Results 1 to 7 of 7

Thread: Samba - have authentication ignore client's domain?

  1. #1
    mallen324 NNTP User

    Question Samba - have authentication ignore client's domain?

    Hello,

    I've tried googling this for hours, so I figured I filled the
    prerequisite to post and ask for help. Anyways...

    At work, we have a samba file server, let's call it "server1". Well,
    it's getting old and filled up, so I was put on the task of making
    "server2". Everything's going well, got the RAID set up, along with
    the OS (Linux Mint - a flavor of OpenSUSE, I believe).

    The security on the smb.conf file is set to domain (on server1 and
    server2) However, when connecting to Server1 on an XP machine that is
    not on MY_NTDomain, it accepts the username without the user having to
    type in "MY_NTDomain/username" in the username box. Server2 has the
    (nearly) the same smb.conf file but does require the user to type in
    "MY_NTDomain/username" if the machine is not on the domain.

    I did not set up Server1, so I have no idea how the creator got domain
    security to ignore the client's domain (I'm pretty new to Linux).

    Here's my smb.conf file if it helps:

    ++++++++++++++++++++++++++++++++++++++++++++++++++++
    ++++++++++++++++++++++++++++++++++++++++++++++++++++


    [global]
    workgroup = MY_NTDOMAIN
    netbios name = server2

    username map = /etc/samba/user.map

    server string = %h

    wins support = no
    wins server = 164.76.7.35

    dns proxy = no

    log file = /var/log/samba/log.%m
    max log size = 1000

    syslog = 0

    panic action = /usr/share/samba/panic-action %d


    ####### Authentication #######

    security = domain

    encrypt passwords = yes

    passdb backend = tdbsam

    obey pam restrictions = yes

    invalid users = root

    passwd program = /usr/bin/passwd %u
    passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
    *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully*
    .




    ############ Misc ############

    socket options = TCP_NODELAY

    domain master = no



    #======================= Share Definitions =======================

    [cot_tech]
    path = /media/disk/
    writable = yes
    create mask = 0755
    directory mask = 0755


    ++++++++++++++++++++++++++++++++++++++++++++++++++++
    ++++++++++++++++++++++++++++++++++++++++++++++++++++

    I know it seems kind of odd that I have domain security going on, yet
    am trying to get around that, but any help would be greatly
    appreciated... If it's another file I need to look at / compare to
    Server1's, let me know. I checked the Samba file in the PAM.d
    directory, and I don't think it's to do with that.

    Thanks in advance.
    -Mark

  2. #2
    PV NNTP User

    Default Re: Samba - have authentication ignore client's domain?

    On Mon July 27 2009 12:56 pm, mallen324 wrote:

    >
    > Hello,
    >
    > I've tried googling this for hours, so I figured I filled the
    > prerequisite to post and ask for help. Anyways...
    >
    > At work, we have a samba file server, let's call it "server1". Well,
    > it's getting old and filled up, so I was put on the task of making
    > "server2". Everything's going well, got the RAID set up, along with
    > the OS (Linux Mint - a flavor of OpenSUSE, I believe).
    >
    > The security on the smb.conf file is set to domain (on server1 and
    > server2) However, when connecting to Server1 on an XP machine that is
    > not on MY_NTDomain, it accepts the username without the user having to
    > type in "MY_NTDomain/username" in the username box. Server2 has the
    > (nearly) the same smb.conf file but does require the user to type in
    > "MY_NTDomain/username" if the machine is not on the domain.
    >
    > I did not set up Server1, so I have no idea how the creator got domain
    > security to ignore the client's domain (I'm pretty new to Linux).
    >
    > Here's my smb.conf file if it helps:
    >
    > ++++++++++++++++++++++++++++++++++++++++++++++++++++
    > ++++++++++++++++++++++++++++++++++++++++++++++++++++

    <snip>
    mallen324;

    Can you post a bit more information please?
    1. What version of Samba is running on Server1 & Server2?
    Code:
    smbd -V
    2. Is Server1 the PDC or is there a WindowsNT PDC with Server[1,2] just
    member servers? (or perhaps no PDC ?)

    --
    P. V.
    "We're all in this together, I'm pulling for you." Red Green

  3. #3
    mallen324 NNTP User

    Default Re: Samba - have authentication ignore client's domain?

    Thanks for the response. When I type the command /usr/sbin/smbd -V, I get this output:

    Version 3.2.7-11.3.2-2154-SUSE-CODE11

    So I guess that answers that, as far as the PDC, I believe that there's a separate WindowsNT PDC. I am assuming that because this is a large University, and faculty and staff log into XP machines with there NT credentials.

