On 25-Feb-99 Lubin Wang wrote:>
> In your case, it seems to be that NT-login-name is not a domain user,
and> when
> NT client gets a prompt for ID/Password, it does not pass a correct
> SID/Password
> to ARCH .
My NT-login-name is a domain user and works fine to access shares on other
NT-servers in the domain without a local user.
>
> Case 1:
> If you login NT client( which is a member of INFO) with domain user
> ID(RID)
> ---for example, roos--- and correct password, then you would not get
> any prompt for username/password.
I do. :(
>
> Case 2:
> if you login NT client with a local user ID -- for example, johan who
is> not
> a user of domain INFO--, when you access RUT, you will get that
> prompt
> for username/password. Then if you type in
> info\roos -- domain user name -- with its password
> ARCH will pass you, otherwise such as roos alone or johan as the
> username, then
> the authentication will be failure and RUT will do its own
> authentication
> with
> SAMBA password file( return to security = user).
Ok, I thought so, so I wasnt that worried about smbclient saying user.
>
> I have a similar network structure except I do not set up a Samba
> password file,
I dont either, I just tested with one as it didnt work, its gone now.
> I just use usernames map file to map domain users to UNIX users. I am
> not so sure about the authentication algorithm, just from my experience,
the> authentication way is like that
> when a client make the access to RUT, client will pass the
> username/password
> to ARCH via RUT, if it is the first time access to RUT, then the
> username/password
> will be your client-login-ones, if it is failure, then RUT will check
its> own password
> file(for NT server usually do authentication in encrypted mode, SAMBA
will> not
> check UNIX password file). if it is failure too, then you will get
prompt> for ID/PASSWORD.
> here your need to pass SID(?) but not RID(?).
>
Do I need a usernames map file even though i use domain settings?
I dont want to have all those users on the UNIX machine, that was sort of
the whole idea about joining the NT-domain. If i need it could i map all
the users (lots of them) with a wildcard to the same UNIX user.
> I hope these will help to solve your problem
>
I think not, im afraid. Thanks anyway.
/Roos