Hello- i have a difficult problem and need to solve it (hopefully) before next week when classes start over here. i looked around the lists and couldn't find anything similar to what we're doing. perhaps you can help.
our plan in the school of engineering is to let users authenticate with their uci.edu accounts to our school systems on solaris and win2k. we're using pam_krb5 + nis and we're creating accounts with the same names in nis and AD. in AD the accounts have the name mapping setup so that when the user logs in to the win2k workstation, they get their domain credentials for the AD domain account (hssoe.uci.edu). the password of the win2k domain account is random and unknown to the user. (this is like MIT) we want to map the user's unix home dir to the U: drive on the win2k workstations at logon and have samba authenticate off the AD PDC without prompting them for their password. we'd also like to use Group Policy to redirect their My Documents, Desktop and Application Data folders to their home dir\$var (afaik, when redirected automatically via GPO, there's no way for the system to prompt the user for a password). this whole setup worked fine with 'security = server' when the kerberos password and the AD password where the same. well, we thought, maybe the samba server has to be a member of the domain to understand the credentials the workstation is presenting when trying to map \\sambaserver\%username%. so we added the samba server to the domain, but that didn't help. the next possible solution was to setup samba with 'security = user', 'encrypt passwords = no' and enable clear-text passwords on the workstations. that seems to still prompt the user for the password. how can we solve this? shouldn't the samba server in 'security = server' or 'security = domain' be able to use the credentials obtained by the workstation from the AD/PDC at logon? do we need something special in the protocol level? what am i missing here? thanks, Donald Saltarelli The Henry Samueli School of Engineering -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba