Hi Samba List, I'm trying to upgrade from Samba 2.2.11 to 3.0.7. I'm using the SECURITY = ADS option and I have the winbind stuff working fine. I have joined the windows domain and authenticate my NT users perfectly. However, some of my users don't have NT accounts, so they access their samba share using local accounts in the smbpasswd file. Samba 2.2 (with SECURITY = DOMAIN) used to fall back to the smbpasswd file after trying to authenticate the user from the PDC and this was exactly how we wanted it. But my Samba 3 doesn't do this. Is it supposed to? Or do i have to turn this function on with some configuration option that I have missed? Thanks, Tim. My config: [global] deadtime = 10 encrypt passwords = yes share modes = yes server string = dWeb samba server %h max log size = 200000 available = yes bind interfaces only = yes browseable = no case sensitive = no comment = dWeb samba server follow symlinks = yes max smbd processes = 200 invalid users = root load printers = no log level = 2 read only = yes veto files = /content/.ssh/sys/stats/ ; file/directory creation modes - no other access, web server runs in group create mask = 0000 directory mask = 0000 force create mode = 0640 force directory mode = 0750 security mask = 0750 security = ADS realm = xx.xx.xx.COM workgroup = xxx allow trusted domains = yes encrypt passwords = yes winbind separator = + winbind uid = 25534-65534 winbind enum users = no winbind gid = 25534-65534 winbind enum groups = no winbind cache time = 60 winbind use default domain = yes use spnego = yes ; security settings lanman auth = no client lanman auth = no ntlm auth = no client plaintext auth = no disable netbios = yes min protocol = NT1 ; don't use wins wins support = no name resolve order = lmhosts host ; The following parameters are required by DB samba guidelines wide links = no local master = no domain master = no preferred master = no os level = 0 ; include dynamic configuration include = /samba/lib/smb.conf.dynamic
Gerald (Jerry) Carter
2004-Oct-19 11:13 UTC
[Samba] does SECURITY=ADS fall back to the smbpasswd file?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tim wrote: | Hi Samba List, | | I'm trying to upgrade from Samba 2.2.11 to 3.0.7. I'm | using the SECURITY = ADS option and I have the winbind | stuff working fine. I have joined the windows domain and | authenticate my NT users perfectly. | | However, some of my users don't have NT accounts, so they access | their samba share using local accounts in the smbpasswd file. Samba | 2.2 (with SECURITY = DOMAIN) used to fall back to the smbpasswd file | after trying to authenticate the user from the PDC and this was | exactly how we wanted it. | | But my Samba 3 doesn't do this. Is it supposed to? Or do i have | to turn this function on with some configuration option that I have | missed? Each auth method (winbind, sam, etc...) is associated with a domain. For example, the local machine domain or the domain to which the server is joined. Once an auth method reports NT_STATUS_LOGON_FAILURE, no other auth method will be tried. So the short answer is no, smbd will not fall back to smbpasswd in Samba 3. cheers, jerry - --------------------------------------------------------------------- Alleviating the pain of Windows(tm) ------- http://www.samba.org GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc "If we're adding to the noise, turn off this song"--Switchfoot (2003) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBdPa9IR7qMdg1EfYRAkOmAJ4u0X6WUafY+DaJI/EwXiWnDvYwZwCeMj/I AX/NsHf07D2pmU+UYfWZhP0=yH+P -----END PGP SIGNATURE-----
Reasonably Related Threads
- [PATCH] ocfs2: avoid direct write if we fall back to buffered v2
- [Bug 1557] New: ssh multiplexing does not fall back to new connection when server refuses muxd session
- [PATCH] Fall back if /sbin/start_udev fails
- Make ssh-rand-helper fall back to commands when configured with prngd
- [Bug 920] Enable client multiplexing to fall back to enhance transparency