Problems with server = domain SAMBA digest 1996

[Lubin Wang]

>Date: Wed, 24 Feb 1999 15:27:19 +0100 (CET)
>From: "\"Johan Roos\"" <roos at goofy.rsn.hk-r.se>
>To: samba at samba.org
>Subject: Problems with server=domain
>Message-ID: <Pine.LNX.4.04.9902241526040.3422-100000 at goofy.rsn.hk-r.se>

>        workgroup = INFO
>        netbios name = RUT
>        security = DOMAIN
>        encrypt passwords = Yes
>        password server = ARCH BERMUDA
>Now the problems starts, when a user on an NT-machine on our network try
>to
>access the shares on RUT he gets promted for password and username
>allthough it
>works fine on other servers getting their authentication through ARCH and
>BERMUDA. If I add a user on RUT with smbpasswd -a that user can access the
>shares but the smbclient then reports that the server is in user mode.
>
>Please help.



In your case, it seems to be that NT-login-name is not a domain user, and
when
NT client gets a prompt for ID/Password, it does not pass a correct
SID/Password
to ARCH .

Case 1:
    If you login NT client( which is a member of INFO) with domain user
ID(RID)
    ---for example, roos--- and correct password, then you would not get
   any prompt for username/password.

Case 2:
   if you login NT client with a local user ID -- for example, johan who is
not
   a user of domain INFO--, when you access RUT, you will get that prompt
   for username/password. Then if you type in
              info\roos -- domain user name -- with its password
   ARCH will pass you, otherwise such as roos alone or johan as the
username, then
   the authentication will be failure and RUT will do its own authentication
with
   SAMBA password file( return to security = user).

I have a similar network structure except I do not set up a Samba password
file, I just use usernames map file to map domain users to UNIX users. I am
not so sure about the authentication algorithm, just from my experience, the
authentication way is like that
   when a client make the access to RUT, client will pass the
username/password
to ARCH via RUT, if it is the first time access to RUT, then the
username/password
will be your client-login-ones, if it is failure, then RUT will check its
own password
file(for NT server usually do authentication in encrypted mode, SAMBA will
not
check UNIX password file). if it is failure too, then you will get prompt
for ID/PASSWORD.
here your need to pass SID(?) but not RID(?).

I hope these will help to solve your problem

-------------

My problems

(a)Do someones know how to pass a SID to a domain PDC with Windows95/98
client?
             workgroup = domain
              security = domain
             password server = PDC, BDC
     SAMBA 2.0.2 on Solaris 2.5, NIS++,  PDC is NT4.0 SP4.
    I have tried to mount a share on SAMBA server with
               drive: \\SAMBA-Server\share%domain\username
    but it did not work.

(b)Strange log ?

    From Windows95 with username fred who is a domain user and has a map to
    a Samba server, I did a mount as below
           drive: \\SAMBA-Server\andy%domain\andy
    where domain\andy is a domain user, and andy is a unix user. then I got
a
    log
         connected to service andy as user fred.
                                       ~~~~            ~~~~
    in Samba logfile.
    but in fact the connection was to fred's unix home not andy's home!
                                                  ~~~~~~~~~~~~~~~
~~~~~~~~~~~~
    there was no any errors appeared.
    (home section in smb.conf is set as below
      [home]
         path = /home/%u/PChome
         browseable = no

    )
    Something was wrong?

Thanks.

Lubin

lubin.wang at toshiba.co.jp