I did this a few years ago (RHEL 4.0 -- samba 3.0.10) and had a nice working
setup... until the drive developed bad sectors and wouldn't boot. Now
I'm
starting with a fresh OS (ArchLinux -- samba 3.0.31) and trying to recreate
what I had working before.
My previous setup (which worked nicely):
RHEL 4.0 running samba 3.0.10
security = server
password server = <DC's IP>
I'm running in a corp environment where I don't have admin rights to the
domain. Thus I can't run with security=domain because I can't get a
domain
admin to add my samba server to the domain. This appears to be a unique
situation as all the googling I've done on this topic hasn't turned up
anyone else doing this same thing.
But running with security=server allowed anyone I added to the valid users
line access to my samba server without even prompting them for a password.
That is, when they're already logged in to a WinXP box that's joined to
the
domain against which I'm authenticating. Despite the warnings about
security=server, it's the only way I can get seamless[1] authentication and
it's worked great for the past few years.
The problem is that now I'm running on a fresh install and I'm unable to
get
that working again. I have my original smb.conf and secrets.tdb from the
server that worked, but that was an older version of samba (3.0.10 vs
3.0.31).
The symptom I have is: when I try to connect, samba logs the error:
[2008/09/21 05:42:00, 1] auth/auth_server.c:check_smbserver_security(363)
password server 10.102.212.249 rejected the password:
NT_STATUS_LOGON_FAILURE
Suggestions and troubleshooting tips welcome. I've stayed up too late
working on this and I'm probably not thinking clearly anymore.
1: Seamless in the sense of the end user's experience: They logon to their
WinXP machine which is a domain member. They can either click a shortcut or
type \\mysambaserver\sharename and see the share without being prompted for
a password. Files they create are owned by them, they aren't mapped to
guest user.
--
http://theamigo.blogspot.com
