One-stop-authentication-shop

[Lars Kneschke]

> To host shares off a linux / samba server that I do admin, that
> gets its user
> authentication from an NT machine of which I am not an admin.
>
> Say the domain is "authdom" and there exists a user "joe"
>
> If I don't know the NT password for joe, is there a way for me to host
> a share on the samba server just for user "authdom\joe" ?  What
> about a global group from "authdom"
>
> I have read that in order for a user to get a share off the linux
> machine, they
> must have an entry in the smbpasswd file, but if I don't know joe's
> authdom password, is there no way to get that entry automatically
> propagated?
You don't need the smbpasswd file, in your case! In the smbpasswdfile you
will find username's, password hashes(os something like that:-)), and a
userid. You need the smbpasswd file only if you are the password server. But
in your case the password server is the pdc. The samba server gets the
username and the "password" from the client, and forward's them to the pdc.
Now the pdc is looking in his userdatabase(sam) and looks if the username
and the "password" ist correct, and delivers the result to the samba server.
If every thing is ok, the sambaserver lets the user in.
In the next step samba looks in /etc/passwd to find the unix
user(unixusername == windowsusername), to get unix user id(the unix uid is
neccessary for local rights on the filesystem).
=> For any windows user you must have a unix user!!
You can do this automatically. There exist a parameter in the smb.conf, to
create the unixusers on the fly.

If i mad any mistakes, anyone is invited to correct me!  ;-)

Cu


--

Lars Kneschke
http://www.kneschke.de