[Samba] Domain Server Problem, continued

Pete Clapham peteclapham at sbcglobal.net
Tue May 5 19:33:36 GMT 2009

This is interesting, and it led to a bit more sleuthing.  I can log onto the PDC with any user ID/password; doesn't have to be mine.  Then I can access the share on the additional domain server using the user name/password of anybody with a smbpasswd password.  But with security = DOMAIN, shouldn't it look on the password server, in this case the PDC, for the proper password?  Is it really necessary to go through all of the rigamarole of adding users to the second server as well as the PDC?  Please advise.



p.s.  Here are the relevant portions of the smb.conf file on the additional server:

        workgroup = ERSL
        netbios aliases = water.sr-02-01.csuohio.edu
        server string = %h server (Samba, Ubuntu)
        security = DOMAIN
        password server = EARTH earth.sr-02-01.csuohio.edu
        passwd program = /usr/bin/passwd %u
        syslog = 0
        log file = /var/log/samba/log.%m
        max log size = 1000
        dns proxy = No
        usershare allow guests = Yes
        panic action = /usr/share/samba/panic-action %d

        comment = Archive files
        path = /archive

Vista/XP can only use one username/password per server per instance.

For instance after booting up XP, if you successfully connect to 
\\water\homes as peteclapham, then you can't connect to \\water\archive 
as joestudent because XP/Vista can't handle multiple connections with 
the different usernames/passwords to the same server.

samba can only be configured to authenticate against one source.  be it 
smbpasswd, ldap, or tdbsam it can only be configured to authenticate 
against one of them at a time.  it doesn't even look at /etc/passwd for 
authentication.  even if you use encrypt passwords = no, the users have 
to be in smbpasswd.

Pete Clapham wrote:

Hi --

I have what I hope is a minor configuration problem.

My PDC is configured so that it works just fine.

I am trying to set up an additional domain server (not PDC or BDC),
so that students can get to the material on the server.  When I type
"net use w: \\water\archive" (where water is the domain server and
archive is a share), I invariably get the message that I need to input
a user ID and password.  If I put in my own ID/Password for the server
(even though it's identical with the ID/password on the PDC) it goes
through fine.  However, if I am logged on to the network as another
user and put in his/her ID/Password it doesn't work.  
My User ID/Password are the only combination on both the PDC and
the additional server.  If I try to log onto the additional server with
a User ID/Password that's valid on the domain it doesn't work; If I try
to log onto the additional server with a User ID/Password that's valid
on the additional server it doesn't work.  It would seem that SAMBA is
looking at the Unix ID/Password on the PDC and the SMBPasswd on the
additional domain server, and requiring that they both be the same --
so far that's mine.  
Does this make sense to anybody?  And what do I need to do?  I do
have authentication set on the Additional Domain server to DOMAIN. 
Doesn't this mean that SAMBA should be reading both the Unix and
SMBPasswd files on the PDC?  
Thanks for your help.




More information about the samba mailing list