On Thu, Sep 29, 2005 at 12:30:35PM -0600, Ric Tibbetts wrote: > If I understand the process correctly: > > User on Windows XP box makes a request to the Samba server. > The windows box passes the username/password pair to the Samba server. > The Samba server checks that the user exists on the unix box, and > (following the "password server = xxx.xxx.xxx.xxx" parameter in > smb.conf) verifies the username/password from the Windows Domain > Controller (specified in the "password server = " parameter). > If the username/password do not exist on the specified password > server, samba checks the smbpasswd file. > Once the username/password is validated, the samba server will pass the > share. > > Is the above a fair breakdown, in a very simple implementation?
Close. The Samba server sends a challenge to the client on initial connect, the client replies on sessionsetup (user logon) with a username and a cryptographic reply to the challenge based on the users hashed password. Now Samba has to authenticate that reply somehow. It can't use unix passwords as the hashes aren't the same. To do it locally it can use smbpassword (or a local tdb or an ldap based SAM). To do this remotely against a Windows DC the Samba server have to be set up as a member of the domain served by the Windows PDC. That's where the net XXX (ads or rpc) join comes in. Once the authentication passes the the Samba server needs to look up a UNIX user that will represent the logging in client on this box - that's where you have either local unix users in /etc/passwd or use winbindd to have remote domain users appear as local unix users. Hope this helps, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba