Trusting NT accounts with samba's PDC server
Andrea Zolnhofer & Michael Ott
ZolnOtt at t-online.de
Fri Jun 2 22:10:57 GMT 2000
If you read "Teach Yourself Samba in 24 hours", vou can read, that the trust is
Which whitch version of Samba do you work. Try it with a alpha-version, like
samba-tng-2.1 or higher. It can be downloaded from the page www.samba.org. It
had try it also with cvs but I became an older version (2.0.4)
> Am Fre, 02 Jun 2000 schrieben Sie:
> I'm trying to set up a Samba domain with
> one way trust to another domain run by a NT server.
> I'm trying to have it so that accounts on the NT server domain
> have access to shares within the Samba domain.
> This is where am at...
> I'm using Samba from the CVS tree downloaded
> from 5/25/2000.
> I have a NT workstation within my Samba domain.
> Some important attributes in my smb.conf:
> workgroup = NA5
> netbios name = NEVETS
> security = SERVER
> encrypt passwords = Yes
> map to guest = Bad User
> null passwords = Yes
> password server = grouper # this is the name of the NT PDC.
> domain logons = Yes
> perferred master = Yes
> domain master = Yes
> wins support = Yes # not used
> guest account = guest
> path = /tmp/samba
> username = pdctest
> read only = No
> I left out log info and misc stuff.
> My NT workstation in my domain is called dilbert.
> in my passwd file I have:
> pdctest:*:9001:99:PDC test:/dev/null:/bin/fakesh
> I added dilbert with
> smbpasswd -m dilbert
> Note: pdctest is NOT in the smbpasswd file (purposely)
> What works:
> I can access resources on dilbert using accounts only on my Samba PDC.
> So dilbert is in the domain ok.
> I can access resources on the Samba PDC from dilbert.
> I can access resources on the Samba PDC from the NT domain using
> the pdctest account.
> I've tested with good and bad passwords and everything seems
> to work. So I believe that the trust between Samba and the
> NT account is ok.
> What doesn't work:
> I cannot access resources on the NT workstation from the NT domain
> using the pdctest account.
> I set the debug level to 5 and walked through some of the samba code
> and I noticed that in srv_netlog.c that it searches through the smbpasswd
> and if not found that it sets the status.
> I don't know the samba code that well since I only looked at this today,
> but this seems to be causing the connection to fail.
> I figure that if I can get the NT workstation to connect to the Samba box
> and the samba box to trust the NT domain, I should be able to authenticate
> the NT workstation by using the NT domain. It just seems to be missing
> a little code.
> Am I on the right track? or am I just out there?
> Any help would be appreciated. Thanks.
> I'm willing to hack at the code a little too, but I'm warning you
> I'm not that familiar with the SMB protocol, I only know what
> I've read in "Using Samba" and "Teach Yourself Samba in 24 hours"
> (both excellent books!)
> Steven Rostedt
More information about the samba-ntdom