security = domain does not work

Gary Algier gaa at ulticom.com
Fri Nov 30 08:29:04 GMT 2001


I can't get "security = domain" to work.

Environment:  Samba 2.2.2 on Solaris 2.6 and 8

I have a Samba PDC setup.  I can get my Win2k desktops to login and
access the PDC just fine.  I setup another Samba on our Unix print server
that I wan't to use "security = domain".  It seems to be running in
"security = user" mode.

I did the "smbpasswd -j mtlaurel -r mtlpdc" just fine, so the PDC knows
about the print server, but the clients are prompted for a login and
passwd when trying to access the print server. If I create a suitable
smbpasswd file, I can login, so I see that the print server is in
"user" mode.

How can I tell using smbstatus, smclient, etc. whether the samba is
in domain mode?  How can I tell why it doesn't appear to be?

Here's the smb.conf files:
---------------------------------------------------------------------------
[global]
         log level = 4
         workgroup = MTLAUREL
         netbios name = PRINT
         server string = PRINT [Print Server on Chuckie]
         interfaces = lo0 172.25.0.4/16 192.73.206.4/24
         bind interfaces only = Yes
         security = domain
         encrypt passwords = Yes
         password server = mtlpdc
         preferred master = False
         local master = No
         domain master = False
         utmp = Yes
         guest account = ftp

[tmp]
         path = /tmp

---------------------------------------------------------------------------
[global]
         workgroup = MTLAUREL
         netbios name = MTLPDC
         server string = MTLPDC [MtLaurel PDC on Dil]
         interfaces = lo0 172.25.0.29/16 192.73.206.31/24
         bind interfaces only = Yes
         encrypt passwords = Yes
         update encrypted = Yes
         passwd program = /bin/passwd -r nis %u
         passwd chat = *password* %n\n *password* %n\n *changed*
         passwd chat debug = Yes
         unix password sync = Yes
         log file = /var/samba/run/log.%m
         domain admin group = @it
         add user script = /etc/samba/add-machine %u
         logon path = \\%L\%U\.profile-nt\%m
         logon drive = h:
         logon home = \\%L\%U\.profile-9x\%m
         domain logons = Yes
         os level = 65
         preferred master = True
         domain master = True
         wins server = print
         utmp = Yes

[homes]
         comment = My Home Directory
         read only = No
         create mask = 0755
         browseable = No

[netlogon]
         path = /etc/samba/netlogon
         write list = @it
---------------------------------------------------------------------------

-- 
Gary Algier, WB2FWZ           gaa@@ulticom.com              +1 856 787 2758
Ulticom Inc., 1020 Briggs Rd, Mt. Laurel, NJ 08054      Fax:+1 856 866 2033

        A self-addressed envelope would be addressed "envelope."





More information about the samba mailing list