samba - Jan 2003 - Samba Authentication against NT domain

Skipped content of type multipart/alternative-------------- next part
--------------
A non-text attachment was scrubbed...
Name: aswrule.gif
Type: image/gif
Size: 2086 bytes
Desc: not available
Url :
http://lists.samba.org/archive/samba/attachments/20030109/f9f81cfe/aswrule.gif
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Sweets Bkgrd.gif
Type: image/gif
Size: 917 bytes
Desc: not available
Url :
http://lists.samba.org/archive/samba/attachments/20030109/f9f81cfe/SweetsBkgrd.gif

Hi

You have to set the parameter security to domain or server;

security = server --> if you are going to use another samba box to
authenticate

Security = domain --> if you are going to use a NT box to authenticate

if you use "domain" you have to set "encrypt passwords =
yes" and
"password server = your-pdc your-bdc"

I thing that?s all..


On Thu, 2003-01-09 at 12:10, Gram, Danielle A. wrote:
> Hi Everyone, 
>     
>     I have Samba version 2.2.2 installed on an HP-UX 11.0 server.  With
> Samba, I have users on NT/2000 clients mapping drives to the server, but I
> want it to authenticate automatically (against their NT domain accounts).
> Currently, when a user maps a drive to the server, they are prompted for a
> Samba password.  But, I only want to create one account for each user on
the
> UNIX server and have them authenticate and map automatically (without being
> prompted), so I don't have to create Samba accounts too.
>  
>     Currently, we have another server running Samba that is doing this, but
> I can't remember what the setting/configuration is.  I have searched
all
> through SWAT and haven't found it.  I was thinking there was a switch
in
> some other file...??
>  
> Any ideas??  I would really appreciate any help...
>  
> Thanks,
> Danielle
>  
> ****************************** 
>   Danielle A. Gram 
> ________________________________ 
>   Phone: (330) 471-3081 
>   E-Mail: gramd@timken.com
> ****************************** 
> 
> 
> 
> 
> 
> **********************************************************************
> This message and any attachments are intended for the 
> individual or entity named above. If you are not the intended
> recipient, please do not forward, copy, print, use or disclose this 
> communication to others; also please notify the sender by 
> replying to this message, and then delete it from your system. 
> 
> The Timken Company
> **********************************************************************
> 
-- 
--------------------------------
  Aldo Damian Ambriz Martinez
   Depto Sistemas Operativos
El Palacio de Hierro S.A. de C.V
      52295401 ext 1118
--------------------------------

Hi, 
	
	Thank you for the information, but I already have all those settings
in my smb.conf file.  Actually, I have compared the two smb.conf files (on
the system that works and the one that doesn't) and they are EXACTLY the
same except for server name and IP address.  

	I was thinking there was some other file or setting, possibly in the
OS and not in the regular Samba files???

Any other ideas?
Thanks again,
Danielle

-----Original Message-----
From: Aldo Damian Ambriz Martinez -- Unix SysAdmin
[mailto:aldo@neon.palaciohierro.com.mx]
Sent: Thursday, January 09, 2003 1:42 PM
Cc: 'samba@lists.samba.org'
Subject: Re: [Samba] Samba Authentication against NT domain


Hi

You have to set the parameter security to domain or server;

security = server --> if you are going to use another samba box to
authenticate

Security = domain --> if you are going to use a NT box to authenticate

if you use "domain" you have to set "encrypt passwords =
yes" and
"password server = your-pdc your-bdc"

I thing that?s all..


