security = domain

Greg Dickie greg at
Thu Aug 13 18:15:23 GMT 1998

The functionality you are refering to is with security=server. The NTDOM stuff
provides security=domain and lets your NT users actually athenticate to a
Primary Domain Controller implemented in samba. The problem you are having is
that your samba server may be asking the NT server to authenticate the
username/password pair just fine but then it has no idea what to do with them.
Remember samba just tries to map NT privileges to some local user. If I log on
to an NT domain with username greg but there is no user greg on the samba
machine then unless I map it to something else using username map, I will  be
nobody because UNIX does not know me.

Does that make any sense?

On 13-Aug-98 Ryan Koski wrote:
> Well, I commented out said line and rebuilt everything.  I can now
> browse the shares on my SAMBA machine (the logs show it using the
> "nobody" account).  Interestingly, all the shares appear in explorer
> with names in ALL CAPS.  I can access those shares if there is a user
> account on the Linux box with the same name as my NT domain username.
> However, if I delete that user account from the Linux box, I cannot
> access those shares anymore.
> Maybe I'm misunderstanding how SAMBA/NTDOM is supposed to work.  Is it
> supposed to be possible to get a SAMBA server to get ALL of it's auth
> info from an NT PDC without having to administer user accounts on the
> SAMBA server whatsoever?  Or do I need to have user accounts on the
> SAMBA server for each of my NT domain users?
> Thanks!
> Ryan Koski
> Management Information Systems
>               -----Original Message-----
>               From:   Matthew Chapman
> [mailto:z2232203 at]
>               Sent:   Wednesday, August 12, 1998 6:21 PM
>               To:     Multiple recipients of list
>               Subject:        Re: security = domain
>               Ryan Koski wrote:
>               > [1998/08/12 17:38:11, 0] smbd/uid.c:become_gid(136)
>               >   Couldn't set gid 500 currently set to (0,0)
>               > [1998/08/12 17:38:11, 0]
> smbd/server.c:make_connection(3699)
>               >   Can't become connected user!
>               This looks to me like another broken 'setresuid' call.
> Strange, I
>               thought it had been fixed in Redhat 5.1 (maybe not).
>               Try commenting out (enclose in /* ... */) the #define
>               line in config.h and do a clean recompile ("make clean;
> make").
>                   Matt
>               --
>               Matt Chapman
>               E-mail: mattyc at

Greg Dickie
Just A Guy*
*from discreet logic
(514) 954-7171
greg at

More information about the samba-ntdom mailing list