Samba 1.9.19pre-alpha as NT domain Client

Jeremy Allison jallison at cthulhu.engr.sgi.com
Fri Aug 21 01:51:51 GMT 1998 

Dries, Joseph wrote:
> 
>         I then logged into RES\uname and changed the password to match that
> of my ACCT\uname. From then on the Samba share worked. It also works for
> ACCT\uname accounts that don't have a matching RES\uname account, or
> ACCT\uname accounts that had a matching RES\uname and synchronized
> passwords.
> 
>         Therefore it sounds as if something isn't being done quite right.
> Normal NTS and NTW machines could differentiate between my ACCT\uname and
> RES\uname accounts, but the Samba CVS code didn't seem to. I have my work
> around right now. Have accounts exist in EITHER RES\uname, or ACCT\uname
> form. Or if it exists in both, make sure the passwords are synchronized.
> However that's not the correct behavior.
> 

That's an interesting observation. It works in the case
where the username doesn't exist in the resource domain.
Hmmmmmm. The CVS code just passes the given domain (ACCT
in this case) to the RES domain PDC for authenticaiton,
as a network login. We don't do anything special.

>         I did notice on our Network Appliance Filer (OS ver 5.1R1) that in
> the /etc/usermap.cfg file you can specify DOM\uname in the Unix<->NT name
> mapping. Is that something that can be done in the smbusers file, or rather
> something that _should_ be done? I do the DOM\uname mapping on my NetApp,
> but in the Samba smbusers files I just list the NT account names in uname
> form, not DOM\uname form.
> 

That's something we may want to look at later, but for now the
server code is doing the correct thing, that is to pass on the
given domain to the PDC. The issue is why the PDC thinks it's
a RES account when the ACCT username matches one in the RES
domain. I'll have to look at the network login packets an NT
server generates in the same scenario - could you capture them
for me with netmon or tcpdump and send them to me at 
jallison at engr.sgi.com, that would help greatly.

Remember it's the packets between the server in the RES domain
you're accessing (for the first time since you logged onto your
workstation) and the RES domain PDC I need to see, not the packets 
between your workstation and the RES server your're accessing.


> >
>         Username mapping is not an issue for me, I have a process to take
> care of that. What is "Applience" mode, however? I'm not familiar with that
> terminology.

A mode where Samba doesn't need local unix users. Not coded
up yet but planned soon. Vendors of Samba 'Appliences' love
this idea :-).

Cheers,

	Jeremy Allison,
	Samba Team.

-- 
--------------------------------------------------------
Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.
--------------------------------------------------------

More information about the samba-ntdom mailing list