[Samba] cached credentials local login -- notebook domain members
-- partly solved
martin.povolny at solnet.cz
Thu Feb 17 11:35:46 GMT 2005
Paul Gienger wrote:
>> Am I doing something wrong or does samba really not support cached
>> credentials local logins?
> I can assure you that it works just fine. I go home every night and log
> in just fine off the company 'net. It also works just fine on default
> domain setups, so there must be some step you've added that isn't liked
> very well.
> What is the exact error you are getting? For example, I get an error
> about not finding my roaming profile, but that's expected.
win2k says something like (translation from Czech):
System can't log you on becouse the domain INVEX.CZ is not available.
System cannot log you on now becouse the domain INVEX.CZ is not available.
> What method did you use to set up your server? Did you follow a howto
> or something that we could reference to find out what is causing you
No, i have a bit more complicated setup dealing with ldap replication,
shared users for samba, exim, cyrus, etc...
Mathew Easton kicked me the right way:
> Do you, by any chance, have an smbusers file? (Mine is
> yours may be located elsewhere) This file maps windows users to unix
> If you use this file to map legacy windows usernames to accounts on
> your samba server, cached credentials will fail.
I LDAP i have names like 'martin.povolny at solnet.cz' and in smb.conf i
have LDAP queries that do the right mapping for me.
This allows me to have in LDAP multiple domains for mail and choose one
of them for samba.
The problem is that the real names are then the ones including '@' (in
fact e-mail adresses) all other names are aliases. And you can't log
into windows using a name with '@' :-(
When I tried changing an account in LDAP (remove the @domain.cz part)
then cached credentials logins work.
I'm using the LDAP database also for e-mail services and eventually I
would like to have multiple samba instances running with the same LDAP
each with different domain (both the @domain.cz part and samba domain),
so removing the @domain.cz part from all accounts in the LDAP database
is not a sollution for me.
Thank you all very much!
Have you got any idea, how can I keep the e-mail address accounts and
make the cached credentials logins work?
Mgr. Martin Povolný, soLNet, s.r.o.,
+420777714458, <martin.povolny at solnet.cz>
More information about the samba