Samba - usernames in a NT network
Peter de Groot
pdgtech at kalnet.com.au
Wed Sep 13 17:54:15 GMT 2000
Following is a discussion I sent to a client...
Unfortunately, I do not have access to the gear any more,
therefore am not sure if this worked.
I was chatting to the client a little while ago, and he
seemed to say that it worked EXCEPT that if you DOUBLE CLICK
on the share in the browser........ it hangs
Interesting problem with Samba. This is the first time that I
have tried to implement it in an existing Microsoft network.
Although I had problems, I may have "jagged" it before I left.
Unfortunately, the SG was running 2 backup jobs and tons of
other stuff, so I was not able to test it properly.
The problems were an interesting combination of
1. Mixture of NT and W98 clients
2. Different usernames on the PCs to the SGs.
The most interesting problem was that the PCs would not
send a consistant username for validation by the Samba
For example. When asking for a username/password to access
a share on Samba... the NT PC would ask for a username/password
in a prompt box, but appeared to send the NT username over to the Samba
server for validation. Other times.. (on W98?) it would send over
the machine name instead ... I think???
According to the Samba docs... A Microsoft login appears to validate
the password, and then select the username that matches, so
you really have no control on what username is presented
to the Samba server for validation. For the older
versions of Windows (WfW?) anyway.
Given that I had to map the PC username to the SG username,
as well, this solution was obviously not going to work.
Instead of validating the username/password on the Samba server (SG),
I validated the username/password against the NT server. Just
like you would if you were logging in as usual.
In other words.... when your select a Samba share, it checks your
normal login username/password with the NT server, just as if you
were logging in again.
The samba server then assumes that you are a bona fida user. It
does not check your password. It assumes that if the NT server
lets you log in, then you are a valid user.
I then have a username map which changes your username
to one that is valid on the Samba server. You then access the
Samba server as a username on the SG machine. Currently
it is in /usr/samba/private/username_map with the one
entry res0006 = jaustin
For example.... If a PC user.. say jaustin access a Samba server....
Samba sends jaustin/password to the NT server, from your original
login. Obviously ... this is correct.... so Samba then changes the
Samba username to one set in the username map to say .... res0006,
and then uses this to access the Samba data.
This seemed to work quite well, but I did not have much time to test
it out, with the backups killing the machine and all..........
I am currently trying to access the Samba mailing lists and
ask some more questions etc and will get some more info....
PDG Technical Services Pty Ltd
Peter de Groot P.O. Box 10349
08) 90916817 Kalgoorlie 6430
pdgtech at kalnet.com.au Western Australia
More information about the samba