    I appreciate any suggestions, let me know if there's any other info that would help.

    Thanks,
    -Mark

  4. #4
    PV NNTP User

    Default Re: Samba - have authentication ignore client's domain?

    On Wed July 29 2009 11:46 am, mallen324 wrote:

    >
    > Thanks for the response. When I type the command /usr/sbin/smbd -V, I
    > get this output:
    >
    > Version 3.2.7-11.3.2-2154-SUSE-CODE11
    >
    > So I guess that answers that, as far as the PDC, I believe that there's
    > a separate WindowsNT PDC. I am assuming that because this is a large
    > University, and faculty and staff log into XP machines with there NT
    > credentials.
    >
    > I appreciate any suggestions, let me know if there's any other info
    > that would help.
    >
    > Thanks,
    > -Mark
    >
    >

    Mark;
    Is this the same version that is running on "server1"? Sometime around
    version 3.0.25, Samba started requiring domain specification for at least
    some purposes. I'm thinking you may be seeing the new behavior of Samba, but
    I'm not positive of this. If "server1" is also running 3.2 then this is all
    nonsense. I think you could resolve this for certain by posting on the Samba
    list.

    Note: 3.2.0 was first released about a year ago, there was never a 3.1.x
    release. The Samba team went directly from 3.0 to 3.2.
    --
    P. V.
    "We're all in this together, I'm pulling for you." Red Green

  5. #5
    mallen324 NNTP User

    Default Re: Samba - have authentication ignore client's domain?

    Quote Originally Posted by PV View Post
    Mark;
    Is this the same version that is running on "server1"? Sometime around
    version 3.0.25, Samba started requiring domain specification for at least
    some purposes. I'm thinking you may be seeing the new behavior of Samba, but
    I'm not positive of this. If "server1" is also running 3.2 then this is all
    nonsense. I think you could resolve this for certain by posting on the Samba
    list.

    Note: 3.2.0 was first released about a year ago, there was never a 3.1.x
    release. The Samba team went directly from 3.0 to 3.2.
    --
    P. V.
    "We're all in this together, I'm pulling for you." Red Green

    I just checked Server1, and its Samba version is 3.0.24... So you might have just diagnosed my problem. I think I would post this on the Samba list, but I am not sure what you mean by that, is it a different forum site, or just a different section on these forums?

    Either way, thank you for your help so far, PV, you've helped a lot so far.


    Thanks,
    -Mark

  6. #6
    mallen324 NNTP User

    Default Re: Samba - have authentication ignore client's domain?

    (I tried editing my message to include this, but it was after the ten minute period allowed to edit)

    Is there a way to edit the config file so that Server2 assumes that the client machine is on the same domain? The only way to connect is through the wired network, and the only on domain on campus, however, there are multiple workgroups.

    Thanks,
    -Mark

  7. #7
    PV NNTP User

    Default Re: Samba - have authentication ignore client's domain?

    On Thu July 30 2009 08:26 am, mallen324 wrote:

    >
    > PV;2019286 Wrote:
    >>
    >> Mark;

    <snip>
    >>
    >> Note: 3.2.0 was first released about a year ago, there was never a
    >> 3.1.x
    >> release. The Samba team went directly from 3.0 to 3.2.
    >> --
    >> P. V.
    >> "We're all in this together, I'm pulling for you." Red Green

    >
    >
    > I just checked Server1, and its Samba version is 3.0.24... So you might
    > have just diagnosed my problem. I think I would post this on the Samba
    > list, but I am not sure what you mean by that, is it a different forum
    > site, or just a different section on these forums?
    >
    > Either way, thank you for your help so far, PV, you've helped a lot so
    > far.
    >
    >
    > Thanks,
    > -Mark
    >
    >

    Is there a way to edit the config file so that Server2 assumes that the
    client machine is on the same domain? The only way to connect is through
    the wired network, and the only on domain on campus, however, there are
    multiple workgroups.
    ----------
    Mark;

    The Samba list is a list serve on:
    www.samba.org
    This will give their web site, here you will find a link to the lists. This
    is a subscribed list serve, you will want to join the vanilla "Samba" list
    for "General Information".

    As far as I know, there is no way to make smbd believe that a client is in the
    domain, unless they are.

    --
    P. V.
    "We're all in this together, I'm pulling for you." Red Green

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •