[Samba] Configuring a Samba Domain Member Server

Thomas, Daniel J. Daniel.Thomas at jhuapl.edu
Tue Feb 5 12:46:48 GMT 2002 

Hey all,
	We are having some trouble getting samba to behave the way we think
it should.  We would like to get our filer server (A Sun Enterprise 3500
running Solaris 2.8) to integrate as close as possible to our PC
workstations which primarily access this file server.

	Our ultimate goal is to configure Samba so it can authenticate users
who have access to it's file shares through our NT domain controllers.  We
have set share level = domain and added the samba server to the NT domain
after upgrading to Samba 2.2.2.  This has helped some, however we aren't
quite where we want to be.  

	Basically, the NT users we have don't necessarily have a
corresponding UNIX account and don't really need one.  We would like to
avoid having to maintain user accounts on the file server all together and
would like authentication to be handled by the NT Domain.  

Currently, we have the guest account access enabled to map everyone through
one user account, however if we disable this, domain users who don't have
Unix user accounts can't access the shares on the file server (get prompted
for user name and password).

I've seen something about a "Winbind" service.  It is my understanding that
this might be what I need to do what I'm looking to do?  Will it run under
Solaris 2.8?  

According to the Samba guide, when you compile samba, this service is build
automatically if it is supported by the OS, but we don't see it installed
anywhere and the winbind service certainly isn't running.  This is what led
me to believe that it might be incompatible with Solaris 2.8 on SUN
Enterprise 3500 hardware.

Also I noticed that when users can in fact write to the shares if they
aren't a guest, then it records the file owner as [samba server]\[user name]
rather then [NT Domain]\[user name] (when looking at the file security
permissions from a Windows 2000 Pro box).  I assume this is because it is
mapping the user name to a known Unix user.

Thanks,
-Dan Thomas


Daniel J. Thomas
Systems Administrator
Johns Hopkins University
Applied Physics Laboratory
Laurel, MD

Balt:    (443) 778-7924
Wash:  (240) 228-7924


"Always avoid a bad file copy...
You can never know when your replication proceeds you."
                               -Anonymous Author

More information about the samba mailing list