security = domain

Greg Dickie greg at discreet.com
Thu Aug 13 18:15:23 GMT 1998 

The functionality you are refering to is with security=server. The NTDOM stuff
provides security=domain and lets your NT users actually athenticate to a
Primary Domain Controller implemented in samba. The problem you are having is
that your samba server may be asking the NT server to authenticate the
username/password pair just fine but then it has no idea what to do with them.
Remember samba just tries to map NT privileges to some local user. If I log on
to an NT domain with username greg but there is no user greg on the samba
machine then unless I map it to something else using username map, I will  be
nobody because UNIX does not know me.

Does that make any sense?
Greg

On 13-Aug-98 Ryan Koski wrote:
> Well, I commented out said line and rebuilt everything.  I can now
> browse the shares on my SAMBA machine (the logs show it using the
> "nobody" account).  Interestingly, all the shares appear in explorer
> with names in ALL CAPS.  I can access those shares if there is a user
> account on the Linux box with the same name as my NT domain username.
> However, if I delete that user account from the Linux box, I cannot
> access those shares anymore.
> 
> Maybe I'm misunderstanding how SAMBA/NTDOM is supposed to work.  Is it
> supposed to be possible to get a SAMBA server to get ALL of it's auth
> info from an NT PDC without having to administer user accounts on the
> SAMBA server whatsoever?  Or do I need to have user accounts on the
> SAMBA server for each of my NT domain users?
> 
> Thanks!
> 
> Ryan Koski
> Management Information Systems
> 
> 
> 
>               -----Original Message-----
>               From:   Matthew Chapman
> [mailto:z2232203 at student.unsw.edu.au]
>               Sent:   Wednesday, August 12, 1998 6:21 PM
>               To:     Multiple recipients of list
>               Subject:        Re: security = domain
> 
>               Ryan Koski wrote:
> 
>               > [1998/08/12 17:38:11, 0] smbd/uid.c:become_gid(136)
>               >   Couldn't set gid 500 currently set to (0,0)
>               > [1998/08/12 17:38:11, 0]
> smbd/server.c:make_connection(3699)
>               >   Can't become connected user!
> 
>               This looks to me like another broken 'setresuid' call.
> Strange, I
>               thought it had been fixed in Redhat 5.1 (maybe not).
> 
>               Try commenting out (enclose in /* ... */) the #define
> HAVE_SETRESUID 1
>               line in config.h and do a clean recompile ("make clean;
> make").
> 
>                   Matt
> 
> 
>               --
>               Matt Chapman
>               E-mail: mattyc at cyberdude.com

---------------------------------------------------------------------
Greg Dickie
Just A Guy*
*from discreet logic
Montreal 
(514) 954-7171
greg at discreet.com

More information about the samba-ntdom mailing list