I've successfully joined an W2K nt workstation to the samba domain. The following works... at least for me.
1) the become_user issue has to be fixed, otherwise it is difficult if not impossible to set things up to work consistantly both for
joining a ws to a domain and then logging in to the domain. It's probably a bad patch, but it works for now.
2) There are issues if you are using usernamemaps. Basically, the domain login inconsistently switches between the "unix" user id
and the NT user id. For example, assume usernamemap: unixuser=ntuser. When logging in to the NT workstation as 'ntuser' the user
name supplied comes back as "unixuser". This causes the local machine to incorrectly map profiles and other network logins
(Netware, for example).
I worked around this problem by removing the username map entries involved. This forced rearranging /etc/passwd so that the NT user
id precedes the unix version (nasty... requires the NT password for the UNIX screen saver).
3) I'm sure it's been discussed, but I haven't seen this in the TNG faqs... it is useful to add the domain user to the local
machine... it's not automatic. For example: if there is a unix account "user1" and an nt account "user1" and the nt machine is
joined to the domain, "user1" logging on to the domain will have no local rights. While this may be desirable, it seems
inconsistent from W2K Server behaviour when joining a workstation to a domain (you can assign local rights at the NT Active
Directory tree). In the samba case, you have to go in as a local administrator (runas helps) and add a NEW user user1 to the domain
(on the local machine). AFAIK, this can only be done by clicking "Users and Passwords" in the control panel, selecting the 'Users"
tab and hitting "add." On the property sheet which comes up, add the user on the samba domain name. Don't use "browse", it doesn't
seem to work with tng 0.7.
-------------- next part --------------
*** samba-tng-alpha.0.7/source/lib/set_uid.c Wed Mar 1 10:47:52 2000
--- samba-tng-alpha.0.7/source/lib/set_uid.c.orig Wed Feb 23 18:26:51 2000
***************
*** 333,349 ****
if (become_root_depth) {
DEBUG(0,("ERROR: become root depth is non zero\n"));
}
! if (save_dir && !become_root_depth)
dos_GetWd(become_root_dir);
! if (!become_root_depth) {
! current_user_saved = current_user;
! }
! become_root_depth++; /* let's try to stack ... but always keep the original ID */
! if (become_root_depth == 1) { /* only needed if not root */
! become_uid(0);
! become_gid(0);
! }
}
/****************************************************************************
--- 333,346 ----
if (become_root_depth) {
DEBUG(0,("ERROR: become root depth is non zero\n"));
}
! if (save_dir)
dos_GetWd(become_root_dir);
! current_user_saved = current_user;
! become_root_depth = 1;
!
! become_uid(0);
! become_gid(0);
}
/****************************************************************************
***************
*** 353,366 ****
****************************************************************************/
void unbecome_root(BOOL restore_dir)
{
! if (!become_root_depth) {/* too many unwinds ... oops just abort */
! DEBUG(0,("ERROR: unbecome root depth called with root depth = 0"));
! return;
! }
! if (--become_root_depth) {
DEBUG(0,("ERROR: unbecome root depth is %d\n",
! become_root_depth+1));
! return; /* don't unwind yet... nested calls */
}
/* we might have done a become_user() while running as root,
--- 350,358 ----
****************************************************************************/
void unbecome_root(BOOL restore_dir)
{
! if (become_root_depth != 1) {
DEBUG(0,("ERROR: unbecome root depth is %d\n",
! become_root_depth));
}
/* we might have done a become_user() while running as root,
***************
*** 395,398 ****
--- 387,391 ----
current_user = current_user_saved;
+ become_root_depth = 0;
}