PR #s 25271, 25273, 25445 security=domain does not work onSolaris
morgan at orst.edu
Mon Sep 9 18:11:01 GMT 2002
On Tue, 10 Sep 2002, Richard Sharpe wrote:
> On Mon, 9 Sep 2002, Eric Boehm wrote:
> > On Mon, Sep 09, 2002 at 11:36:51AM -0400, David Collier-Brown wrote:
> > >>>>> "David" == David Collier-Brown <davecb at canada.sun.com> writes:
> > >>>>> "Tim" == Tim Allen <tallen at integritycompanies.com> writes:
> > David> You normally need a Unix user, but if you wish to use
> > David> the NT form of encrypted passwords, you also have to have
> > David> an entry for the user in the smbpasswd file. As
> > David> security=domain requires encrypted passwords, I'm afraid
> > David> you're stuck with it!
> > Are you sure about this? I've been running 2.0.7 for a couple of years
> > with security = domain and I don't need to create an smbusers
> > file. The only time I run into problems is if the Windows user does
> > not have a UNIX account. As long as the userid exists in the Windows
> > domain and NIS domain, it works fine (with encrypted passwords).
> Well, its a fact that you need a UNIX user/account. In your case, the
> UID/account info is in NIS. Works great. If you are not using NIS, then
> you need a local account.
It sounds like there is a little confusion here. For a samba user to
successfully connect, they must have a unix account. If you are running
in security=domain, you do not need to have a smbpasswd file because samba
will pass the authentication off to a Windows domain controller (password
Just to answer Tim's original question, it sounds like you don't have the
machine account created, or you haven't run 'smbpasswd -j DOM -r PDC' yet.
Either way, samba can't talk to your password server without this machine
account working. I (and many others) have Samba working on Solaris 8 with
security=domain, so unless there is something else going on at your site,
I don't think this is a Samba bug.
More information about the samba-technical