authentication behavior

David Bear David.Bear at
Thu Mar 28 08:48:07 GMT 2002

As I understand authentication, if you have

password server = gates-inc

samba well take ntlm creditials, look in the local smbpasswd file, if the
user isnt there, with forward the credentials to the netbios machine named

What I would really really like is to be able to have

security = domain
password server = gates-inc

thereby creating a domain controlled environment for win2k/nt boxes -- and
then have the server forward auth requests just as it does not.  In this
way I would

1) have domain members trust accounts on my box
2) have any 'local domain' admin users in my own smbpasswd file
3) rely on centrally managed computer accounts to keep all the rest

This would give the best of the active directory world (an OU) without
having to muck with active directory.

I have brought this up before but so far all the response I received say
that I cannot have security = domain at the same time as password server =

I have no idea what it would take to code this -- but my gut feeling is
that it shouldn't be much.  Has anyone tried this configuration yet?  If
not, is there something wrong with the concept?  Does it not give a local
domain sys admin great flexibility?  any comments?

David Bear
College of Public Programs/ASU
...the way is like water, going where nobody wants it to go

More information about the samba-technical mailing list