>Date: Wed, 24 Feb 1999 15:27:19 +0100 (CET)
>From: "\"Johan Roos\"" <roos@goofy.rsn.hk-r.se>
>To: samba@samba.org
>Subject: Problems with server=domain
>Message-ID:
<Pine.LNX.4.04.9902241526040.3422-100000@goofy.rsn.hk-r.se>
> workgroup = INFO
> netbios name = RUT
> security = DOMAIN
> encrypt passwords = Yes
> password server = ARCH BERMUDA
>Now the problems starts, when a user on an NT-machine on our network try
>to
>access the shares on RUT he gets promted for password and username
>allthough it
>works fine on other servers getting their authentication through ARCH and
>BERMUDA. If I add a user on RUT with smbpasswd -a that user can access the
>shares but the smbclient then reports that the server is in user mode.
>
>Please help.
In your case, it seems to be that NT-login-name is not a domain user, and
when
NT client gets a prompt for ID/Password, it does not pass a correct
SID/Password
to ARCH .
Case 1:
If you login NT client( which is a member of INFO) with domain user
ID(RID)
---for example, roos--- and correct password, then you would not get
any prompt for username/password.
Case 2:
if you login NT client with a local user ID -- for example, johan who is
not
a user of domain INFO--, when you access RUT, you will get that prompt
for username/password. Then if you type in
info\roos -- domain user name -- with its password
ARCH will pass you, otherwise such as roos alone or johan as the
username, then
the authentication will be failure and RUT will do its own authentication
with
SAMBA password file( return to security = user).
I have a similar network structure except I do not set up a Samba password
file, I just use usernames map file to map domain users to UNIX users. I am
not so sure about the authentication algorithm, just from my experience, the
authentication way is like that
when a client make the access to RUT, client will pass the
username/password
to ARCH via RUT, if it is the first time access to RUT, then the
username/password
will be your client-login-ones, if it is failure, then RUT will check its
own password
file(for NT server usually do authentication in encrypted mode, SAMBA will
not
check UNIX password file). if it is failure too, then you will get prompt
for ID/PASSWORD.
here your need to pass SID(?) but not RID(?).
I hope these will help to solve your problem
-------------
My problems
(a)Do someones know how to pass a SID to a domain PDC with Windows95/98
client?
workgroup = domain
security = domain
password server = PDC, BDC
SAMBA 2.0.2 on Solaris 2.5, NIS++, PDC is NT4.0 SP4.
I have tried to mount a share on SAMBA server with
drive: \\SAMBA-Server\share%domain\username
but it did not work.
(b)Strange log ?
From Windows95 with username fred who is a domain user and has a map to
a Samba server, I did a mount as below
drive: \\SAMBA-Server\andy%domain\andy
where domain\andy is a domain user, and andy is a unix user. then I got
a
log
connected to service andy as user fred.
~~~~ ~~~~
in Samba logfile.
but in fact the connection was to fred's unix home not andy's home!
~~~~~~~~~~~~~~~
~~~~~~~~~~~~
there was no any errors appeared.
(home section in smb.conf is set as below
[home]
path = /home/%u/PChome
browseable = no
)
Something was wrong?
Thanks.
Lubin
lubin.wang@toshiba.co.jp