[Samba] integrating multiple NT4 domains with Samba
thephly
thephly at earthlink.net
Sun Mar 16 14:18:24 GMT 2003
On 2.2.8 "workgroup = " is ignored in include files
smb.conf:
...
[global]
include = /usr/local/samba/lib/smb.conf.global.%m
/usr/local/samba/lib/smb.conf.global.machinename:
...
netbios name = SAMBA
workgroup = SOMEWHERE
security = domain
password server = somewhere-nt4-pdc
...
machinename connects with this result:
[2003/03/16 06:09:41, 0] smbd/password.c:(1558)
domain_client_validate: could not fetch trust account password
for domain WORKGROUP
Conclusion:
New value for "workgroup =" should have been "SOMEWHERE" . "workgroup =" can
no longer (since 2.0) by overridden by include files. It is can be set only
once in the main config file.
This prevents integration of multiple NT4 domains by single samba server.
----- Original Message -----
From: "thephly" <thephly at earthlink.net>
To: <samba at lists.samba.org>
Sent: Saturday, March 15, 2003 2:03 AM
Subject: [Samba] integrating multiple NT4 domains with Samba
On version 2.0 using "security = domain" and "include = globals.%m" I could
specify what PDC to use depending on client name. This was a neat
arrangement to integrate legacy NT4 domains - I asked the remote admins to
add the samba server to their domain, and ran "smbpasswd -j <various> -r
<various pdc's>" to end up with multiple machine.sid's in private. All was
wonderful, and then I upgraded . . .
Now 2.2.7a with single secrets.tdb, samba is again added to the various
domains, and can authenticate to any of them individually (their workgroup
in smb.conf), but a %m globals match always produces an auth2 error. I think
samba's pulling the wrong SID out of secrets.tdb, always using the %m
workgroup, but the smb.conf global workgroup SID to authenticate!
Does anyone else bring together NT4 domains with samba to avoid "trusts"? Do
you use this method, how does it work for you?
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list