Samba - usernames in a NT network

Peter de Groot pdgtech at kalnet.com.au
Wed Sep 13 17:54:15 GMT 2000 

Following is a discussion I sent to a client... 

Unfortunately, I do not have access to the gear any more,
therefore am not sure if this worked.

I was chatting to the client a little while ago, and he
seemed to say that it worked EXCEPT that if you DOUBLE CLICK
on the share in the browser........ it hangs

Any thoughts/comments

                 +++++++++++++++++
Interesting problem with Samba.  This is the first time that I
have tried to implement it in an existing Microsoft network.

Although I had problems, I may have "jagged" it before I left.  
Unfortunately, the SG was running 2 backup jobs and tons of 
other stuff, so I was not able to test it properly.

The problems were an interesting combination of 
1. Mixture of NT and W98 clients
2. Different usernames on the PCs to the SGs.

The most interesting problem was that the PCs would not
send a consistant username for validation by the Samba
server. 

For example.  When asking for a username/password to access
a share on Samba... the NT PC would ask for a username/password
in a prompt box, but appeared to send the NT username over to the Samba
server for validation.  Other times.. (on W98?) it would send over 
the machine name instead ... I think???

According to the Samba docs... A Microsoft login appears to validate
the password, and then select the username that matches, so
you really have no control on what username is presented
to the Samba server for validation.  For the older
versions of Windows (WfW?) anyway.

Given that I had to map the PC username to the SG username,
as well, this solution was obviously not going to work.

Mmmmm

Instead of validating the username/password on the Samba server (SG),
I validated the username/password against the NT server.  Just
like you would if you were logging in as usual.

In other words.... when your select a Samba share, it checks your
normal login username/password with the NT server, just as if you
were logging in again.

The samba server then assumes that you are a bona fida user.  It
does not check your password. It assumes that if the NT server
lets you log in, then you are a valid user.

I then have a username map which changes your username
to one that is valid on the Samba server.  You then access the 
Samba server as a username on the SG machine.  Currently
it is in /usr/samba/private/username_map with the one
entry  res0006 = jaustin

For example.... If a PC user.. say  jaustin access a Samba server....
Samba sends jaustin/password to the NT server, from your original
login.  Obviously  ... this is correct.... so Samba then changes the
Samba username to one set in the username map to say .... res0006,
and then uses this to access the Samba data.

This seemed to work quite well, but I did not have much time to test
it out, with the backups killing the machine and all..........

I am currently trying to access the Samba mailing lists and 
ask some more questions etc and will get some more info....


______________________________________________________________

              PDG Technical Services Pty Ltd
                      ABN 25077936933        
 Peter de Groot                             P.O. Box 10349   
  08) 90916817                              Kalgoorlie 6430  
 pdgtech at kalnet.com.au                      Western Australia
______________________________________________________________

More information about the samba mailing list