to add machines to the domain. If this is
successful you will see the message:

smbpasswd: Joined domain DOM.

Even though you are using domain authentication, the domain user accounts
need a matching linux user account or a smbusers file to map domain accounts
to linux accounts.