[Samba] Problem after joining Windows domain: Will Samba support "fallback" to local domain for authentication of local users?

Windsor Dave L. (AdP/MOE2.12) Dave.Windsor at us.bosch.com
Wed Sep 19 19:45:56 GMT 2007

Will Samba support "fallback" to local domain for authentication of
local users?

I joined a RHEL4 server running Samba  3.0.10-1.4E.11 to a Windows
2000/2003 mixed-mode domain today using "security = domain", after
having run for many months in "security = user" mode.  Authentication
works fine for users defined in the Windows domain, but we have a few
users (mainly on manufacturing equipment) who are not in the domain, and
are defined in /etc/passwd and an old-fashioned smbpasswd file only.
When mapping drives (these are old W2K clients), these users must now
use "<servername>\<username>" for their username, or the server will try
to authenticate to the domain and get a NT_STATUS_NO_SUCH_USER error.

I seem to recall that an old server we used to have that ran Samba 2.2.x
in "security = domain" mode would try to authenticate against the domain
first, then fall back to the smbpasswd file if that failed, so
authentication of locally defined users was transparent.

Is there a way to make Samba3 "fall back" to the smbpasswd file if the
user is not in the Windows domain?  I've experimented a bit with passdb
backend, but I haven't seen any difference.  Of course, I can just go to
all the production equipment and remap the drives, but there are quite a
few of them, and I'm trying to avoid the downtime.

Thanks for any advice!

Best Regards,

Dave Windsor

Robert Bosch LLC
Team Leader, Test Systems Engineering: Hybrid ECU/TCU (AdP/MOE2.1)
4421 Highway 81 North
Anderson, SC 29621 USA
www.bosch.us <http://www.bosch.us>

Tel:  1 (864) 260-8459
Fax: 1 (864) 260-8142
Dave.Windsor at us.bosch.com <mailto:Dave.Windsor at us.bosch.com>

More information about the samba mailing list