Quantum Snap Server and Samba NT Domain

David Atkinson datk at albury.net.au
Fri Dec 8 12:44:32 GMT 2000


Sorry about the last message. I use M$-Lookout for mail, which does a good job of messing up mail. This might be formated a bit better :


> No luck. :(  I did already have the machine setup as a workstation (but I
> did it as all uppercase, not lowercase) 

[David Atkinson]  Yes, the account name will be listed in uppercase (netbios names are up to 14 characters, case is ignored), it is just the password which is case sensitive.

> without any luck.  I tried it the
> lowercase way too, but smbpasswd seems to convert it back to
> uppercase.  For some reason, my samba install doesn't seem to pay
> attention as to whether machines are setup in the smbpasswd file or
> not.  I can connect from machines that aren't setup in that file but the
> users are.  (I've never understood why it doesn't enforce this.)

[David Atkinson]  It only requires NT servers to participate in the network, not Win9x boxes. Win9x boxes do not properly support the domain trust relationships required for participating in domain authentication. Basically a WinNT machine logs into the domain with its machine password and then whenever a user logs on on that NT box all the other machines in the domain "Trust" that the NT box has made sure the user has valid credentials. Win9x just sends the username and password to the PDC, if it works, it works, if it doesn't, Win9x baulks. Whenever a Win9x box tries to connect to another server it uses the username/password pair it checked against the PDC to try and log into the another server.

> The Snap server requires a valid logon name (username), if I give it a bad
> one it will tell me that the server rejects the login.  If I give it a
> good one, it gives me an error that says "SMB: failed to connect to IPC$
> on domain controller".

[David Atkinson]  Have you got encrypted password support ? I have just had a look at the Snap 1000 Admin Guide (I just downloaded the first user manual I could find). It says :

When using Microsoft networking, local users are authenticated by Snap! Server with the same algorithms as a Windows NT 4.0 server (Service Pack 3 and above). 

That means encrypted passwords. This would account for the SMB IPC$ error. With invalid credentials it would logon as a guest user, with a vaild username, but invalid password, IPC$ connection would fail.


Also, this might be of use :
from the Managing Security section (Chapter 8 in the document I'm looking at)

Local Users
You can identify users who have access rights on your Snap! Server simply by entering them in the Snap! Server configuration. These users are referred to as Snap! Server local users. You use the Snap! Server Web-based Administration program to set up local users. 

When you set up a local user, you specify the following information. 

Item Description
User name
Identifies the user to the Snap! Server. In most cases, this name should be the same as the one with which the user logs in to other systems on your network. Password Used by the Snap! Server to authenticate the user. Connecting to the Snap! Server is simpler and faster if this password is the same as the one with which the user logs in to other systems on your network.

Group membership (optional)
Allows you to combine users into a single entity, and assign access rights to them all at once. For more information, see "Combining Users into Groups" on page 69.

NFS properties (optional)
Allows the Snap! Server to associate a local user with one or more user accounts on a UNIX computer, a multiuser UNIX system, or a Windows or DOS computer configured with PC/NFS. For more information, see "NFS Users" on page 77.


> When users try to connect to a share that they don't have access to
> (because I can't give them access), the snappy will show them as connected
> and validated but with no files open.







More information about the samba-ntdom mailing list