samba - Oct 2003 - Samba 3 pre01 security=domain problem to accessfromxpclient

> -----Original Message-----
> From: jean-marc pouchoulon
> [mailto:jean-marc.pouchoulon@ac-montpellier.fr]
> Sent: mercredi 22 octobre 2003 14:54
> To: 'jean-marc pouchoulon'; samba@lists.samba.org
> Cc: eric.jourdan@ac-montpellier.fr
> Subject: RE : [Samba] Samba 3 pre01 security=domain problem to
> accessfromxpclient
> 
> 
> Just one more thing
> With security = server it works.
> 
> 
> -----Message d'origine-----
> De :
> samba-bounces+jean-marc.pouchoulon=ac-montpellier.fr@lists.samba.org
> [mailto:samba-bounces+jean-marc.pouchoulon=ac-montpellier.fr@l
> ists.samba
> .org] De la part de jean-marc pouchoulon
> Envoy? : mercredi 22 octobre 2003 14:50
> ? : samba@lists.samba.org
> Cc : eric.jourdan@ac-montpellier.fr
> Objet : [Samba] Samba 3 pre01 security=domain problem to access
> fromxpclient
> 
> 
> I try to implement a new server using domain auth 
> ( server , pdc , bdc are on redhat 9 samba3pre1)
> 
> 
> Smb.conf of server:
> 
> [global]
>         workgroup = DOMAIN
>         netbios name = G4
>         server string = %h server (Samba %v)
>         security = domain
>         password server = SERV2 SERV3 (PDC and BDC)
> 
>         wins support = no
>         wins proxy = no
>         wins server = ip_address_of_wins_server
> 
>         domain master = no
>         local master = no
>         preferred master = no
>         os level = 0
> 
> 
>         log level = 99
>         log file = /var/log/samba/log.%m
>         socket options = TCP_NODELAY IPTOS_LOWDELAY
> 
> [homes]
>         comment = Espace Partag? pour les utilisateurs
>         browseable = yes
>         path = %H
>         writable = yes
>         create mode = 0700
> 
> Net join to DOMAIN was done without problem. 
Bonjour Jean-Marc,

how do you propagate the Unix accounts from your PDC&BDC to your member
server in order to allow user auth from Samba ?
Eg. you must have a Unix account for each Samba account allowed to access the
member server.

Personally, I use LDAP, with a RH9 PDC (and in a few days a RH9 BDC), and a
Solaris 9 member server.

You could also use winbind, but you would have different uid/gid for the same
user on the different unix machines. It was my mistake if you have a look at my
previous SOSes on this list.

If you need only a small subset of user to access this member server, you could
also just add the unix accounts in the local /etc/passwd

Also, one of the problem I encountered is that I tried to specify an "auth
methods =" string, even when specifying "guest, sam". But it
failed. So removing it helped a lot.

HTH, best regards,

J?r?me


**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager. LogicaCMG
**********************************************************************

>how do you propagate the Unix accounts from your PDC&BDC to your member
server in order to allow user auth from Samba ? 

Ldap posixaccount

>Also, one of the problem I encountered is that I tried to specify an
"auth methods =" string, even when specifying >"guest,
sam". But it
failed. So removing it helped a lot.

I try to play with that without any success.

Could anyone tell me more about security = domain versus security server ?
I found few things but nothing explained in details. I understand only
that in security = domain the auth is done 
One time.

The problem is probably on the xp client. Can someone can explain the
registry keys involved in communication between sambaAnd xp ? ( for
instance, I change only "requiresignorseal"=dword:00000000 and it
works
well with samba 3 as DC )

Thanks 

	jean-marc
> -----Original Message-----
> From: jean-marc pouchoulon 
> [mailto:jean-marc.pouchoulon@ac-montpellier.fr]
> Sent: mercredi 22 octobre 2003 14:54
> To: 'jean-marc pouchoulon'; samba@lists.samba.org
> Cc: eric.jourdan@ac-montpellier.fr
> Subject: RE : [Samba] Samba 3 pre01 security=domain problem to 
> accessfromxpclient
> 
> 
> Just one more thing
> With security = server it works.
> 
> 
> -----Message d'origine-----
> De :
> samba-bounces+jean-marc.pouchoulon=ac-montpellier.fr@lists.samba.org
> [mailto:samba-bounces+jean-marc.pouchoulon=ac-montpellier.fr@l
> ists.samba
> .org] De la part de jean-marc pouchoulon
> Envoy? : mercredi 22 octobre 2003 14:50
> ? : samba@lists.samba.org
> Cc : eric.jourdan@ac-montpellier.fr
> Objet : [Samba] Samba 3 pre01 security=domain problem to access 
> fromxpclient
> 
> 
> I try to implement a new server using domain auth
> ( server , pdc , bdc are on redhat 9 samba3pre1)
> 
> 
> Smb.conf of server:
> 
> [global]
>         workgroup = DOMAIN
>         netbios name = G4
>         server string = %h server (Samba %v)
>         security = domain
>         password server = SERV2 SERV3 (PDC and BDC)
> 
>         wins support = no
>         wins proxy = no
>         wins server = ip_address_of_wins_server
> 
>         domain master = no
>         local master = no
>         preferred master = no
>         os level = 0
> 
> 
>         log level = 99
>         log file = /var/log/samba/log.%m
>         socket options = TCP_NODELAY IPTOS_LOWDELAY
> 
> [homes]
>         comment = Espace Partag? pour les utilisateurs
>         browseable = yes
>         path = %H
>         writable = yes
>         create mode = 0700
> 
> Net join to DOMAIN was done without problem.