[Samba] Problems authentication with NT PDCs in security = se
rver (was security = user)
Collins, Kevin
KCollins at nesbittengineering.com
Thu Nov 7 22:25:51 GMT 2002
James:
(Again someone correct me if I'm wrong)
PAM allows local access to the Samba machine as well as authenticating
Samba users. Winbind *only* allows for Samba access. This is why I
chose *not* to use PAM in my setup. I don't want normal users to have
local logon access to *MY* servers. <evil grin>
With Winbind, you don't need PAM at all. If you're planning on using
PAM you *will* have to have local Unix accounts. These local accounts
can be generated using both Winbind and PAM together, but it's a process
that I don't remember right now.
At any rate, I don't think you're going to be able to achieve what your
after. I think it'll be a one or the other kinda thing - either adding
the machine to the domain, or adding local user accounts.
Kevin
> -----Original Message-----
> From: James Lamanna [mailto:jamesl at appliedminds.net]
> Sent: Thursday, November 07, 2002 4:55 PM
> To: 'Collins, Kevin'
> Cc: samba at lists.samba.org
> Subject: RE: [Samba] Problems authentication with NT PDCs in
> security =
> server (was security = user)
>
>
> The interesting part is that PAM nor the SMB auth plugin for Apache
> requires you to be a member of the domain.
>
> However, the caveat with pam_smb_auth is that you have to have a unix
> account for every windows user you want to authenticate.
>
> I guess the behavior I'm trying to achieve is the one
> achieved with the
> Apache plugin:
> 1) Doesn't require you to be a member of the domain
> 2) Doesn't require unix accounts for windows users.
>
> --James
>
> -----Original Message-----
> From: Collins, Kevin [mailto:KCollins at nesbittengineering.com]
> Sent: Thursday, November 07, 2002 1:50 PM
> To: 'James Lamanna'; Collins, Kevin
> Subject: RE: [Samba] Problems authentication with NT PDCs in
> security =
> server (was security = user)
>
>
> James:
>
> My best guess (someone correct me if I'm wrong) is that you'll need to
> have the Samba machine as a member of the NT/2000 domain before it can
> authenticate against it.
>
> This is a Windows issue - and it's by design. Adding a machine to the
> domain creates the machine trust. The NT/2000 DCs will only
> share user
> account info with other members (or machines that it trusts).
> I have a
> Windows 2000 laptop that I keep in "Workgroup" mode. I can't retrieve
> *any* info about the domain computers or the Domain itself
> while in this
> mode.
>
> Other than adding the machine to the domain, you're probably stuck
> adding Unix users - and keeping up with password changes.
>
> Kevin
>
> > -----Original Message-----
> > From: James Lamanna [mailto:jamesl at appliedminds.net]
> > Sent: Thursday, November 07, 2002 4:40 PM
> > To: 'Collins, Kevin'
> > Subject: RE: [Samba] Problems authentication with NT PDCs in
> > security =
> > server (was sercurity = user)
> >
> >
> > Well as you can see, I'm getting a funky error when I try to do it
> > anyways.
> >
> > And I don't know if the Windows Box administrator will give me
> > permission.
> >
> >
> > -----Original Message-----
> > From: Collins, Kevin [mailto:KCollins at nesbittengineering.com]
> > Sent: Thursday, November 07, 2002 1:24 PM
> > To: 'James Lamanna'; samba at lists.samba.org
> > Subject: RE: [Samba] Problems authentication with NT PDCs in
> > security =
> > server (was sercurity = user)
> >
> >
> > > Is it possible to get samba to authenticate from the
> Domain without
> > > adding a machine account to the domain (using smbpasswd -j ...)
> >
> > I've always had to add the machine to the domain. Any
> reason why you
> > *don't* want to?
> >
> > Kevin C.
> >
> > > Also, when I tried to add the machine to the domain anyways, I
> > > received an interesting error:
> > > "Set net rpc join for this functionality"
> > >
> > > Thanks.
> > > --James
> > >
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions: http://lists.samba.org/mailman/listinfo/samba
> > >
> >
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2270 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba/attachments/20021107/755b25d6/smime.bin
More information about the samba
mailing list