[Samba] does SECURITY=ADS fall back to the smbpasswd file?

Gerald (Jerry) Carter jerry at samba.org
Tue Oct 19 13:54:10 GMT 2004

Hash: SHA1

Tim wrote:
| Quoting "Gerald (Jerry) Carter" <jerry at samba.org>:
|>| So in that case, is there any way at all I can authenticate
|>| both sets of users I have with the same Samba host?
|>| i.e. The users who have NT accounts, and the users who
|>| don't (smbpasswd auth)
|>You can set
|>	auth methods = guest sam_ignoredomain winbind:ntdomain
|>in the [global] section of smb.conf.  However, if there is any
|>overlap in the usernames between local users and domain users,
|>the local user account takes precendence.
| Thanks Jerry, that fixed it!
| Just cos I cant find it in the docs, whats the different between
| "sam" and "sam_ignoredomain"?

In general an auth method will ignore requests that are
not for its designated domain.  The domain of the sam
method for a member server is the Samba server's name.
The sam_ignoredomain ignores the domain portion of the
logon request and just looks for the username.handle

| Also, whats the colon mean between winbind and ntdomain?

Failover.  if winbind is not available, the method falls
back to using the smbd ntdomain method.

ciao, jerry
- ---------------------------------------------------------------------
Alleviating the pain of Windows(tm)      ------- http://www.samba.org
GnuPG Key                ----- http://www.plainjoe.org/gpg_public.asc
"If we're adding to the noise, turn off this song"--Switchfoot (2003)
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the samba mailing list