NT domain authentication order unclear

Jason Brooks JasonB at Pointshare.com
Sat Jul 3 00:36:07 GMT 1999


How then do I tell samba to only authenticate to the domain?

Jason Brooks wrote:
> 
> Question 1:
> 
> I am making a couple of linux servers visible on my company's NT network.
I
> am currently using samba version 2.0.4b on redhat 5.1.  All is functioning
> well so far.  I am using security = domain and so far, connecting works
> great.
> 
> The PDC and BDC's are windows nt servers.
> 
> there are some unclear concepts though:  How do I tell my linux boxen to
> allow certain NT groups write access and others not?  I ask this because
all
> of the documentation treats linux groups and NT groups ambiguously.

I do all this on the unix side - this requires that all users have
accounts in both authentication systems, of course.

> Question two:
>         I would like to think the following steps are how samba does
> authentication with domains (the man pages lack this detail)
> 
> security =domain
> 1) inbound connections are authenticated to the domain controller
> 2) inbound connections are authenticated with the linux security
IIRC they're not exactly authenticated: samba checks to see if an
account with the same name exists, but does not (_cannot_ with encrypted
passwords) actually authenticate.
> 3) failed connections are granted guest access.


danch


More information about the samba-ntdom mailing list