Samba - have authentication ignore client's domain?

Hello,

I’ve tried googling this for hours, so I figured I filled the
prerequisite to post and ask for help. Anyways…

At work, we have a samba file server, let’s call it “server1”. Well,
it’s getting old and filled up, so I was put on the task of making
“server2”. Everything’s going well, got the RAID set up, along with
the OS (Linux Mint - a flavor of OpenSUSE, I believe).

The security on the smb.conf file is set to domain (on server1 and
server2) However, when connecting to Server1 on an XP machine that is
not on MY_NTDomain, it accepts the username without the user having to
type in “MY_NTDomain/username” in the username box. Server2 has the
(nearly) the same smb.conf file but does require the user to type in
“MY_NTDomain/username” if the machine is not on the domain.

I did not set up Server1, so I have no idea how the creator got domain
security to ignore the client’s domain (I’m pretty new to Linux).

Here’s my smb.conf file if it helps:

++++++++++++++++++++++++++++++++++++++++++++++++++++
++++++++++++++++++++++++++++++++++++++++++++++++++++

[global]
workgroup = MY_NTDOMAIN
netbios name = server2

username map = /etc/samba/user.map

server string = %h

wins support = no
wins server = 164.76.7.35

dns proxy = no

log file = /var/log/samba/log.%m
max log size = 1000

syslog = 0

panic action = /usr/share/samba/panic-action %d

####### Authentication #######

security = domain

encrypt passwords = yes

passdb backend = tdbsam

obey pam restrictions = yes

invalid users = root

passwd program = /usr/bin/passwd %u
passwd chat = Enter\snew\sUNIX\spassword: %n

Retype\snew\sUNIX\spassword: %n
password\supdated\ssuccessfully
.

############ Misc ############

socket options = TCP_NODELAY

domain master = no

#======================= Share Definitions =======================

[cot_tech]
path = /media/disk/
writable = yes
create mask = 0755
directory mask = 0755

++++++++++++++++++++++++++++++++++++++++++++++++++++
++++++++++++++++++++++++++++++++++++++++++++++++++++

I know it seems kind of odd that I have domain security going on, yet
am trying to get around that, but any help would be greatly
appreciated… If it’s another file I need to look at / compare to
Server1’s, let me know. I checked the Samba file in the PAM.d
directory, and I don’t think it’s to do with that.

Thanks in advance.
-Mark

On Mon July 27 2009 12:56 pm, mallen324 wrote:

>
> Hello,
>
> I’ve tried googling this for hours, so I figured I filled the
> prerequisite to post and ask for help. Anyways…
>
> At work, we have a samba file server, let’s call it “server1”. Well,
> it’s getting old and filled up, so I was put on the task of making
> “server2”. Everything’s going well, got the RAID set up, along with
> the OS (Linux Mint - a flavor of OpenSUSE, I believe).
>
> The security on the smb.conf file is set to domain (on server1 and
> server2) However, when connecting to Server1 on an XP machine that is
> not on MY_NTDomain, it accepts the username without the user having to
> type in “MY_NTDomain/username” in the username box. Server2 has the
> (nearly) the same smb.conf file but does require the user to type in
> “MY_NTDomain/username” if the machine is not on the domain.
>
> I did not set up Server1, so I have no idea how the creator got domain
> security to ignore the client’s domain (I’m pretty new to Linux).
>
> Here’s my smb.conf file if it helps:
>
> ++++++++++++++++++++++++++++++++++++++++++++++++++++
> ++++++++++++++++++++++++++++++++++++++++++++++++++++
<snip>
mallen324;

Can you post a bit more information please?

1. What version of Samba is running on Server1 & Server2?

smbd -V

2. Is Server1 the PDC or is there a WindowsNT PDC with Server[1,2] just
   member servers? (or perhaps no PDC ?)

–
P. V.
“We’re all in this together, I’m pulling for you.” Red Green

Thanks for the response. When I type the command /usr/sbin/smbd -V, I get this output:

Version 3.2.7-11.3.2-2154-SUSE-CODE11

So I guess that answers that, as far as the PDC, I believe that there’s a separate WindowsNT PDC. I am assuming that because this is a large University, and faculty and staff log into XP machines with there NT credentials.

I appreciate any suggestions, let me know if there’s any other info that would help.

Thanks,
-Mark

On Wed July 29 2009 11:46 am, mallen324 wrote:

>
> Thanks for the response. When I type the command /usr/sbin/smbd -V, I
> get this output:
>
> Version 3.2.7-11.3.2-2154-SUSE-CODE11
>
> So I guess that answers that, as far as the PDC, I believe that there’s
> a separate WindowsNT PDC. I am assuming that because this is a large
> University, and faculty and staff log into XP machines with there NT
> credentials.
>
> I appreciate any suggestions, let me know if there’s any other info
> that would help.
>
> Thanks,
> -Mark
>
>
Mark;
Is this the same version that is running on “server1”? Sometime around
version 3.0.25, Samba started requiring domain specification for at least
some purposes. I’m thinking you may be seeing the new behavior of Samba, but
I’m not positive of this. If “server1” is also running 3.2 then this is all
nonsense. I think you could resolve this for certain by posting on the Samba
list.

Note: 3.2.0 was first released about a year ago, there was never a 3.1.x
release. The Samba team went directly from 3.0 to 3.2.

P. V.
“We’re all in this together, I’m pulling for you.” Red Green

I just checked Server1, and its Samba version is 3.0.24… So you might have just diagnosed my problem. I think I would post this on the Samba list, but I am not sure what you mean by that, is it a different forum site, or just a different section on these forums?

Either way, thank you for your help so far, PV, you’ve helped a lot so far.

Thanks,
-Mark

(I tried editing my message to include this, but it was after the ten minute period allowed to edit)

Is there a way to edit the config file so that Server2 assumes that the client machine is on the same domain? The only way to connect is through the wired network, and the only on domain on campus, however, there are multiple workgroups.

Thanks,
-Mark

On Thu July 30 2009 08:26 am, mallen324 wrote:

>
> PV;2019286 Wrote:
>>
>> Mark;
<snip>
>>
>> Note: 3.2.0 was first released about a year ago, there was never a
>> 3.1.x
>> release. The Samba team went directly from 3.0 to 3.2.
>> –
>> P. V.
>> “We’re all in this together, I’m pulling for you.” Red Green
>
>
> I just checked Server1, and its Samba version is 3.0.24… So you might
> have just diagnosed my problem. I think I would post this on the Samba
> list, but I am not sure what you mean by that, is it a different forum
> site, or just a different section on these forums?
>
> Either way, thank you for your help so far, PV, you’ve helped a lot so
> far.
>
>
> Thanks,
> -Mark
>
>

Is there a way to edit the config file so that Server2 assumes that the
client machine is on the same domain? The only way to connect is through
the wired network, and the only on domain on campus, however, there are
multiple workgroups.

Mark;

The Samba list is a list serve on:

This will give their web site, here you will find a link to the lists. This
is a subscribed list serve, you will want to join the vanilla “Samba” list
for “General Information”.

As far as I know, there is no way to make smbd believe that a client is in the
domain, unless they are.

–
P. V.
“We’re all in this together, I’m pulling for you.” Red Green