NT user authentication
Andrej Borsenkow
borsenkow.msk at sni.de
Thu Dec 3 18:14:49 GMT 1998
>
> any user not explicitly mapped in by "domain user map" is checked against
> the PDC. if the account does not exist on the PDC, _then_ it is treated
> as a local user.
>
1. NT WS user != NT Domian user even if the name is the same. Why you deny
it
to SAMBA?
2. If NT domain has trusted domains and any user from these domains tries to
connect,
he will be accepted by PDC. And if his name happens to exist in Unix, he
will be
given _this_unix_user_rights_ Even if you can control local domains, you
probably
cannot control remote. I don't expect remote admin to consult me before
creating
new user. And just hope, that he will never select "root" ...
> _regardless_ of whether it is a local or a domain user, there must still
> exist a UNIX account with the same name.
>
Sure. I have spoken about the case when Unix account exist.
I understand your point - please, understand mine. I don't say "do it this
way only" - I ask for a possibility to do it both ways if needed.
/andrej
More information about the samba-ntdom
mailing list