security = domain
Greg Dickie
greg at discreet.com
Thu Aug 13 18:15:23 GMT 1998
The functionality you are refering to is with security=server. The NTDOM stuff
provides security=domain and lets your NT users actually athenticate to a
Primary Domain Controller implemented in samba. The problem you are having is
that your samba server may be asking the NT server to authenticate the
username/password pair just fine but then it has no idea what to do with them.
Remember samba just tries to map NT privileges to some local user. If I log on
to an NT domain with username greg but there is no user greg on the samba
machine then unless I map it to something else using username map, I will be
nobody because UNIX does not know me.
Does that make any sense?
Greg
On 13-Aug-98 Ryan Koski wrote:
> Well, I commented out said line and rebuilt everything. I can now
> browse the shares on my SAMBA machine (the logs show it using the
> "nobody" account). Interestingly, all the shares appear in explorer
> with names in ALL CAPS. I can access those shares if there is a user
> account on the Linux box with the same name as my NT domain username.
> However, if I delete that user account from the Linux box, I cannot
> access those shares anymore.
>
> Maybe I'm misunderstanding how SAMBA/NTDOM is supposed to work. Is it
> supposed to be possible to get a SAMBA server to get ALL of it's auth
> info from an NT PDC without having to administer user accounts on the
> SAMBA server whatsoever? Or do I need to have user accounts on the
> SAMBA server for each of my NT domain users?
>
> Thanks!
>
> Ryan Koski
> Management Information Systems
>
>
>
> -----Original Message-----
> From: Matthew Chapman
> [mailto:z2232203 at student.unsw.edu.au]
> Sent: Wednesday, August 12, 1998 6:21 PM
> To: Multiple recipients of list
> Subject: Re: security = domain
>
> Ryan Koski wrote:
>
> > [1998/08/12 17:38:11, 0] smbd/uid.c:become_gid(136)
> > Couldn't set gid 500 currently set to (0,0)
> > [1998/08/12 17:38:11, 0]
> smbd/server.c:make_connection(3699)
> > Can't become connected user!
>
> This looks to me like another broken 'setresuid' call.
> Strange, I
> thought it had been fixed in Redhat 5.1 (maybe not).
>
> Try commenting out (enclose in /* ... */) the #define
> HAVE_SETRESUID 1
> line in config.h and do a clean recompile ("make clean;
> make").
>
> Matt
>
>
> --
> Matt Chapman
> E-mail: mattyc at cyberdude.com
---------------------------------------------------------------------
Greg Dickie
Just A Guy*
*from discreet logic
Montreal
(514) 954-7171
greg at discreet.com
More information about the samba-ntdom
mailing list