security = domain

Gerald Carter jerry at Eng.Auburn.EDU
Thu Aug 13 20:13:15 GMT 1998

At 04:40 AM 8/14/98 +1000, Ryan Koski wrote:
>Hmmm....  What you are saying does make sense.  However, my
>understanding of the security = domain option as explained in the
>SAMBA/NTDOM FAQ is that it will allow a SAMBA server to "join" an
>existing domain, be it controlled by NT or another SAMBA server.  I
>guess I assumed that "join" means that it becomes just like another NT
>box on the network in that it doesn't need users defined locally; it
>will authenticate users based on Domain (and trusted domain) user
>accounts.  Of course, an NT machine would know what to do with this
>info, but UNIX won't...

Eventually the samba box will run in "Appliance" mode where you 
can plug a box into the network and it will generate the neccessary 
unix uid's to do the mapping.  However, it is just not completed 
yet.  One of the woes when using experimental code :)

>Our company is trying to move our developers away from working in UNIX
>shell accounts via terminal emulators to working in MS Dev Studio with
>SourceSafe.  We've tried using NFS with commercial NFS clients for NT,
>and have a long list of reasons why we don't like doing this.  I'm
>trying to sell SAMBA as an alternative solution, but it will be a hard
>sell if we have to maintain the users on each UNIX box as well as on NT.
>Has anyone figured out a way to "dump" the list of domain users from a
>PDC to a passwd file?

Capture the output from 'net users /domain' and perform some perl 
or awk magic and you could get the job done.  I'll do that tonight 
if I get a chance.  Should be fairly easy.


                            Gerald ( Jerry ) Carter	
Engineering Network Services                           Auburn University 
jerry at   

       "...a hundred billion castaways looking for a home."
                                  - Sting "Message in a Bottle" ( 1979 )

More information about the samba-ntdom mailing list