Hetman, Greg (CSC)
2002-Sep-23 18:27 UTC
[Samba] Windows NT Domain Support for Samba Shares
I am looking for assistance in configuring Samba to support shares in a Windows NT Domain. I believe I have everything configured properly, however I am unable to get a Windows NT Domain userid to work in a Samba share. In my smb.conf, I have the following options [global] workgroup = resdomain netbios name = hetmanlinux security = domain password server = * username map = /etc/samba/users.map allow trusted domains = yes encrype passwords = yes smb passwd file = /etc/samba/smbpasswd wins server = x.x.x.x dns proxy = yes [linuxshare] comment = Linux Files path = /home/hetmang/linuxshare read only = no valid users = hetmang \\domain\\whtest create mask = 644 Now my /etc/samba/users/map has the following: hetmang = \\domain\\whtest ** hetmang is a valid UNIX user on this machine ** Here are some questions regarding this setup. My machine has an NT computer account created in resdomain. I ran the utility to add the SMB server to that domain, and it appears to work. If I go on a client machine, which is logged into a Windows NT Domain domain\whtest, and connect to \\hetmanlinux I see the share. When I double click on it, I should connect right into it, instead I get prompted for a username and password. If I enter in a correct username and password, it keeps prompting me for a username and password. If I type domain\whtest2 and a password (whtest2 is not a valid username), I get an error in my log.machinename which says "domain_client_validate: unable to validate password for user whtest2 in domain domain to domain controller *. Error was NT_STATUS_NO_SUCH_USER.". If I enter a correct username and password, I get no errors in the log file. This leads me to believe that Domain Authentication is working properly, just my userid does not have access to the share. What is the correct way to allow users to have access to a share using domain authentication? I see no documentation that shows an example of how to do this. Would "valid users" be a UNIX user or a domain user? What is the format for putting a Domain users in this field if this is required? If a valid users is only a mapped unix user, what is the format in which file to do this mapping. I saw in some documentation that there were commands "domain logins = yes" and "domain user map = /etc/samba/domuser.map" for Domain user mappings, however when I enter these settings under Global, I get errors that this is an unknown parameter. I do not see these commands in the smb.conf man pages though.. I was running smb 2.2.3a and upgraded to 2.2.5 to see if this helps. I also installed samba-winbind along with samba-server, samba-common, and samba-client. Any help would be really appreciated as I have been working on this problem for days and have not gotten anywhere. Thanks. Greg Hetman