One-stop-authentication-shop

[Brown, Matthew]

Yes, I think you can do exactly that.  I am just completing a migration
where I had to do that for a short time as a stop gap measure to fix a
mistake I'd made in planning.

Basically what I'd done is set up the Samba server as a member of the NT
domain (authdom in your case), set the password server to be the authdom
PDC, and it seemed to do exactly what you're talking about.

By the way, I find Samba's user directory feature to be far superior to
NT's, but that may be because I did not know how to create a share for each
NT user automagically that matched their username.

I amay have left something out here, but I don't recall specifically
changing any other defaults to make this work as you described.

-Matthew Brown


-----Original Message-----
From: davec at columbiaenergygroup.com
[mailto:davec at columbiaenergygroup.com]
Sent: Friday, July 07, 2000 2:00 PM
To: Multiple recipients of list SAMBA-NTDOM
Subject: One-stop-authentication-shop


I have poured over the samba 2.0.7 documentation, and have found
bits & pieces of what I want, but not  everything.

I find it hard to think that no one else hasn't done / isn't doing what I
want, which is:

To host shares off a linux / samba server that I do admin, that gets its
user
authentication from an NT machine of which I am not an admin.

Say the domain is "authdom" and there exists a user "joe"

If I don't know the NT password for joe, is there a way for me to host
a share on the samba server just for user "authdom\joe" ?  What
about a global group from "authdom"

I have read that in order for a user to get a share off the linux machine,
they
must have an entry in the smbpasswd file, but if I don't know joe's
authdom password, is there no way to get that entry automatically
propagated?

Thanks,

Dave
davec at ceg.com