security

2face lau-lau at unforgettable.com
Wed May 26 21:28:18 GMT 1999 

Hi!
I don't know if you've already gotten help, but even if you're trying to
utilize the domainserver capabilities of Samba, you _MUST_ set it to
user, DOMAIN is only when you're trying to JOIN an already existing
domain. From what I gather of your mail, you're trying to get Samba to
'emulate' a NT server. But if you're trying to JOIN a domain, you set
PASSWORD SERVER = <the NT server's netBIOS name>.

here comes the snipps:

from the smb.conf(8) man page
"security=domain" 
<<This mode will only work correctly if smbpasswd has been used to add
this machine into a Windows NT Domain. It expects the "encrypted
passwords" parameter to be set to "true". In this mode Samba will try to
validate the username/password by PASSING it to a Windows NT Primary or
Backup Domain Controller, in exactly the same way that a Windows NT
Server would do.>>

Hope this will help

/Tobias
"Ask not what you can do for your country, ask what your country can do
for you"
anonymous



Jae Chi wrote:
> 
> I actually don't have a PASSWORDSERVER set up. I had
> %m. But that didn't make any difference. And I
> remember reading that says I shouldn't have the samba
> server as the password server because it would cause
> the system to go into infinite loop or something. What
> should it be set to?
> I downloaded the code from the CVS tree last Friday.
> 
> Jae
> --- Nardus Geldenhuys <ngeldenhuys at rmbam.co.za> wrote:
> > Hi Jae
> >
> > Got the same problem :( I got the 2.1 PreAlpha code.
> > The same thing
> > happens. The smb log file moans about "Password
> > server loop, not useing
> > PASSWORDSERVER" :(
> >
> > Nardus
> >
> >
> > Jae Chi wrote:
> > >
> > > Hi,
> > >
> > > I had the PDC stuff working with the security set
> > to
> > > user. Then I wanted to utilize the NT's domain
> > user
> > > manager tool. So, I changed the security to
> > DOMAIN.
> > > Now samba won't start. Would someone be able to
> > shed
> > > some light?
> > >
> > > Here is a snap shot of the smb.conf
> > >
> > > hosts allow = 192.168.1. EXCEPT 192.168.1.1
> > > security = DOMAIN
> > > smb passwd file =
> > /usr/local/samba/private/smbpasswd
> > > passwd program = /usr/bin/passwd %u
> > > passwd chat = *New*UNIX*password* %n\n
> > > *ReType*new*UNIX*password* %n\n
> > >
> >
> *passwd:*all*authentication*tokens*updated*successfully*
> > >
> > > domain user map =
> > /usr/local/samba/lib/domainuser.map
> > > domain group map =
> > > /usr/local/samba/lib/domaingroup.map
> > >
> > > domain logons = yes
> > > logon path = \\%L\Profiles\%U
> > > name resolve order = wins lmhosts bcast
> > > dns proxy = no
> > > case sensitive = yes
> > >
> > > [NT]
> > >    comment = NT Resouces
> > >    path = /NT
> > >    browseable = yes
> > >    writable = yes
> > >
> > >  [netlogon]
> > >    comment = Network Logon Service
> > >    path = /NTUsers
> > >    guest ok = yes
> > >    writable = yes
> > >    share modes = no
> > >
> > > [Profiles]
> > >     path = /NTUsers/Profiles
> > >     browseable = no
> > >     writable = yes
> > >     guest ok = yes
> > >
> 
> ===
> Jae Chi
> jae.chi at usa.net
> jchi at yahoo.com
> 
> Without Fear
>         There is not Courage.
> 
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com

More information about the samba-ntdom mailing list