"Pete Clapham" <peteclap...@sbcglobal.net> wrote in message news:850942.27310...@web80503.mail.mud.yahoo.com... >Hi -- >I am trying to set up an additional domain server (not >PDC or BDC), so that students can get to the material >on the server. When I type "net use w: >\\water\archive" (where water is the domain server and >archive is a share), I invariably get the message that I >need to input a user ID and password. If I put in my >own ID/Password for the server (even though it's >identical with the ID/password on the PDC) it goes >through fine. However, if I am logged on to the network >as another user and put in his/her ID/Password it doesn't >work.
>My User ID/Password are the only combination on both >the PDC and the additional server. If I try to log onto >the additional server with a User ID/Password that's >valid on the domain it doesn't work; If I try to log onto >the additional server with a User ID/Password that's >valid on the additional server it doesn't work. It would >seem that SAMBA is looking at the Unix ID/Password >on the PDC and the SMBPasswd on the additional >so far that's mine. >Does this make sense to anybody? And what do I need >to do? I do have authentication set on the Additional >Domain server to DOMAIN. Doesn't this mean that >SAMBA should be reading both the Unix and >SMBPasswd files on the PDC? Perhaps I can shed some light on this. Samba runs as a service on a Linux box. In this way it is different from Windows which is the underlying operating system. For a user to access a Linux machine and its services, he must have a username and password on that machine. One option is to use the /etc/passwd file and another is to use LDAP. Either way, the Linux box will have to authenticate the user before he can access the box or its services. Samba gets around this by mapping the Samba account to the underlying Linux account. When you create a Samba user, the corresponding Linux account is created with the same name. If LDAP is not being used, the user exists in the smbpasswd and passwd files. If LDAP is being used, the Samba and Linux account information are both stored in a single LDAP record. This is easy to understand on a PDC since Samba creates both accounts on the machine. If you want to access an additional Linux machine, you must add the users to the file/database against which the machine is authenticating users. If you are using LDAP it is easy. Simply configure the additional machine to authenticate users against the same LDAP directory that the PDC uses. As far as the Linux box is concerned, the user is authorized for access since his account can be authenticated against a user/password source. If LDAP is not being used, one needs to find a way to automatically add the users to the additional Linux box. One can create add user scripts to achieve this. Chapter 7 of Samba by Example explains your options. Read the entire chapter. Pay special attention to the section entitled "NT4/Samba Domain with Samba Domain Member Server without NSS Support" It explains how the add user script automatically creates the Linux user acccounts when the users try to gain access to the additional machine. "The following steps may be followed to implement Samba with support for local accounts. In this configuration Samba is made a domain member server. All incoming connections to the Samba server will cause the look-up of the incoming username. If the account is found, it is used. If the account is not found, one will be automatically created on the local machine so that it can then be used for all access controls. " We used this approach in the Samba 2.x days when LDAP support was not as extensive as it is today. I would recommend using LDAP for authenticating against multiple Samba servers. It is a much cleaner solution since only a single username/password source is required. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba