PR #s 25271, 25273, 25445 security=domain does not
work onSolaris
Tim Allen
tallen at integritycompanies.com
Mon Sep 9 19:18:00 GMT 2002
I have noticed something possibly related; If a machine account already
exists and I attempt to do the smbpasswd -j DOM -r pdc -U Administrator
I think the domain service dies on the PDC, this is repeatable but we're
on an old copy of NT (SP4). I have compiled and am in the process of
installing 2.2.5.
>>> Javid Abdul-AJAVID1 <AJAVID1 at motorola.com> 09/09 2:30 PM >>>
yes, i agree with Eric,
I havent had any issues as long as unix accunt exist in nis domain,
and
samba is memeber server in nt domain
my setup, solaris6, samba 2 0 7 and 2 2 5, clients w2k
-----Original Message-----
From: Eric Boehm [mailto:boehm at nortelnetworks.com]
Sent: Monday, September 09, 2002 12:24 PM
To: samba-technical at lists.samba.org
Cc: Tim Allen; David.Collier-Brown at sun.com
Subject: Re: PR #s 25271, 25273, 25445 security=domain does not work
onSolaris
On Mon, Sep 09, 2002 at 11:36:51AM -0400, David Collier-Brown wrote:
>>>>> "David" == David Collier-Brown <davecb at canada.sun.com> writes:
>>>>> "Tim" == Tim Allen <tallen at integritycompanies.com> writes:
Tim> I have posted to this group in the past and been told that
Tim> the behavior I'm seeing is not correct. My main file server
Tim> (Samba/Linux) does not behave this way (similar smb.conf).
Tim> And the symptom was: I have posted to the user groups and
Tim> think I have found a bug. Our RHL6.2 box running samba 2.0.6
Tim> is a member of our NT domain. An NT user (say jbloggs) cannot
Tim> browse the unix/samba box unless there is a corresponding
Tim> unix user (jbloggs) on the unix box; this is the expected
Tim> (and correct??!) behavior. We have added samba 2.2.2 to one
Tim> of our Sun boxes (Solaris 8) and now we appear to have to add
Tim> users to the "smbusers" file in addition to (or instead of)
Tim> just having a corresponding unix user. I will supply further
Tim> information (smb.conf, log files, whatever) as requested.
David> You normally need a Unix user, but if you wish to use
David> the NT form of encrypted passwords, you also have to have
David> an entry for the user in the smbpasswd file. As
David> security=domain requires encrypted passwords, I'm afraid
David> you're stuck with it!
Are you sure about this? I've been running 2.0.7 for a couple of years
with security = domain and I don't need to create an smbusers
file. The only time I run into problems is if the Windows user does
not have a UNIX account. As long as the userid exists in the Windows
domain and NIS domain, it works fine (with encrypted passwords).
I am also running 2.2.5 with the same configuration.
It might be worthwhile to see Tim's smb.conf or a level 3 or level 5
log of a failed access.
Here's the relevant portion of mine
workgroup = AMERICASE
security = domain
password server = ZRTPD01T ZRTPD0P0 NRTPDE11
#
wins server = 47.156.160.179
encrypt passwords = yes
--
Eric M. Boehm /"\ ASCII Ribbon Campaign
boehm at nortelnetworks.com \ / No HTML or RTF in mail
X No proprietary word-processing
Respect Open Standards / \ files in mail
More information about the samba-technical
mailing list