authentication behavior
David Bear
David.Bear at asu.edu
Thu Mar 28 08:48:07 GMT 2002
As I understand authentication, if you have
password server = gates-inc
samba well take ntlm creditials, look in the local smbpasswd file, if the
user isnt there, with forward the credentials to the netbios machine named
gates-inc.
What I would really really like is to be able to have
security = domain
password server = gates-inc
thereby creating a domain controlled environment for win2k/nt boxes -- and
then have the server forward auth requests just as it does not. In this
way I would
1) have domain members trust accounts on my box
2) have any 'local domain' admin users in my own smbpasswd file
3) rely on centrally managed computer accounts to keep all the rest
This would give the best of the active directory world (an OU) without
having to muck with active directory.
I have brought this up before but so far all the response I received say
that I cannot have security = domain at the same time as password server =
something.
I have no idea what it would take to code this -- but my gut feeling is
that it shouldn't be much. Has anyone tried this configuration yet? If
not, is there something wrong with the concept? Does it not give a local
domain sys admin great flexibility? any comments?
--
David Bear
College of Public Programs/ASU
480-965-8257
...the way is like water, going where nobody wants it to go
More information about the samba-technical
mailing list