[Samba] Authentication to a trusted domain
Carl Benson
cbenson at fhcrc.org
Wed Feb 20 14:28:02 GMT 2002
Could someone tell me if what I'm trying to do is possible with
Samba? This authentication across trusted domains problem is
driving me nuts. Please & thanks.
My Samba server, cachalot: RedHat 7.2, Samba 2.2.3a, Winbind is
running.
Cachalot belongs to the NT domain PHS-SC, which trusts the NT domain
FHCRC.
Cachalot is added to the PHS-SC domain as a "workstation or server"
via the Server Manager app. I can browse "My Network Places" and
find cachalot, and its "homes" share, where my Linux home directory
lives.
My client is a PC running W2k Pro, I think SP2. It's on the same
subnet as cachalot.
The user, me, has NT user ID "cbenson" in the FHCRC domain. I also
have user ID "imaginos" in Linux (NIS).
/etc/samba/smbusers contains "imaginos = cbenson".
If I map a network drive and specify user ID "imaginos" and my NIS
password, it connects 100% reliably to the "homes" share. I use it
this way every day.
My goal is to NOT have to specify "imaginos" whenever I want to connect
to my home directory on cachalot. This is a test case for the entire
division of the company, so it's not just for my convenience.
If I attempt to map a network drive without specifying a user ID,
I always get this in my Samba log:
[2002/02/20 13:52:09, 3] smbd/reply.c:reply_sesssetup_and_X(1018)
No such user cbenson [FHCRC] - using guest account
I know this is absurd, since of course I have to login to my PC as
"cbenson" in the FHCRC domain!
It also fails in the same way if I specify a user ID of "FHCRC\cbenson"
or "FHCRC\cbenson". (But of course I should NOT have to specify any
user ID, since I can map a network drive on an NT server that belongs
to PHS-SC without doing so! If NT can do it, why not Samba?)
Cachalot's /etc/samba/smb.conf contains:
[global]
encrypt passwords = yes
hosts allow = 140.107.
lm announce = false
local master = false
log file = /var/log/samba/log.smb
debuglevel = 3
server string = Cachalot Samba Server %h
smb passwd file = /etc/samba/smbpasswd
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
username = /etc/samba/smbusers
wins server = 140.107.92.20,104.107.42.20
security = domain
workgroup = PHS-SC
password server = *
allow trusted domains = yes
printcap name = /etc/printcap
load printers = yes
printing = bsd
winbind separator = \
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind cache time = 15
winbind enum users = yes
winbind enum groups = yes
template homedir = /home0/%D/%U
template shell = /bin/ksh
winbind use default domain = true
[homes]
comment = Home Directories
path = %H
browseable = yes
writable = yes
valid users = cbenson, imaginos
--
Carl Benson | cbenson at fhcrc.org
UNIX System Administrator | Telephone: (206) 667-4862
Fred Hutchinson Cancer | Fax: (206) 667-6869
Research Center | Opinions expressed are my own.
More information about the samba
mailing list