Hello All. I'm having a problem setting SAMBA up to be used for domain logons within a Windows 98 Network. The NetBIOS name of the SAMBA server is SERVER, and the WORKGROUP is named FOOTHILL. I have set SAMBA up to authenticate domain logons and have confugured it as a WINS Server. All Clients are sending cleartext passwords, and are set to use the SAMBA machine as a WINS server (the ip of the SAMBA Machine is 10.1.1.1, the rest of the machines are 10.1.1.X, netmask is configured as 255.255.255.0) When the domain is specified as FOOTHILL on a Windows 98 Client, connections work flawlessly, the user is authenticated, and loged on to the system. Since I want to require this to happen, I have used the Windows 98 Policy Editor to Require authorization from a Domain server, hitting cancel at the logon box produces an error to the effect of: You must log on to the system. However, users have found a way to bypass this requirment. If they change the domain from FOOTHILL to anything else (for example: FAKE) and then attempt a logon, the process takes considerbly longer (I *think* windows is trying to map the name FAKE to an IP Address, and then fails) and then the default Windows Logon Box comes up (just a username and password), from this box a user can hit cancel and have access to the system. What I'm trying to do is to require a user to be authenticaed by the Domain Logon process, and have windows ERROR if a user changes the DOMAIN to a non-existant one. Below are my smb.conf, log.smb, log.nmb, and wins.dat files. To cut out the clutter of the log.smb and log.nmb files I stoped samba, removed both log files, the restarted samba. I then loged on once to the correct domain (FOOTHILL), loged out, then tried to log on to a fake domain (FAKE), then loged out, then back on to the real domain (FOOTHILL). The only thing I saw that may be of some help is these lines in log.nmb: [2001/02/06 14:30:02, 1] nmbd/nmbd_processlogon.c:process_logon_packet(69) process_logon_packet: Logon from 10.1.1.12: code = 0 [2001/02/06 14:30:09, 1] nmbd/nmbd_processlogon.c:process_logon_packet(69) process_logon_packet: Logon from 10.1.1.12: code = 7 [2001/02/06 14:33:12, 1] nmbd/nmbd_processlogon.c:process_logon_packet(69) process_logon_packet: Logon from 10.1.1.12: code = 0 It is my theory that whenever we generate a code 7, it is from a Domain that doesn't exist, and code 0 is from one that does. I may be wrong. Any help is appreciated. Thanks All. ---log.smb--- [2001/02/06 14:27:24, 1] smbd/server.c:main(628) smbd version 2.0.5a started. Copyright Andrew Tridgell 1992-1998 [2001/02/06 14:27:24, 1] smbd/files.c:file_init(216) file_init: Information only: requested 10000 open files, 1014 are available. ---log.nmb--- [2001/02/06 14:27:25, 1] nmbd/nmbd.c:main(684) Netbios nameserver version 2.0.5a started. Copyright Andrew Tridgell 1994-1998 [2001/02/06 14:27:25, 0] nmbd/asyncdns.c:start_async_dns(150) started asyncdns process 711 [2001/02/06 14:27:25, 0] nmbd/nmbd_logonnames.c:add_logon_names(159) add_domain_logon_names: Attempting to become logon server for workgroup FOOTHILL on subnet 10.1.1.1 [2001/02/06 14:27:25, 0] nmbd/nmbd_logonnames.c:add_logon_names(159) add_domain_logon_names: Attempting to become logon server for workgroup FOOTHILL on subnet UNICAST_SUBNET [2001/02/06 14:27:25, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(342) become_domain_master_browser_wins: Attempting to become domain master browser on workgroup FOOTHILL, subnet UNICAST_SUBNET. [2001/02/06 14:27:25, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(357) become_domain_master_browser_wins: querying WINS server at IP 10.1.1.1 for domain master browser name FOOTHILL<1b> on workgroup FOOTHILL [2001/02/06 14:27:25, 0] nmbd/nmbd_logonnames.c:become_logon_server_success(118) become_logon_server_success: Samba is now a logon server for workgroup FOOTHILL on subnet UNICAST_SUBNET [2001/02/06 14:27:25, 0] nmbd/nmbd_become_dmb.c:become_domain_master_stage2(118) ***** Samba server SERVER is now a domain master browser for workgroup FOOTHILL on subnet UNICAST_SUBNET ***** [2001/02/06 14:27:25, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(294) become_domain_master_browser_bcast: Attempting to become domain master browser on workgroup FOOTHILL on subnet 10.1.1.1 [2001/02/06 14:27:25, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(308) become_domain_master_browser_bcast: querying subnet 10.1.1.1 for domain master browser on workgroup FOOTHILL [2001/02/06 14:27:29, 0] nmbd/nmbd_logonnames.c:become_logon_server_success(118) become_logon_server_success: Samba is now a logon server for workgroup FOOTHILL on subnet 10.1.1.1 [2001/02/06 14:27:33, 0] nmbd/nmbd_become_dmb.c:become_domain_master_stage2(118) ***** Samba server SERVER is now a domain master browser for workgroup FOOTHILL on subnet 10.1.1.1 ***** [2001/02/06 14:30:02, 1] nmbd/nmbd_processlogon.c:process_logon_packet(69) process_logon_packet: Logon from 10.1.1.12: code = 0 [2001/02/06 14:30:09, 1] nmbd/nmbd_processlogon.c:process_logon_packet(69) process_logon_packet: Logon from 10.1.1.12: code = 7 [2001/02/06 14:33:12, 1] nmbd/nmbd_processlogon.c:process_logon_packet(69) process_logon_packet: Logon from 10.1.1.12: code = 0 ---smb.conf--- # Samba config file created using SWAT # from 12.foothills.com (10.1.1.12) # Date: 2001/02/06 14:27:11 # Global parameters [global] workgroup = FOOTHILL netbios name = SERVER server string = Samba Server interfaces = 10.1.1.1/24 log file = /var/log/samba/log.%m max log size = 50 name resolve order = wins lmhosts host socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 logon script = logon.bat domain logons = Yes local master = No domain master = Yes dns proxy = No wins support = Yes remote announce = 10.1.1.255 remote browse sync = 10.1.1.255 [home] comment = Home Directories path = /home/%U read only = No [def] comment = Default Share path = /home/default browseable = No [netlogon] comment = Network Logon Service path = /home/netlogon guest ok = Yes browseable = No share modes = No [printers] comment = All Printers path = /var/spool/samba print ok = Yes browseable = No ---wins.dat--- VERSION 1 180813 "12#00" 982013333 10.1.1.12 4R "12#03" 982013331 10.1.1.12 4R "ADMIN#03" 982013592 10.1.1.12 4R "FOOTHILL#00" 982013333 255.255.255.255 c4R "FOOTHILL#1b" 982013245 10.1.1.1 44R "FOOTHILL#1c" 982013245 10.1.1.1 c4R "FOOTHILL#1e" 982013245 255.255.255.255 c4R "SERVER#00" 982013245 10.1.1.1 46R "SERVER#03" 982013245 10.1.1.1 46R "SERVER#20" 982013245 10.1.1.1 46R