Michal Bruncko
2012-Jul-27 12:39 UTC
[Samba] Samba Domain member server - using domain part within authentication
Hello list, We are using several file servers in our enviroment in following way: - 1st fileserver is PDC - 2nd ... Xth are domain memeber server (with security = domain, and joined in domain via "net rpc join" command) When user is logging into 1st fileserver, he can be successfully authenticated with typing only "username" (without domain part) and his password from client computer which is NOT part of this domain. But when user is trying to log in to some domain member server, the authentication willl not be successful until hi use login in form "DOMAIN\username" and his password. I need to note here, that winbind is not running on member servers, just pure smbd and nmbd daemons. Is there any way how to authenticate to member servers without using domain part in authentication name? I am using: - on Server: samba on CentOS 6 - samba-3.5.10-125.el6.x86_64 - on Client: windows 7 many thanks michal
Michal Bruncko
2012-Jul-27 20:36 UTC
[Samba] Samba Domain member server - using domain part within authentication
Hi list, found solution ... it was here requested before - https://lists.samba.org/archive/samba-technical/2012-May/083364.html solution for me is using following global parameter: "map untrusted to domain = yes" working for me :) michal On 7/27/2012 2:39 PM, Michal Bruncko wrote:> Hello list, > > We are using several file servers in our enviroment in following way: > - 1st fileserver is PDC > - 2nd ... Xth are domain memeber server (with security = domain, and > joined in domain via "net rpc join" command) > > When user is logging into 1st fileserver, he can be successfully > authenticated with typing only "username" (without domain part) and > his password from client computer which is NOT part of this domain. > But when user is trying to log in to some domain member server, the > authentication willl not be successful until hi use login in form > "DOMAIN\username" and his password. > I need to note here, that winbind is not running on member servers, > just pure smbd and nmbd daemons. > > Is there any way how to authenticate to member servers without using > domain part in authentication name? > > I am using: > - on Server: samba on CentOS 6 - samba-3.5.10-125.el6.x86_64 > - on Client: windows 7 > > many thanks > > michal >
Daniel Müller
2012-Jul-30 06:39 UTC
[Samba] Samba Domain member server - using domain part within authentication
Hello, Memberserver: With security=domain, your auth request will be send to your dc and to its success it needs domain\user password. If your logon fails the memberserver tries to authenticate the user local. The better way: work with BDCs/LDAP Greetings Daniel ----------------------------------------------- EDV Daniel M?ller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 T?bingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: mueller at tropenklinik.de Internet: www.tropenklinik.de ----------------------------------------------- -----Urspr?ngliche Nachricht----- Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im Auftrag von Michal Bruncko Gesendet: Freitag, 27. Juli 2012 14:40 An: samba at lists.samba.org Betreff: [Samba] Samba Domain member server - using domain part within authentication Hello list, We are using several file servers in our enviroment in following way: - 1st fileserver is PDC - 2nd ... Xth are domain memeber server (with security = domain, and joined in domain via "net rpc join" command) When user is logging into 1st fileserver, he can be successfully authenticated with typing only "username" (without domain part) and his password from client computer which is NOT part of this domain. But when user is trying to log in to some domain member server, the authentication willl not be successful until hi use login in form "DOMAIN\username" and his password. I need to note here, that winbind is not running on member servers, just pure smbd and nmbd daemons. Is there any way how to authenticate to member servers without using domain part in authentication name? I am using: - on Server: samba on CentOS 6 - samba-3.5.10-125.el6.x86_64 - on Client: windows 7 many thanks michal -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Michal
2012-Aug-07 08:58 UTC
[Samba] Samba Domain member server - using domain part within authentication
