NT user authentication

Dries, Joseph joseph.dries at lmco.com
Mon Dec 7 21:18:49 GMT 1998

The way that Network Appliance handles this situation is as follows:

You can define users, either local, or in DOMAIN\user format. Then at the
end you can specify a 

*	""

Type entry. That matches everything else, and prevents access. That way you
can have anonymous access without that map entry, or with it you can
explicitly define the users that have access to the box.


Joseph F. Dries III
Lockheed Martin / EIS
Government Electronic Systems / IT&P
   Advanced Technology/OS Group
mailto:joseph.dries at lmco.com

> -----Original Message-----
> From:	Luke Kenneth Casson Leighton [SMTP:lkcl at switchboard.net]
> Sent:	Monday, December 07, 1998 1:44 PM
> To:	Multiple recipients of list
> Subject:	RE: NT user authentication
> > Adding Unix to NT domain may require quite complex setup. And it is my
> firm
> > feeling, that everything should be done explicitly. There is no place
> for
> > defaults. If you cannot decide what credentials a given user gets on
> Unix -
> > be on safe side and deny any connection.
> > 
> > In other words - either Domain (_any_ Domain) user is explicitly mapped
> to
> > Unix - or it is denied access.
> oh dear, what do yother people think about this?  would you agree that any
> user not explicitly mapped to a domain user (through, say, "domain user
> map", should be denied acess)?
> luke

More information about the samba-ntdom mailing list