I've had the Samba server join the domain and set security = domain. I also
have named 3 domain controllers as security servers. I guess what I'm
missing is how to get the Samba server to accept client connections from the
NT Domain without creating an account somewhere on the Linux machine. I'm
sure it's something simple, but I don't know what it is. Here's the
config:
# Samba config file created using SWAT
# from XXX.XXX.XXX.XXX (XXX.XXX.XXX.XXX)
# Date: 2000/01/04 10:40:28
# Global parameters
[global]
workgroup = AADL.ORG
netbios name = LXTEST1
netbios aliases =
server string = Samba 2.0.5
interfaces =
bind interfaces only = No
security = DOMAIN
encrypt passwords = Yes
update encrypted = No
allow trusted domains = Yes
hosts equiv =
min passwd length = 5
map to guest = Never
null passwords = Yes
password server = STAFF, ADMIN, EXCHANGE
smb passwd file = /etc/samba.d/smbpasswd
root directory = /
passwd program = /usr/bin/passwd
passwd chat = *old*password* %o\n *new*password* %n\n *new*password*
%n\n *changed*
passwd chat debug = No
username map =
password level = 0
username level = 0
unix password sync = No
restrict anonymous = No
use rhosts = No
log level = 1
syslog = 1
syslog only = No
log file =
max log size = 5000
timestamp logs = Yes
protocol = NT1
read bmpx = No
read raw = Yes
write raw = Yes
nt smb support = Yes
nt pipe support = Yes
nt acl support = Yes
announce version = 4.2
announce as = NT
max mux = 50
max xmit = 65535
name resolve order = lmhosts host wins bcast
max packet = 65535
max ttl = 259200
max wins ttl = 518400
min wins ttl = 21600
time server = No
change notify timeout = 60
deadtime = 0
getwd cache = Yes
keepalive = 300
lpq cache time = 10
max disk size = 0
max open files = 10000
read prediction = No
read size = 16384
shared mem size = 1048576
socket options =
stat cache size = 50
load printers = No
printcap name = /etc/printcap
printer driver file = /etc/samba.d/printers.def
strip dot = No
character set =
mangled stack = 50
coding system =
client code page = 850
stat cache = Yes
domain groups =
domain admin group =
domain guest group =
domain admin users =
domain guest users =
machine password timeout = 604800
add user script =
delete user script =
logon script =
logon path = \\%N\%U\profile
logon drive =
logon home = \\%N\%U
domain logons = No
os level = 0
lm announce = Auto
lm interval = 60
preferred master = No
local master = No
domain master = No
browse list = Yes
dns proxy = Yes
wins proxy = No
wins server = 204.38.6.179
wins support = No
kernel oplocks = Yes
ole locking compatibility = Yes
oplock break wait time = 10
smbrun = /usr/bin/smbrun
config file =
preload =
lock dir = /var/lock/samba.d
default service =
message command =
dfree command =
valid chars =
remote announce =
remote browse sync =
socket address = 0.0.0.0
homedir map =
time offset = 0
unix realname = No
NIS homedir = No
panic action =
comment =
path =
alternate permissions = No
revalidate = No
username =
guest account = nobody
invalid users =
valid users =
admin users =
read list =
write list =
force user =
force group =
read only = Yes
create mask = 0744
force create mode = 00
security mask = 037777777777
force security mode = 037777777777
directory mask = 0755
force directory mode = 00
directory security mask = 037777777777
force directory security mode = 037777777777
guest only = No
guest ok = No
only user = No
hosts allow =
hosts deny =
status = Yes
max connections = 0
min print space = 0
strict sync = No
sync always = No
print ok = No
postscript = No
printing = bsd
print command = lpr -r -P%p %s
lpq command = lpq -P%p
lprm command = lprm -P%p %j
lppause command =
lpresume command =
queuepause command =
queueresume command =
printer name =
printer driver = NULL
printer driver location =
default case = lower
case sensitive = No
preserve case = Yes
short preserve case = Yes
mangle case = No
mangling char = ~
hide dot files = Yes
delete veto files = No
veto files =
hide files =
veto oplock files =
map system = No
map hidden = No
map archive = Yes
mangled names = Yes
mangled map =
browseable = Yes
blocking locks = Yes
fake oplocks = No
locking = Yes
mangle locks = Yes
oplocks = Yes
level2 oplocks = No
oplock contention limit = 2
strict locking = No
share modes = Yes
copy =
include =
exec =
postexec =
root preexec =
root postexec =
available = Yes
volume =
fstype = NTFS
set directory = No
wide links = Yes
follow symlinks = Yes
dont descend =
magic script =
magic output =
delete readonly = No
dos filetimes = No
dos filetime resolution = No
fake directory create times = No
Thanks again for the help,
Scott
-----Original Message-----
From: John J. LeMay Jr. [mailto:jlemay@njmc.com]
Sent: Tuesday, January 04, 2000 8:58 AM
To: Scott McGillivray
Cc: Multiple recipients of list SAMBA
Subject: Re: Account management...newbie question
I think what you want to do is set security=server and set the password
server to the name of your PDC or a local BDC (if your PDC is located at a
remote site).
On Wed, 5 Jan 2000, Scott McGillivray wrote:
> Hi all,
>
> I'm currently in the process of piloting a Samba server for file/print
in
a> Windoze NT network. I'm using Samba 2.0.5 on Caldera OpenLinux 2.3
I've
> been managing Windows networks for quite a while, but Linux/Samba is new
to> me.
>
> What I want to know is: Other than making my Samba server a domain
> controller, is there a relatively easy way to import my existing user
> accounts (and administrative groups) from my NT network into my Linux box?
> I don't have a huge user base (only 300 or so) but don't relish the
thought> of having to create all of those users again, twice if you count
smbpasswd.>
>
> If possible, I'd like to use something that's either web-based or
runs on
> the command line so I don't have to install X on the server. I know
that
> might not be possible, but I thought I'd ask... ;)
>
> Since I'd want to use the Samba to serve users' home directories
and
> departmental shares, this is kind of important. I'd be willing to do
the
> daily account administration if I could get an initial dump from NT, but
> would rather not have to make things so complicated.
>
> Any help at all would be...well, helpful. Please feel free to email me if
> I've been unclear about this.
>
> Thanks,
> Scott
>
> ----------------------------
> Scott McGillivray
> Network Administrator
> Ann Arbor District Library
> mcgillivrays@aadl.org
>