On Thu, 2003-01-09 at 12:10, Gram, Danielle A. wrote:
> Hi Everyone, 
>     
>     I have Samba version 2.2.2 installed on an HP-UX 11.0 server.  With
> Samba, I have users on NT/2000 clients mapping drives to the server, but I
> want it to authenticate automatically (against their NT domain accounts).
> Currently, when a user maps a drive to the server, they are prompted for a
> Samba password.  But, I only want to create one account for each user on
the
> UNIX server and have them authenticate and map automatically (without
being
> prompted), so I don't have to create Samba accounts too.
>  
>     Currently, we have another server running Samba that is doing this,
but
> I can't remember what the setting/configuration is.  I have searched
all
> through SWAT and haven't found it.  I was thinking there was a switch
in
> some other file...??
>  
> Any ideas??  I would really appreciate any help...
>  
> Thanks,
> Danielle
>  
> ****************************** 
>   Danielle A. Gram 
> ________________________________ 
>   Phone: (330) 471-3081 
>   E-Mail: gramd@timken.com
> ****************************** 
> 
> 
> 
> 
> 
> **********************************************************************
> This message and any attachments are intended for the 
> individual or entity named above. If you are not the intended
> recipient, please do not forward, copy, print, use or disclose this 
> communication to others; also please notify the sender by 
> replying to this message, and then delete it from your system. 
> 
> The Timken Company
> **********************************************************************
> 
-- 
--------------------------------
  Aldo Damian Ambriz Martinez
   Depto Sistemas Operativos
El Palacio de Hierro S.A. de C.V
      52295401 ext 1118
--------------------------------

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Danielle,

Did you join the domain with the 
new Samba server?

   smbpasswd -j DOMAIN -U Administrator

(or something similar).

Good luck,

Troy
>>> "Gram, Danielle A." <gramd@timken.com> 01/09/03
12:59PM >>>
Any other ideas?
On Thu, 2003-01-09 at 12:10, Gram, Danielle A. wrote:
> Hi Everyone, 
>     
>     I have Samba version 2.2.2 installed on an HP-UX 11.0 server.  With
> Samba, I have users on NT/2000 clients mapping drives to the server, but
I
> want it to authenticate automatically (against their NT domain
accounts).
> Currently, when a user maps a drive to the server, they are prompted for
a
> Samba password.  But, I only want to create one account for each user
on
the
> UNIX server and have them authenticate and map automatically (without
being
> prompted), so I don't have to create Samba accounts too.
>  
>     Currently, we have another server running Samba that is doing this,
but
> I can't remember what the setting/configuration is.  I have searched
all
> through SWAT and haven't found it.  I was thinking there was a switch
in
> some other file...??
>  
> Any ideas??  I would really appreciate any help...

Thanks very much!  That worked!

-----Original Message-----
From: Aldo Damian Ambriz Martinez -- Unix SysAdmin
[mailto:aldo@neon.palaciohierro.com.mx]
Sent: Thursday, January 09, 2003 2:48 PM
Cc: 'samba@lists.samba.org'
Subject: RE: [Samba] Samba Authentication against NT domain


Try something like this...

[global]
workgroup = yourdomain
security = domain
encrypt passwords = yes
password server = pdc bdc

------

# smbpasswd -j yourdomain -Uadministrator%password

# useradd machine% --> with the dollar sign
# smbpasswd -a -m machine

machine = your server. 

