Mark Schubert
2003-May-21 00:25 UTC
[Samba] Samba security setup in an NT domain with multiple domains
Dear Samba, We have a global NT network with multiple domains. We have a unix server from which we are just wanting to share some directories to the NT users. At this stage we use security=server and point the server to a domain controller. This works great for authentication in the local domain because our NT usernames match our unix usernames, so the users don't even need to enter a Samba specific username/password when opening up a share. However, for the other domains to get access to the server we are having some trouble. Usually we can see the server in the browse list, however we get errors like "Network path not found", or get a prompt for a username/password when trying to open a share. With my scant understanding of NT domains I believe this has to do with NT trusts. Is this true? Is there an easy way to approach this, bear in mind we really don't want to use smbpasswd because then the users need to remember and maintain another password. If the only way is to fix up the NT domains, what is required to do this? Please reply directly to me as I am not on the list. TIA, Mark
John H Terpstra
2003-Jun-03 04:55 UTC
[Samba] Samba security setup in an NT domain with multiple domains
Mark, Firstly, you will solve a lot by using "security = domain" and then joining the machine to the domain as described in the Samba HOWTO. Secondly, Samba-3.0.0 will make life much better. It is due into Beta test within days. - John T. On Wed, 21 May 2003, Mark Schubert wrote:> Dear Samba, > > We have a global NT network with multiple domains. We have a unix server > from which we are just wanting to share some directories to the NT users. At > this stage we use security=server and point the server to a domain > controller. This works great for authentication in the local domain because > our NT usernames match our unix usernames, so the users don't even need to > enter a Samba specific username/password when opening up a share. > > However, for the other domains to get access to the server we are having > some trouble. Usually we can see the server in the browse list, however we > get errors like "Network path not found", or get a prompt for a > username/password when trying to open a share. > > With my scant understanding of NT domains I believe this has to do with NT > trusts. Is this true? Is there an easy way to approach this, bear in mind we > really don't want to use smbpasswd because then the users need to remember > and maintain another password. > > If the only way is to fix up the NT domains, what is required to do this? > > Please reply directly to me as I am not on the list. > > TIA, > Mark > >-- John H Terpstra Email: jht@samba.org