Hello Daniel, I understand the role of domain member server. But I have not understood why I have needed to type also domain name prefix during authentication - and this was changed in some of previous relases of samba - currently this needs to be explicitly defined that you want to map "any domain name" provided from computer to "right domain name" used in samba domain. On other way - I dont thnik that the better way is using BDC with direct connection to LDAP server... thanks michal On Mon, Jul 30, 2012 at 8:39 AM, Daniel M?ller <mueller at tropenklinik.de>wrote:> Hello, > > Memberserver: > With security=domain, your auth request will be send to your dc and to its > success it needs domain\user password. > If your logon fails the memberserver tries to authenticate the user local. > The better way: work with BDCs/LDAP > > Greetings > Daniel > > ----------------------------------------------- > EDV Daniel M?ller > > Leitung EDV > Tropenklinik Paul-Lechler-Krankenhaus > Paul-Lechler-Str. 24 > 72076 T?bingen > > Tel.: 07071/206-463, Fax: 07071/206-499 > eMail: mueller at tropenklinik.de > Internet: www.tropenklinik.de > ----------------------------------------------- > -----Urspr?ngliche Nachricht----- > Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] > Im > Auftrag von Michal Bruncko > Gesendet: Freitag, 27. Juli 2012 14:40 > An: samba at lists.samba.org > Betreff: [Samba] Samba Domain member server - using domain part within > authentication > > Hello list, > > We are using several file servers in our enviroment in following way: > - 1st fileserver is PDC > - 2nd ... Xth are domain memeber server (with security = domain, and joined > in domain via "net rpc join" command) > > When user is logging into 1st fileserver, he can be successfully > authenticated with typing only "username" (without domain part) and his > password from client computer which is NOT part of this domain. > But when user is trying to log in to some domain member server, the > authentication willl not be successful until hi use login in form > "DOMAIN\username" and his password. > I need to note here, that winbind is not running on member servers, just > pure smbd and nmbd daemons. > > Is there any way how to authenticate to member servers without using domain > part in authentication name? > > I am using: > - on Server: samba on CentOS 6 - samba-3.5.10-125.el6.x86_64 > - on Client: windows 7 > > many thanks > > michal > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
Daniel Müller
2012-Aug-07 10:43 UTC
[Samba] Samba Domain member server - using domain part within authentication
The advantage to work with BDCs you will see when your PDC is down. EDV Daniel M?ller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 T?bingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: mueller at tropenklinik.de Internet: www.tropenklinik.de Von: Michal [mailto:timeosko at gmail.com] Gesendet: Dienstag, 7. August 2012 10:59 An: mueller at tropenklinik.de Cc: samba at lists.samba.org Betreff: Re: [Samba] Samba Domain member server - using domain part within authentication Hello Daniel, I understand the role of domain member server. But I have not understood why I have needed to type also domain name prefix during authentication - and this was changed in some of previous relases of samba - currently this needs to be explicitly defined that you want to map "any domain name" provided from computer to "right domain name" used in samba domain. On other way - I dont thnik that the better way is using BDC with direct connection to LDAP server... thanks michal On Mon, Jul 30, 2012 at 8:39 AM, Daniel M?ller <mueller at tropenklinik.de> wrote: Hello, Memberserver: With security=domain, your auth request will be send to your dc and to its success it needs domain\user password. If your logon fails the memberserver tries to authenticate the user local. The better way: work with BDCs/LDAP Greetings Daniel ----------------------------------------------- EDV Daniel M?ller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 T?bingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: mueller at tropenklinik.de Internet: www.tropenklinik.de ----------------------------------------------- -----Urspr?ngliche Nachricht----- Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im Auftrag von Michal Bruncko Gesendet: Freitag, 27. Juli 2012 14:40 An: samba at lists.samba.org Betreff: [Samba] Samba Domain member server - using domain part within authentication Hello list, We are using several file servers in our enviroment in following way: - 1st fileserver is PDC - 2nd ... Xth are domain memeber server (with