Samba 1.9.19pre-alpha as NT domain Client

Dries, Joseph joseph.dries at lmco.com
Wed Aug 19 21:14:44 GMT 1998 

All-

I have a situation where I need to share out UNIX user's home directories
(and other shares). I'd prefer to run Samba rather than have to purchase,
install, and support a usable NFS client on our NT workstations.

Our NT environment is configured in a multiple-master domain model. There
are several Account domains that are trusted by the various resource
domains. The samba servers are part of the resource domain.

I was able to cvs checkout the HEAD branch, compile and install. I was able
to issue a smbpasswd -j RESDOM. I can see and browse to the samba server,
however it's not authenticating any users.

I have the following relevant settings in my smb.conf file:

workgroup = RESDOM
password server = RESDOM-PDC
security = domain
encrypt passwords = yes

There are specific reasons why I do not want to manage a separate smbpasswd
file. (Besides the fact that our Unix passwd file has over 5400 entries, and
that number changes +/- daily.) What I was going to implement was a perl
script that creates a UNIX account to NT account mapping (for smbusers) via
LDAP. I have a reconciliation script that keeps my Unix passwd database
reconciled with the NT accounts in the Account domain. Since there is
password aging on both the UNIX side and the NT side, it's important that I
try to keep the number of entered passwords to a minimum, thus the
authentication by NT PDC for the samba server.

My problem is however, that I'm not able to authenticate any users to the
samba process. I tried user names in the form of ACCT\uname, uname,
RESDOM\uname, etc. with passwords for each user account.

As a side note, if there is a user account in the resource domain, and a
user account in the ACCT domain, (and the user is logged into the
NTworkstation as ACCT\uname), which account does the samba server try to
authenticate?

Any suggestions would be greatly appreciated. Even if it's just "We are
aware of the issue, it's not functional yet, but will be by the time 1.9.19
goes into full alpha." Or Even "Do it this way idiot."

Thanks,
-j

--
Joseph F. Dries III
Lockheed Martin / EIS
Government Electronic Systems / IT&P
   Advanced Technology/OS Group
mailto:joseph.dries at lmco.com

More information about the samba-ntdom mailing list