[Samba] Samba Domain member server - using domain part within authentication

Michal timeosko at gmail.com
Tue Aug 7 02:58:44 MDT 2012


Hello Daniel,

I understand the role of domain member server. But I have not understood
why I have needed to type also domain name prefix during authentication -
and this was changed in some of previous relases of samba - currently this
needs to be explicitly defined that you want to map "any domain name"
provided from computer to "right domain name" used in samba domain.

On other way - I dont thnik that the better way is using BDC with direct
connection to LDAP server...

thanks

michal


On Mon, Jul 30, 2012 at 8:39 AM, Daniel Müller <mueller at tropenklinik.de>wrote:

> Hello,
>
> Memberserver:
> With security=domain, your auth request will be send to your dc and to its
> success it needs domain\user password.
> If your logon fails the memberserver tries to authenticate the user local.
> The better way: work with BDCs/LDAP
>
> Greetings
> Daniel
>
> -----------------------------------------------
> EDV Daniel Müller
>
> Leitung EDV
> Tropenklinik Paul-Lechler-Krankenhaus
> Paul-Lechler-Str. 24
> 72076 Tübingen
>
> Tel.: 07071/206-463, Fax: 07071/206-499
> eMail: mueller at tropenklinik.de
> Internet: www.tropenklinik.de
> -----------------------------------------------
> -----Ursprüngliche Nachricht-----
> Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
> Im
> Auftrag von Michal Bruncko
> Gesendet: Freitag, 27. Juli 2012 14:40
> An: samba at lists.samba.org
> Betreff: [Samba] Samba Domain member server - using domain part within
> authentication
>
> Hello list,
>
> We are using several file servers in our enviroment in following way:
> - 1st fileserver is PDC
> - 2nd ... Xth are domain memeber server (with security = domain, and joined
> in domain via "net rpc join" command)
>
> When user is logging into 1st fileserver, he can be successfully
> authenticated with typing only "username" (without domain part) and his
> password from client computer which is NOT part of this domain.
> But when user is trying to log in to some domain member server, the
> authentication willl not be successful until hi use login in form
> "DOMAIN\username" and his password.
> I need to note here, that winbind is not running on member servers, just
> pure smbd and nmbd daemons.
>
> Is there any way how to authenticate to member servers without using domain
> part in authentication name?
>
> I am using:
> - on Server: samba on CentOS 6 - samba-3.5.10-125.el6.x86_64
> - on Client: windows 7
>
> many thanks
>
> michal
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
>


More information about the samba mailing list