[Samba] winbind: authenticating UNIX user before Win Domain user
Luke Mewburn
lukem-samba at mewburn.net
Thu Nov 18 06:53:32 GMT 2004
On Wed, Nov 17, 2004 at 03:48:06PM -0500, Greg Chavez wrote:
| We have a samba 3.0.7 server on RHEL-3 (rain) joined as a domain
| member (security = domain) to a win2k pdc (clouds) for the domain DOM.
| We have several unix users and two Win-only users. The unix users
| have matching AD accounts on the win2k, but the Win-only users do not
| have unix accounts (and we want to keep it that way). So, it seemed
| that winbind would be the best way to bridge the gap:
|
| 1. UNIX users could access shares on the samba server in the same way
| whether logged on to windows workstation or the samba server itself
| 2. Files created on the shares would be controlled via permissions
| for UNIX users and groups.
| 3. Win users would not need to have UNIX accounts created, but could
| access the samba shares as easily as the UNIX users.
| 4. Home directories and profiles will be pulled from the samba server.
|
| It works well exept that winbind does not authenticate the UNIX users
| as expected when they logon from Windows.
I have the same requirement; except samba can't currently do this. See:
http://lists.samba.org/archive/samba/2004-October/094981.html
I implemented a "trim default domain" option and provided a patch in:
http://www.dragoninc.on.ca/mail-archives/samba-technical/2004-10/0342.html
(I would suggest the "canonical" mailing list URL
http://lists.samba.org/archive/samba-technical/2004-October/037813.html
except the mailing list archive software there borked the message.)
The rest of the thread on samba-technical has more details.
Cheers,
Luke.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba/attachments/20041118/f8a01a38/attachment.bin
More information about the samba
mailing list