[Samba] Newbie Authentication Questions

[John H Terpstra]

On Wed, 8 Oct 2003, Bill Robinson wrote:

>
> A couple questions about how authentication works in Samba:
>
> -Is there a way to authenticate to a Samba PDC that does not require machine
> and (domain) user accounts to be in the /etc/passwd file (- a way other then
> LDAP or NIS)?
>
> -A follow up to that - is what is the purpose of requiring machines/users in
> both the /etc/passwd file and the smbpasswd file? - i read something about
> needing to resolve the machines/users but not a full explaination.  To me it
> seems that if I'm authenticating against Samba that's all it should need to
> do - it's not like it's converting the NTLM hash to crypt or something right?
> (since i can have different UNIX/Samba passwds)
>
> Basically the problem I'm trying to solve is to create an NT 4-style domain w/
> Samba, but not creating UNIX accounts on the PDC machine for the Windows
> domain users.  I only need Windows machines to authenticate to this domain.
>
> If there's a way to fake out Samba and point it to another file
> besides /etc/passwd that would work I think....just a thought.  I've also
> thought of AD/Kerberos but that is not an option either in this environment.
>
> I've googled a bit for anything on the /etc/passwd issue but didn't turn
> anything up, other then using LDAP or NIS (which aren't options) and I didn't
> really see anything in the Samba docs - so any pointers in the right direction
> would be appreciated.  I've also looked into the PCNetlink, but that does not
> seem to be well supported.
>
> This is for Samba 3.0 running as a NT4-style PDC on Solaris 2.8.

Bill,

Have you looked at the Samba-HOWTO-Collection.pdf that ships with
Samba-3.0.0?

The chapter "Account Information Databases" answers your questions. Please
let me know specifically what has not been well enough explained. What
needs to be better documented?

- John T.
-- 
John H Terpstra
Email: jht at samba.org