security = domain, and joined in domain via "net rpc join" command) When user is logging into 1st fileserver, he can be successfully authenticated with typing only "username" (without domain part) and his password from client computer which is NOT part of this domain. But when user is trying to log in to some domain member server, the authentication willl not be successful until hi use login in form "DOMAIN\username" and his password. I need to note here, that winbind is not running on member servers, just pure smbd and nmbd daemons. Is there any way how to authenticate to member servers without using domain part in authentication name? I am using: - on Server: samba on CentOS 6 - samba-3.5.10-125.el6.x86_64 - on Client: windows 7 many thanks michal -- To unsubscribe from this list go to the following URL and read the instructions: ?https://lists.samba.org/mailman/options/samba
Michal Bruncko
2012-Aug-07 11:15 UTC
[Samba] Samba Domain member server - using domain part within authentication
Yes, of course, this is the main reason of BDC role. But there is not any reason to have so much BDC how much (non-PDC) Samba servers are within network. Or other way - there is no such reason using always BDC role instead of classic "domain member server" role within network. And I understood that you have try to tell me this... thanks michal On Tue, Aug 7, 2012 at 12:43 PM, Daniel M?ller <mueller at tropenklinik.de>wrote:> The advantage to work with BDCs you will see when your PDC is down. > > > EDV Daniel M?ller > > Leitung EDV > Tropenklinik Paul-Lechler-Krankenhaus > Paul-Lechler-Str. 24 > 72076 T?bingen > Tel.: 07071/206-463, Fax: 07071/206-499 > eMail: mueller at tropenklinik.de > Internet: www.tropenklinik.de > > Von: Michal [mailto:timeosko at gmail.com] > Gesendet: Dienstag, 7. August 2012 10:59 > An: mueller at tropenklinik.de > Cc: samba at lists.samba.org > Betreff: Re: [Samba] Samba Domain member server - using domain part within > authentication > > Hello Daniel, > > I understand the role of domain member server. But I have not understood > why > I have needed to type also domain name prefix during authentication - and > this was changed in some of previous relases of samba - currently this > needs > to be explicitly defined that you want to map "any domain name" provided > from computer to "right domain name" used in samba domain. > > On other way - I dont thnik that the better way is using BDC with direct > connection to LDAP server... > > thanks > > michal > > On Mon, Jul 30, 2012 at 8:39 AM, Daniel M?ller <mueller at tropenklinik.de> > wrote: > Hello, > > Memberserver: > With security=domain, your auth request will be send to your dc and to its > success it needs domain\user password. > If your logon fails the memberserver tries to authenticate the user local. > The better way: work with BDCs/LDAP > > Greetings > Daniel > > ----------------------------------------------- > EDV Daniel M?ller > > Leitung EDV > Tropenklinik Paul-Lechler-Krankenhaus > Paul-Lechler-Str. 24 > 72076 T?bingen > > Tel.: 07071/206-463, Fax: 07071/206-499 > eMail: mueller at tropenklinik.de > Internet: www.tropenklinik.de > ----------------------------------------------- > -----Urspr?ngliche Nachricht----- > Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] > Im > Auftrag von Michal Bruncko > Gesendet: Freitag, 27. Juli 2012 14:40 > An: samba at lists.samba.org > Betreff: [Samba] Samba Domain member server - using domain part within > authentication > > Hello list, > > We are using several file servers in our enviroment in following way: > - 1st fileserver is PDC > - 2nd ... Xth are domain memeber server (with security = domain, and joined > in domain via "net rpc join" command) > > When user is logging into 1st fileserver, he can be successfully > authenticated with typing only "username" (without domain part) and his > password from client computer which is NOT part of this domain. > But when user is trying to log in to some domain member server, the > authentication willl not be successful until hi use login in form > "DOMAIN\username" and his password. > I need to note here, that winbind is not running on member servers, just > pure smbd and nmbd daemons. > > Is there any way how to authenticate to member servers without using domain > part in authentication name? > > I am using: > - on Server: samba on CentOS 6 - samba-3.5.10-125.el6.x86_64 > - on Client: windows 7 > > many thanks > > michal > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > > >