Samba: domain member

Benjamin Kuit bj at
Mon May 24 04:12:02 GMT 1999

Hi Alister,

What is your current smb.conf setting ?

To have people accessing samba shares while authenticating against
a NT PDC, then the options to really look for is

password server = <NT PDC name>
security = domain

>From what I gather, you shouldn't need a local password list, as
all lookups are done via the NT PDC, altho in all likely hood, NT
usernames would have to match UNIX usernames. In the cases where
they done, then you use the 'username map' feature.

Here you would match NT users, who would otherwise not have a UNIX
equivalent, to existing UNIX accounts, so to tell samba under who's
permissions the connection is going to be made as.

In MCS/SOCS, we have moved away from an NT PDC and using samba
as the domain's lord and master.


> Hi again,
> With a samba server as a domain member (not PDC or BDC) how then can I get
> users to use its resources?  I've followed the steps in the FAQ, and that's
> worked out fine... my server's in the domain.  I've also ben reading up on
> everything I can get my grubby little hands on... but either I haven't
> found the magic answer, or I did but wasn't bright enough to understand it.
> I'm not sure about the "username map =" bit.  According to the FAQ, I'd
> have to manually create accounts for all NT users?  There's no way of
> automatically creating users on my samba machine, and having them updated
> as user details change?  The "username map =" seemed to be the way to go o
> do this, but I could only find a way of mapping logins to a single username.
> What I've got is one NT domain imported into an NDS tree using NDS for NT.
> The samba server is a MacOS X Server.  All NDS user details are kept
> syncronised with the NT ones, and users log in to NDS and get access to the
> domain that way (they could log in to the domain directly, but it's much
> much easier to manage NT WS and 9x computers through NDS).
> Is it possible to have users (and home directories) created on a samba
> server which gets these details from an NT server when in turn gets these
> details from NDS?  I can the use the NDS login script to map a drive letter
> to the samba server, but more importantly, I can have one login and
> password for my users - Windows and Mac (once bloody NetWare 5 supports Mac
> users properly).  If all of this worked, I can create the users in NDS
> which filters down to the NT domain (which happens now) and then through to
> a Unix box.  With some minor additions on the Unix/MacOS Server side, then
> I can have their same login as the authentication point for my Mac users
> through Macintosh Manager (which comes with MacOS X Server).
> This would make me ... well, if not happy, then at least content.
> So, is the above even vaguely possible?  Or should I just give up now and
> save myself a lot of trouble?
> Thanks,
> Alister
> --
> Alister Air                     | "Excuse me for not answering your
> Faculty Computing Manager (HSS) | letter sooner, but I've been so
> Information Technology Division | busy not answering letters that I
> University of Technology Sydney | couldn't get round to not answering
> Ph:  9514 1277   Fx:  9514 1595 | yours in time." --Marx, Groucho.--

|      Benjamin (Bj) Kuit       |  Faculty of Mathematical             |
|      Systems Programmer       |          and Computing Sciences.     |
|      Phone: 02 9514 1841      |  University of Technology, Sydney    |
|      Mobile: 0412 182 972     |  bj at                   |

More information about the samba-ntdom mailing list