samba - May 2002 - samba 2.2.4, domain auth, and smbpasswd file.

Look, I know this must be beaten to death, but I'm too dumb to derive (or
find) a definitive answer on my own. 

Compiled and running 2.2.4 on Solaris. I want to do DOMAIN authentication
off a w2k PDC. No matter what I do I still seem to need a smbpasswd file
that samba can see. Is this true ? Why? What good is DOMAIN authentication
if I still need this hash file sitting around? 

If it's not true, and I can nuke the smbpasswd file somehow, _please_ tell
me what I'm missing w/this conf...  ;/

(Thanks. mailto:bc@ori.org )

-bruce

=================


# Samba config file created using SWAT
# from mydesktopbox.ori.org (x.x.x.x)
# Date: 2002/05/06 13:28:26

# Global parameters
[global]
	workgroup = ORI-EUG
	netbios name = ARAGORN
	server string = aragorn
	security = DOMAIN
	encrypt passwords = Yes
	update encrypted = Yes
	password server = MY-LOCAL-2K-PDC
	password level = 2
	log file = /local/samba/var/log.%m
	max log size = 50
	name resolve order = host  wins bcast lmhosts
	printcap name = /local/samba/lib/printcap.smb
	os level = 0
	preferred master = False
	domain master = False
	dns proxy = No
	lock dir = /local/samba/var/locks
	guest account = smbuser
	write list = brucec
	hosts allow = x.x.x. y.y.y. 127.
	print command = /bin/lp -d%p %s
	lpq command = /usr/ucb/lpq -P%p

[space]
	comment = space
	path = /disk1/space
	read only = No
	create mask = 0777
	directory mask = 0777
	guest ok = Yes

[homes]
	comment = Home Directories
	read only = No

[printers]
	comment = All Printers
	path = /usr/spool/samba
	guest ok = Yes
	printable = Yes
	browseable = No

security = server
password server = your_nt_box

? :)

-----Original Message-----
From: Bruce Campbell [mailto:BruceC@ori.org]
Sent: Monday, May 06, 2002 2:15 PM
To: 'samba@lists.samba.org'
Subject: [Samba] samba 2.2.4, domain auth, and smbpasswd file.



Look, I know this must be beaten to death, but I'm too dumb to derive (or
find) a definitive answer on my own. 

Compiled and running 2.2.4 on Solaris. I want to do DOMAIN authentication
off a w2k PDC. No matter what I do I still seem to need a smbpasswd file
that samba can see. Is this true ? Why? What good is DOMAIN authentication
if I still need this hash file sitting around? 

If it's not true, and I can nuke the smbpasswd file somehow, _please_ tell
me what I'm missing w/this conf...  ;/

(Thanks. mailto:bc@ori.org )

On Mon, 6 May 2002, Bruce Campbell wrote:
> Look, I know this must be beaten to death, but I'm too dumb to derive
(or
> find) a definitive answer on my own.
>
> Compiled and running 2.2.4 on Solaris. I want to do DOMAIN authentication
> off a w2k PDC. No matter what I do I still seem to need a smbpasswd file
> that samba can see. Is this true ? Why? What good is DOMAIN authentication
> if I still need this hash file sitting around?
>
> If it's not true, and I can nuke the smbpasswd file somehow, _please_
tell
> me what I'm missing w/this conf...  ;/
At first site your smb.conf looks alright. But you haven't mentioned if
you first have joined to domain (smbpasswd -j ...), if not it probably
won't work.

Also for each domain user you will have to make a local unix user or you
can use winbind which will also do that.

I've written a howto of a simular setup, see http://www.sin.khk.be/~dj/

Good luck,
Tim

-- 
==========================================================================Tim
Verhoeven
                                Linux & Open Source Specialist
GSM : 0496 / 693 453                          + e-business solutions
Email : dj@4ict.com                           + consulting
URL : www.sin.khk.be/~dj/                     + Server consolidation
===========================================================================