Mark Schoonover
1999-Apr-02 03:50 UTC
(Long) Newbie Question on Authentification w/ 2.0.3 & PDC
Thanks for Reading! Installed 2.0.3 with remote browsing and as a domain member per the docs. All is going just fine, but I have noticed something interesting about authenticating against the PDC. I have created accounts on the UNIX side ( Slack 3.5 , kernel 2.0.36 ) with temp passwords. The account names on the Linux side match the usernames on the NT side, but the passwords are different. I have created the appropriate groups on the Linux box, and through SWAT, have assigned the correct groups for write and read access to the shares. From all the docs I've read - which is about all of them - I was under the impression that passwords on both NT and Samba had to be the same! This is clearly not the case, unless I delete the username on the Linux side or take the username out of the group, then samba reports: [1999/04/01 19:27:20, 0] smbd/password.c:domain_client_validate(1365) domain_client_validate: unable to validate password for user podunk in domain AG to Domain controller FOO. Error was NT_STATUS_WRONG_PASSWOR As long as the username on Linux is there, then no matter what the password is it will allow access to the share. Is this by design or did I royally mess things up?? Thanks again! .mark =============================================== Mark Schoonover KA6WKE IS Manager Trail Runner,HAM schoon@amgt.com ka6wke@wb6dgr.#sca.ca.usa.noam http://www.qsl.net/ka6wke ka6wke-1 145.05 Mobile: 146.52 & 28.470 Long: 32.85380 Lat: -117.00980 Grid: DM12LU =================================================
Matt Chapman
1999-Apr-02 04:48 UTC
(Long) Newbie Question on Authentification w/ 2.0.3 & PDC
Mark Schoonover wrote:> > Installed 2.0.3 with remote browsing and as a domain member per the > docs. All is going just fine, but I have noticed something interesting > about authenticating against the PDC. > .. > As long as the username on Linux is there, then no matter what the > password is it will allow access to the share. Is this by design or did > I royally mess things up??The idea of domain authentication is that Samba will validate passwords against the PDC. Thus the user's UNIX password is irrelevant. Matt -- Matt Chapman m.chapman@student.unsw.edu.au