NT4.0 PDC and Samba help

Christoph Doerbeck doerbeck at dma.isg.mot.com
Tue Aug 18 15:43:10 GMT 1998

I read that someone stated that you NEED local accounts in /etc/passwd.
I don't believe this to be the case.  In fact, I thought that if you
were to create a "username map" with an entry like "safeshare = *"
then all NTDOM connections authenticated through the NT server
would work, and have local userid "safeshare" on the samba server.

This would imply you need one entry in /etc/passwd for a unique
share userid.  I suppose you could use something like "nobody" or
"bin" if you wanted to avoid creating special userids.

Am I way off on this?  Or does this sound like a solution to the
stated problem?

> After reading the documentation and faq regarding ntdomain, I'm still
> lost and don't know where to turn.  
> I wanted to do the following:
> 1. Install Samba on my unix box, and let it join my NT Domain as a 
> file server.  
> 2. Allow my NT 4.0 Workstation clients connect to private shares created
> on the Samba server.
> - I was able to install Samba with no problems.
> - I was able to join the Samba server into my NT Domain with no problems
> (I see DOMAIN.SERVERNAME.mac file in the private directory).
> - I run testparm to check for errors , and it tests fine.
> - I can connect public shares with no problems... this works fine.
> - I cannot however get my private shares connected with valid NT domain
> accounts. (akirasvr is a valid domain account) NT comes back and says
> "Incorrect password or unknown username for \\imaps1\matsaki"
> I read somewhere in the archive that I don't need to create accounts on
> the unix side of things...  Is this true?   Has anyone got this to work
> without creating the accounts on the unix side? 
> If anyone can help me out here, I'd greatly appreciate it.. I'm new to
> both Unix and Samba, but am very familiar with NT...Thanx
> Btw..My smb.conf file looks like this:
> workgroup = IMAD
> guest account = nobody
> security = domain
> password server = imad1
> encrypt passwords = yes
> domain master = no
> wins server =
> interfaces =
> dns proxy = no
> [matsaki]
> comment = Akira's Private Directory
> path = /usr/users/matsaki
> writable = yes
> valid users = akirasvr
> public = no
> guest ok = no
> [public]
> comment = IMAPS1 Apps Share
> path = /usr/samba/samba1/apps
> public = yes
> read only = no

More information about the samba-ntdom mailing list