[Samba] Problems authentication with NT PDCs in security = server (was security = user)

[James Lamanna]

The interesting part is that PAM nor the SMB auth plugin for Apache
requires you to be a member of the domain.

However, the caveat with pam_smb_auth is that you have to have a unix
account for every windows user you want to authenticate.

I guess the behavior I'm trying to achieve is the one achieved with the
Apache plugin:
1) Doesn't require you to be a member of the domain
2) Doesn't require unix accounts for windows users.

--James

-----Original Message-----
From: Collins, Kevin [mailto:KCollins at nesbittengineering.com] 
Sent: Thursday, November 07, 2002 1:50 PM
To: 'James Lamanna'; Collins, Kevin
Subject: RE: [Samba] Problems authentication with NT PDCs in security =
server (was security = user)


James:

My best guess (someone correct me if I'm wrong) is that you'll need to
have the Samba machine as a member of the NT/2000 domain before it can
authenticate against it.

This is a Windows issue - and it's by design.  Adding a machine to the
domain creates the machine trust.  The NT/2000 DCs will only share user
account info with other members (or machines that it trusts).  I have a
Windows 2000 laptop that I keep in "Workgroup" mode.  I can't retrieve
*any* info about the domain computers or the Domain itself while in this
mode.

Other than adding the machine to the domain, you're probably stuck
adding Unix users - and keeping up with password changes.

Kevin

> -----Original Message-----
> From: James Lamanna [mailto:jamesl at appliedminds.net]
> Sent: Thursday, November 07, 2002 4:40 PM
> To: 'Collins, Kevin'
> Subject: RE: [Samba] Problems authentication with NT PDCs in
> security =
> server (was sercurity = user)
> 
> 
> Well as you can see, I'm getting a funky error when I try to do it 
> anyways.
> 
> And I don't know if the Windows Box administrator will give me 
> permission.
> 
> 
> -----Original Message-----
> From: Collins, Kevin [mailto:KCollins at nesbittengineering.com]
> Sent: Thursday, November 07, 2002 1:24 PM
> To: 'James Lamanna'; samba at lists.samba.org
> Subject: RE: [Samba] Problems authentication with NT PDCs in 
> security =
> server (was sercurity = user)
> 
> 
> > Is it possible to get samba to authenticate from the Domain without
> > adding a machine account to the domain (using smbpasswd -j ...)
> 
> I've always had to add the machine to the domain.  Any reason why you
> *don't* want to?
> 
> Kevin C.
> 
> > Also, when I tried to add the machine to the domain anyways, I 
> > received an interesting error:
> > "Set net rpc join for this functionality"
> > 
> > Thanks.
> > --James
> > 
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba
> > 
>