bye

On Thu, 2003-01-09 at 12:59, Gram, Danielle A. wrote:
> Hi, 
> 	
> 	Thank you for the information, but I already have all those settings
> in my smb.conf file.  Actually, I have compared the two smb.conf files (on
> the system that works and the one that doesn't) and they are EXACTLY
the
> same except for server name and IP address.  
> 
> 	I was thinking there was some other file or setting, possibly in the
> OS and not in the regular Samba files???
> 
> Any other ideas?
> Thanks again,
> Danielle
> 
> -----Original Message-----
> From: Aldo Damian Ambriz Martinez -- Unix SysAdmin
> [mailto:aldo@neon.palaciohierro.com.mx]
> Sent: Thursday, January 09, 2003 1:42 PM
> Cc: 'samba@lists.samba.org'
> Subject: Re: [Samba] Samba Authentication against NT domain
> 
> 
> Hi
> 
> You have to set the parameter security to domain or server;
> 
> security = server --> if you are going to use another samba box to
> authenticate
> 
> Security = domain --> if you are going to use a NT box to authenticate
> 
> if you use "domain" you have to set "encrypt passwords =
yes" and
> "password server = your-pdc your-bdc"
> 
> I thing that?s all..
> 
> 
> On Thu, 2003-01-09 at 12:10, Gram, Danielle A. wrote:
> > Hi Everyone, 
> >     
> >     I have Samba version 2.2.2 installed on an HP-UX 11.0 server. 
With
> > Samba, I have users on NT/2000 clients mapping drives to the server,
but
I
> > want it to authenticate automatically (against their NT domain
accounts).
> > Currently, when a user maps a drive to the server, they are prompted
for
a
> > Samba password.  But, I only want to create one account for each user
on
> the
> > UNIX server and have them authenticate and map automatically (without
> being
> > prompted), so I don't have to create Samba accounts too.
> >  
> >     Currently, we have another server running Samba that is doing
this,
> but
> > I can't remember what the setting/configuration is.  I have
searched all
> > through SWAT and haven't found it.  I was thinking there was a
switch in
> > some other file...??
> >  
> > Any ideas??  I would really appreciate any help...
> >  
> > Thanks,
> > Danielle
> >  
> > ****************************** 
> >   Danielle A. Gram 
> > ________________________________ 
> >   Phone: (330) 471-3081 
> >   E-Mail: gramd@timken.com
> > ****************************** 
> > 
> > 
> > 
> > 
> > 
> > **********************************************************************
> > This message and any attachments are intended for the 
> > individual or entity named above. If you are not the intended
> > recipient, please do not forward, copy, print, use or disclose this 
> > communication to others; also please notify the sender by 
> > replying to this message, and then delete it from your system. 
> > 
> > The Timken Company
> > **********************************************************************
> > 
> -- 
> --------------------------------
>   Aldo Damian Ambriz Martinez
>    Depto Sistemas Operativos
> El Palacio de Hierro S.A. de C.V
>       52295401 ext 1118
> --------------------------------
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
-- 
--------------------------------
  Aldo Damian Ambriz Martinez
   Depto Sistemas Operativos
El Palacio de Hierro S.A. de C.V
      52295401 ext 1118
--------------------------------

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

At 01:48 PM 1/9/2003 -0600, you wrote:
>Try something like this...
...
>
># useradd machine% --> with the dollar sign
># smbpasswd -a -m machine
Is this command required? its for samba acting as PDC only.

from man page :

       -m     This  option tells smbpasswd that the account being
              changed is a MACHINE  account.  Currently  this  is
              used  when  Samba  is  being  used as an NT Primary
              Domain Controller.

No, not in my experience. 

Since Samba (in "domain" mode) will forward all authentication
requests to
the PDC of the domain, it just has to join the domain (which causes the PDC
to create a machine account for the Samba server automagically). 
>>> Beast <beast@setuid.com> 01/09/03 20:20 PM >>>
At 01:48 PM 1/9/2003 -0600, you wrote:
>Try something like this...
...
>
># useradd machine% --> with the dollar sign
># smbpasswd -a -m machine
Is this command required? its for samba acting as PDC only.

from man page :

       -m     This  option tells smbpasswd that the account being
              changed is a MACHINE  account.  Currently  this  is
              used  when  Samba  is  being  used as an NT Primary
              Domain Controller.

At 06:51 AM 1/10/2003 -0600, Troy.A Johnson wrote:
>No, not in my experience. 
>
>Since Samba (in "domain" mode) will forward all authentication
requests to
Correct, in fact we can have blank smbpasswd as long as account already in
/etc/passwd.
however, problem with this "forward" model is we need to add this
samba
server to allowed logon w/s in nt user account, still not similar to NT
domain member :(
>the PDC of the domain, it just has to join the domain (which causes the PDC
>to create a machine account for the Samba server automagically). 
>
machine account will be store in pdc (nt), not samba.