[Samba] does SECURITY=ADS fall back to the smbpasswd file?

Gerald (Jerry) Carter jerry at samba.org
Tue Oct 19 11:13:01 GMT 2004

Hash: SHA1

Tim wrote:
| Hi Samba List,
| I'm trying to upgrade from Samba 2.2.11 to 3.0.7.  I'm
| using the SECURITY = ADS option and I have the winbind
| stuff working fine.  I have joined the windows domain and
| authenticate my NT users perfectly.
| However, some of my users don't have NT accounts, so they access
| their samba share using local accounts in the smbpasswd file.  Samba
| 2.2 (with SECURITY = DOMAIN) used to fall back to the smbpasswd file
| after trying to authenticate the user from the PDC and this was
| exactly how we wanted it.
| But my Samba 3 doesn't do this.  Is it supposed to?  Or do i have
| to turn this function on with some configuration option that I have
| missed?

Each auth method (winbind, sam, etc...) is associated
with a domain.  For example, the local machine domain
or the domain to which the server is joined.  Once an
auth method reports NT_STATUS_LOGON_FAILURE, no other
auth method will be tried.

So the short answer is no, smbd will not fall back to
smbpasswd in Samba 3.

cheers, jerry
- ---------------------------------------------------------------------
Alleviating the pain of Windows(tm)      ------- http://www.samba.org
GnuPG Key                ----- http://www.plainjoe.org/gpg_public.asc
"If we're adding to the noise, turn off this song"--Switchfoot (2003)
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the samba mailing list