samba-tng: cvs update. important configuration info
Luke Kenneth Casson Leighton
lkcl at samba.org
Sun Jan 2 17:11:24 GMT 2000
just as NT needs a workstation trust account for itself, now so does
samba-tng cvs latest.
i am seeing how far i can get, just for fun, by removing anything that
isn't actually file serving from smbd. that _includes_ user
authentication, which now uses nt-style NetrSamLogon in exactly the same
way as "security = domain", but this is now _also_ used for "security =
user", "encrypted passwords = yes".
in order for this to work, you must add a trust account for the samba
server itself, in order that it may securely verify users against itself
:-) even on loop-back, i am treating user authentication attempts as
btw, when i said that i wanted to remote anything that isn't file servicg
from smbd, i didn't say it was going to be practical... for a while.
i'll see about doing an install script that sets up the initial
own-trust-account automatically... later :-) :-)
f.y.i, those people who need reminders on how to set up wksta trust
>From lkcl at samba.anu.edu.au Mon Jan 3 04:10:39 2000
Date: Mon, 3 Jan 2000 04:08:40 +1100
From: Luke Leighton <lkcl at samba.anu.edu.au>
To: Multiple recipients of list SAMBA-CVS <samba-cvs at samba.org>
Subject: CVS update: samba/source/rpcclient
Date: Monday January 3, 19100 @ 4:03
Update of /data/cvs/samba/source/rpcclient
In directory samba:/data/people/lkcl/samba-tng/source/rpcclient
fixing up NETLOGON usage. password validation must now go through
password_ok() which checks server security, domain security followed
by unix pwdb.
if using "encrypted sswords = yeses", you _must_ now run netlogond.
if using "security = user", you _must_ add a workstation
trust account your_own_server_name$ to unix pwdb _and_ follow
it up with smbpasswd -a -j your_own_server_name$ _or
rpcclient -S your_server -Uadmin%pass -l log
lsaquery createuser your_owk_server_name$ -j
both smbpasswd _or_ rpcclient _must_ be run as root.
(this may change for rpcclient in the near future, if i
implement LsaSetPrivateData to set the trust account,
More information about the samba-technical