PR #s 25271, 25273, 25445 security=domain does not work onSolaris

Eric Boehm boehm at
Mon Sep 9 17:25:01 GMT 2002

On Mon, Sep 09, 2002 at 11:36:51AM -0400, David Collier-Brown wrote:
>>>>> "David" == David Collier-Brown <davecb at> writes:
>>>>> "Tim" == Tim Allen <tallen at> writes:

    Tim> I have posted to this group in the past and been told that
    Tim> the behavior I'm seeing is not correct. My main file server
    Tim> (Samba/Linux) does not behave this way (similar smb.conf).

    Tim> And the symptom was: I have posted to the user groups and
    Tim> think I have found a bug. Our RHL6.2 box running samba 2.0.6
    Tim> is a member of our NT domain. An NT user (say jbloggs) cannot
    Tim> browse the unix/samba box unless there is a corresponding
    Tim> unix user (jbloggs) on the unix box; this is the expected
    Tim> (and correct??!) behavior. We have added samba 2.2.2 to one
    Tim> of our Sun boxes (Solaris 8) and now we appear to have to add
    Tim> users to the "smbusers" file in addition to (or instead of)
    Tim> just having a corresponding unix user. I will supply further
    Tim> information (smb.conf, log files, whatever) as requested.

    David> 	You normally need a Unix user, but if you wish to use
    David> the NT form of encrypted passwords, you also have to have
    David> an entry for the user in the smbpasswd file.  As
    David> security=domain requires encrypted passwords, I'm afraid
    David> you're stuck with it!

Are you sure about this? I've been running 2.0.7 for a couple of years
with security = domain and I don't need to create an smbusers
file. The only time I run into problems is if the Windows user does
not have a UNIX account. As long as the userid exists in the Windows
domain and NIS domain, it works fine (with encrypted passwords).

I am also running 2.2.5 with the same configuration.

It might be worthwhile to see Tim's smb.conf or a level 3 or level 5
log of a failed access.

Here's the relevant portion of mine

	workgroup	       = AMERICASE
	security	       = domain
	password server        = ZRTPD01T ZRTPD0P0 NRTPDE11
	wins server	       =
	encrypt passwords      = yes 

Eric M. Boehm                  /"\  ASCII Ribbon Campaign
boehm at       \ /  No HTML or RTF in mail
                                X   No proprietary word-processing
Respect Open Standards         / \  files in mail

More information about the samba-technical mailing list