[Samba] FW: Samba and Windows 2000 Password Authentication - Here is the
DNeilson at westfam.com
Tue Dec 10 01:10:10 GMT 2002
To Samba Users Group:
I posted the message below, and a member of the group called me and talked
me through the problem. The solution is at the bottom of the page.
> -----Original Message-----
> From: David Neilson
> Sent: Monday, December 09, 2002 3:40 PM
> To: 'samba at lists.samba.org'
> Subject: Samba and Windows 2000 Password Authentication
> Is there a way to configure Samba so that all password authentication is
> done through the Windows domain controllers?
> As I understand it, the variable "encrypt passwords" must be set to yes if
> "security" is set to "domain". This causes Samba to reference the
> smbpasswd file, so if the W2K user's password on the domain controller is
> not the same as that in the smbpasswd file, Samba will prompt the user for
> the password in smbpasswd.
> I have tried various options, like setting "security" equal to the server,
> and "password server" equal to domain controller, but it all works the
> same: the user has to enter the smbpasswd password to get authenticated.
> If this is not possible, is there a way to sync up the passwords between
> the domain controllers and the smbpasswd file?
> David Neilson
> Western Family Foods, Inc.
> System Administrator
> 503 639 6300 x370
When the Windows Administrator had created the machine account in the
domain, I assumed I did not have to use the "smbpasswd" command to create
the trust relationship between the Samba Server and the domain. I was
wrong, and once I followed the steps below, I could log onto the domain and
then access Samba shares without getting asked for a password:
Update the global section of the smb.conf file to include the following:
workgroup = MY_COMPANY_DOMAIN
security = domain
password server = *
encrypt passwords = yes
smbpasswd file = THE_FILE_PATH_AND_NAME
os level = 0 ### This server will never become a domain controller
Stop the smbd and nmbd daemons.
Run the smbpasswd command to establish a trust relationship:
smbpasswd -j MY_COMPANY_DOMAIN -r DOMAIN_CONTROLLER -Uadministrator%password
Start up the Samba daemons.
More information about the samba