security = domain & security = user mixing.... Is it possible?
abakun at reac.com
Wed Apr 28 22:01:06 GMT 1999
I had a similar setup when I converted our network over from an NT PDC to a
You need to use netbios aliases. Say your machine is named SAMBA. Put the
following in the smb.conf file:
netbios aliases = DOMMEMBER
Then, create two configuration files, one named smb.conf.SAMBA and one named
In smb.conf.SAMBA, put your
security = user
line and any other lines related to security = user (like the path to
In smb.conf.DOMMEMBER, put
security = domain
and other parameters related to security = domain, like password server =,
The people who access the machine as \\DOMMEMBER from their workstations will
be authed via the password server, and those who access it via \\SAMBA will be
authed against the smbpasswd file. Ideally, all the share definitions will be
shared between both "virtual servers", so no matter if the users access it as
\\SAMBA or as \\DOMMEMBER, they should see the same shares.
You'll still need to create accounts on the samba machine for those security =
server accounts, or you can use the user name map file to map them all to a
common account, I guess, but I never tried this).
Rolando Berrios wrote:
> Hey all,
> I've read through the documentation and (unless I'm an idiot) I can't find
> a resolution to this problem. I'm trying to move from a workstation style
> setting, using pretty much only NT desktop machines, to a NT domain style
> The problem is that we have a few people who won't be joining the domain
> and will need to access the SAMBA shared (file/print)server that is
> running in the security = domain setting. After wondering to myself why
> the users weren't able to log onto the Linux box running SAMBA, I tried
> looking at the log files and I got this:
> [1999/04/28 17:11:33, 0] rpc_client/cli_netlogon.c:cli_net_sam_logon(371)
> cli_net_sam_logon: NT_STATUS_NO_SUCH_USER
> [1999/04/28 17:11:33, 0] smbd/password.c:domain_client_validate(1365)
> domain_client_validate: unable to validate password for user rberrios in
> domain NT-TESTDOMAIN to Domain controller TESTDOMAINCONTROLLER. Error was
> After that it attempted to find the user on the SAMBA server in the
> smb_passwd file, of which there was no such user.
> When I try to connect to an NT server that's part of the domain and the
> account I'm using is not a domain account, but a local one, I don't run
> into any errors - I simply have to enter the domain account username and
> password pair and I'm in.
> Is this functionality not supported? Or are there some configuration
> options that I've screwed up?
> Any help would be very much appreciated.
More information about the samba-ntdom