[Samba] does SECURITY=ADS fall back to the smbpasswd file?

Tim sambalist at darkgate.net
Fri Oct 15 10:35:55 GMT 2004

Hi Samba List,

I'm trying to upgrade from Samba 2.2.11 to 3.0.7.  I'm
using the SECURITY = ADS option and I have the winbind
stuff working fine.  I have joined the windows domain and
authenticate my NT users perfectly.

However, some of my users don't have NT accounts, so they access
their samba share using local accounts in the smbpasswd file.  Samba
2.2 (with SECURITY = DOMAIN) used to fall back to the smbpasswd file
after trying to authenticate the user from the PDC and this was
exactly how we wanted it.

But my Samba 3 doesn't do this.  Is it supposed to?  Or do i have
to turn this function on with some configuration option that I have



My config:

deadtime = 10
encrypt passwords = yes
share modes = yes
server string = dWeb samba server %h
max log size = 200000
available = yes
bind interfaces only = yes
browseable = no
case sensitive = no
comment = dWeb samba server
follow symlinks = yes
max smbd processes = 200
invalid users = root
load printers = no
log level = 2
read only = yes
veto files = /content/.ssh/sys/stats/

; file/directory creation modes - no other access, web server runs in group
create mask = 0000
directory mask = 0000
force create mode = 0640
force directory mode = 0750
security mask = 0750

security = ADS
realm = xx.xx.xx.COM
workgroup = xxx
allow trusted domains = yes
encrypt passwords = yes

winbind separator = +
winbind uid = 25534-65534
winbind enum users = no
winbind gid = 25534-65534
winbind enum groups = no
winbind cache time = 60
winbind use default domain = yes
use spnego = yes

; security settings
lanman auth = no
client lanman auth = no
ntlm auth = no
client plaintext auth = no
disable netbios = yes
min protocol = NT1

; don't use wins
wins support = no
name resolve order = lmhosts host

; The following parameters are required by DB samba guidelines
wide links = no
local master = no
domain master = no
preferred master = no
os level = 0

; include dynamic configuration
include = /samba/lib/smb.conf.dynamic

More information about the samba mailing list