[Samba] does SECURITY=ADS fall back to the smbpasswd file?
Gerald (Jerry) Carter
jerry at samba.org
Tue Oct 19 13:54:10 GMT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Tim wrote:
| Quoting "Gerald (Jerry) Carter" <jerry at samba.org>:
|
|
|>| So in that case, is there any way at all I can authenticate
|>| both sets of users I have with the same Samba host?
|>|
|>| i.e. The users who have NT accounts, and the users who
|>| don't (smbpasswd auth)
|>
|>You can set
|>
|> auth methods = guest sam_ignoredomain winbind:ntdomain
|>
|>in the [global] section of smb.conf. However, if there is any
|>overlap in the usernames between local users and domain users,
|>the local user account takes precendence.
|
|
| Thanks Jerry, that fixed it!
|
| Just cos I cant find it in the docs, whats the different between
| "sam" and "sam_ignoredomain"?
In general an auth method will ignore requests that are
not for its designated domain. The domain of the sam
method for a member server is the Samba server's name.
The sam_ignoredomain ignores the domain portion of the
logon request and just looks for the username.handle
| Also, whats the colon mean between winbind and ntdomain?
Failover. if winbind is not available, the method falls
back to using the smbd ntdomain method.
ciao, jerry
- ---------------------------------------------------------------------
Alleviating the pain of Windows(tm) ------- http://www.samba.org
GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc
"If we're adding to the noise, turn off this song"--Switchfoot (2003)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBdRyCIR7qMdg1EfYRAsr8AKDT0kJn2kRUMmz3CIh6cnHNqnlkXQCdH1B+
ZLbod38C44YGMnRbi66ix3o=
=fvMX
-----END PGP SIGNATURE-----
More information about the samba
mailing list