[Samba] Samba 3 pre01 security=domain problem to accessfromxpclient

Wed Oct 22 14:07:34 GMT 2003

> -----Original Message-----
> From: jean-marc pouchoulon
> [mailto:jean-marc.pouchoulon at ac-montpellier.fr]
> Sent: mercredi 22 octobre 2003 14:54
> To: 'jean-marc pouchoulon'; samba at lists.samba.org
> Cc: eric.jourdan at ac-montpellier.fr
> Subject: RE : [Samba] Samba 3 pre01 security=domain problem to
> accessfromxpclient
> 
> 
> Just one more thing
> With security = server it works.
> 
> 
> -----Message d'origine-----
> De :
> samba-bounces+jean-marc.pouchoulon=ac-montpellier.fr at lists.samba.org
> [mailto:samba-bounces+jean-marc.pouchoulon=ac-montpellier.fr at l
> ists.samba
> .org] De la part de jean-marc pouchoulon
> Envoyé : mercredi 22 octobre 2003 14:50
> À : samba at lists.samba.org
> Cc : eric.jourdan at ac-montpellier.fr
> Objet : [Samba] Samba 3 pre01 security=domain problem to access
> fromxpclient
> 
> 
> I try to implement a new server using domain auth 
> ( server , pdc , bdc are on redhat 9 samba3pre1)
> 
> 
> Smb.conf of server:
> 
> [global]
>         workgroup = DOMAIN
>         netbios name = G4
>         server string = %h server (Samba %v)
>         security = domain
>         password server = SERV2 SERV3 (PDC and BDC)
> 
>         wins support = no
>         wins proxy = no
>         wins server = ip_address_of_wins_server
> 
>         domain master = no
>         local master = no
>         preferred master = no
>         os level = 0
> 
> 
>         log level = 99
>         log file = /var/log/samba/log.%m
>         socket options = TCP_NODELAY IPTOS_LOWDELAY
> 
> [homes]
>         comment = Espace Partagé pour les utilisateurs
>         browseable = yes
>         path = %H
>         writable = yes
>         create mode = 0700
> 
> Net join to DOMAIN was done without problem. 

Bonjour Jean-Marc,

how do you propagate the Unix accounts from your PDC&BDC to your member server in order to allow user auth from Samba ?
Eg. you must have a Unix account for each Samba account allowed to access the member server.

Personally, I use LDAP, with a RH9 PDC (and in a few days a RH9 BDC), and a Solaris 9 member server.

You could also use winbind, but you would have different uid/gid for the same user on the different unix machines. It was my mistake if you have a look at my previous SOSes on this list.

If you need only a small subset of user to access this member server, you could also just add the unix accounts in the local /etc/passwd

Also, one of the problem I encountered is that I tried to specify an "auth methods =" string, even when specifying "guest, sam". But it failed. So removing it helped a lot.

HTH, best regards,

Jérôme

**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager. LogicaCMG
**********************************************************************