NT domain authentication order unclear
JasonB at Pointshare.com
Sat Jul 3 00:36:07 GMT 1999
How then do I tell samba to only authenticate to the domain?
Jason Brooks wrote:
> Question 1:
> I am making a couple of linux servers visible on my company's NT network.
> am currently using samba version 2.0.4b on redhat 5.1. All is functioning
> well so far. I am using security = domain and so far, connecting works
> The PDC and BDC's are windows nt servers.
> there are some unclear concepts though: How do I tell my linux boxen to
> allow certain NT groups write access and others not? I ask this because
> of the documentation treats linux groups and NT groups ambiguously.
I do all this on the unix side - this requires that all users have
accounts in both authentication systems, of course.
> Question two:
> I would like to think the following steps are how samba does
> authentication with domains (the man pages lack this detail)
> security =domain
> 1) inbound connections are authenticated to the domain controller
> 2) inbound connections are authenticated with the linux security
IIRC they're not exactly authenticated: samba checks to see if an
account with the same name exists, but does not (_cannot_ with encrypted
passwords) actually authenticate.
> 3) failed connections are granted guest access.
More information about the samba-ntdom