On Wed, 8 Oct 2003, Bill Robinson wrote:
>
> A couple questions about how authentication works in Samba:
>
> -Is there a way to authenticate to a Samba PDC that does not require
machine
> and (domain) user accounts to be in the /etc/passwd file (- a way other
then
> LDAP or NIS)?
>
> -A follow up to that - is what is the purpose of requiring machines/users
in
> both the /etc/passwd file and the smbpasswd file? - i read something about
> needing to resolve the machines/users but not a full explaination. To me
it
> seems that if I'm authenticating against Samba that's all it should
need to
> do - it's not like it's converting the NTLM hash to crypt or
something right?
> (since i can have different UNIX/Samba passwds)
>
> Basically the problem I'm trying to solve is to create an NT 4-style
domain w/
> Samba, but not creating UNIX accounts on the PDC machine for the Windows
> domain users. I only need Windows machines to authenticate to this domain.
>
> If there's a way to fake out Samba and point it to another file
> besides /etc/passwd that would work I think....just a thought. I've
also
> thought of AD/Kerberos but that is not an option either in this
environment.
>
> I've googled a bit for anything on the /etc/passwd issue but didn't
turn
> anything up, other then using LDAP or NIS (which aren't options) and I
didn't
> really see anything in the Samba docs - so any pointers in the right
direction
> would be appreciated. I've also looked into the PCNetlink, but that
does not
> seem to be well supported.
>
> This is for Samba 3.0 running as a NT4-style PDC on Solaris 2.8.
Bill,
Have you looked at the Samba-HOWTO-Collection.pdf that ships with
Samba-3.0.0?
The chapter "Account Information Databases" answers your questions.
Please
let me know specifically what has not been well enough explained. What
needs to be better documented?
- John T.
--
John H Terpstra
Email: jht@samba.org