PR #s 25271, 25273, 25445 security=domain does not work onSolaris

[Andrew Morgan]

On Tue, 10 Sep 2002, Richard Sharpe wrote:

> On Mon, 9 Sep 2002, Eric Boehm wrote:
>
> > On Mon, Sep 09, 2002 at 11:36:51AM -0400, David Collier-Brown wrote:
> > >>>>> "David" == David Collier-Brown <davecb at canada.sun.com> writes:
> > >>>>> "Tim" == Tim Allen <tallen at integritycompanies.com> writes:
> >
> >     David> 	You normally need a Unix user, but if you wish to use
> >     David> the NT form of encrypted passwords, you also have to have
> >     David> an entry for the user in the smbpasswd file.  As
> >     David> security=domain requires encrypted passwords, I'm afraid
> >     David> you're stuck with it!
> >
> >
> > Are you sure about this? I've been running 2.0.7 for a couple of years
> > with security = domain and I don't need to create an smbusers
> > file. The only time I run into problems is if the Windows user does
> > not have a UNIX account. As long as the userid exists in the Windows
> > domain and NIS domain, it works fine (with encrypted passwords).
>
> Well, its a fact that you need a UNIX user/account. In your case, the
> UID/account info is in NIS. Works great. If you are not using NIS, then
> you need a local account.

It sounds like there is a little confusion here.  For a samba user to
successfully connect, they must have a unix account.  If you are running
in security=domain, you do not need to have a smbpasswd file because samba
will pass the authentication off to a Windows domain controller (password
server setting).

Just to answer Tim's original question, it sounds like you don't have the
machine account created, or you haven't run 'smbpasswd -j DOM -r PDC' yet.
Either way, samba can't talk to your password server without this machine
account working.  I (and many others) have Samba working on Solaris 8 with
security=domain, so unless there is something else going on at your site,
I don't think this is a Samba bug.

	Andy