Problems with server = domain

Johan Roos roos at goofy.rsn.hk-r.se
Thu Feb 25 08:21:35 GMT 1999


On 25-Feb-99 Lubin Wang wrote:
> 
> In your case, it seems to be that NT-login-name is not a domain user,
and
> when
> NT client gets a prompt for ID/Password, it does not pass a correct
> SID/Password
> to ARCH .

My NT-login-name is a domain user and works fine to access shares on other
NT-servers in the domain without a local user.

> 
> Case 1:
>     If you login NT client( which is a member of INFO) with domain user
> ID(RID)
>     ---for example, roos--- and correct password, then you would not get
>    any prompt for username/password.

I do.   :(

> 
> Case 2:
>    if you login NT client with a local user ID -- for example, johan who
is
> not
>    a user of domain INFO--, when you access RUT, you will get that
> prompt
>    for username/password. Then if you type in
>               info\roos -- domain user name -- with its password
>    ARCH will pass you, otherwise such as roos alone or johan as the
> username, then
>    the authentication will be failure and RUT will do its own
> authentication
> with
>    SAMBA password file( return to security = user).

Ok, I thought so, so I wasnt that worried about smbclient saying user.

> 
> I have a similar network structure except I do not set up a Samba
> password file, 

I dont either, I just tested with one as it didnt work, its gone now.

> I just use usernames map file to map domain users to UNIX users. I am
> not so sure about the authentication algorithm, just from my experience,
the
> authentication way is like that
>    when a client make the access to RUT, client will pass the
> username/password
> to ARCH via RUT, if it is the first time access to RUT, then the
> username/password
> will be your client-login-ones, if it is failure, then RUT will check
its
> own password
> file(for NT server usually do authentication in encrypted mode, SAMBA
will
> not
> check UNIX password file). if it is failure too, then you will get
prompt
> for ID/PASSWORD.
> here your need to pass SID(?) but not RID(?).
> 

Do I need a usernames map file even though i use domain settings?
I dont want to have all those users on the UNIX machine, that was sort of
the whole idea about joining the NT-domain. If i need it could i map all
the users (lots of them) with a wildcard to the same UNIX user.


> I hope these will help to solve your problem
> 

I think not,  im afraid. Thanks anyway.


/Roos



More information about the samba mailing list