Re: [Samba] samba 3.0.11, security=server and smbpasswd as fallback not working
Gerald (Jerry) Carter wrote: Ralf Gross wrote: | Hi, | | with samba 2.2.12 a user was able to connect to a share with his local | smbpasswd if he had no user on the password server. I updated the samba | server to 3.0.11 and this is not working anymore. I kept the config files | and the smbpasswd file. The smb.conf man page describes old behavior, but | if the password server rejects the password the connection gets | terminated with NT_STATUS_LOGON_FAILURE. Fallover to the next auth method only occurs when the current auth method (e.g. the remote server) returns NT_STATUS_NOT_IMPLEMENTED I think. This is by design. This was changed in samba 3.x? You'll have better luck setting 'auth methods = guest sam_ignoredomain smbserver' But I rarely ever recommend setting the 'auth methods' parameter. So keep that in mind. Great, now it seems to work as before! This will authenticate first against the smbpasswd and the fall over to server authentication if the user is not listed in the smbpasswd file. I need the fallback to smbpasswd because we have some users that have no domain account (students, doctorands...). With the fallback I can give them a local account/password and access to shares. Last recommendation, you should really explore security = domain. security = server has been deprecated. I would love to do this. Unfortunately samba server are not allowed to join the domain, only window servers are allowed to be member of the domain. This is just a workgroup server, which is in a separate workgroup with a couple of linux machines. Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3.0.11, security=server and smbpasswd as fallback not working
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ralf Gross wrote: | Fallover to the next auth method only occurs when the current | auth method (e.g. the remote server) returns | NT_STATUS_NOT_IMPLEMENTED I think. This is by design. | | This was changed in samba 3.x? This is how Samba 3.0 has always acted. | Last recommendation, you should really explore security = domain. | security = server has been deprecated. | | I would love to do this. Unfortunately samba server | are not allowed to join the domain, only window servers are | allowed to be member of the domain. This is just a workgroup | server, which is in a separate workgroup with a | couple of linux machines. If I were you, I would push for justification of this policy. It makes no senses and causes nothing but trouble. Your windows admins don't have to support the Samba box, just let it join the domain. /me grumbles about stupid IT decisions. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCCf4qIR7qMdg1EfYRAvkeAJ9xWXKM5drMHZsa0atqzSzYFNV5UACg8KCE f+GyrcKKOrhG/69oM+vnqwg= =Iwfh -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba 3.0.11, security=server and smbpasswd as fallback not working
Hi, with samba 2.2.12 a user was able to connect to a share with his local smbpasswd if he had no user on the password server. I updated the samba server to 3.0.11 and this is not working anymore. I kept the config files and the smbpasswd file. The smb.conf man page describes old behavior, but if the password server rejects the password the connection gets terminated with NT_STATUS_LOGON_FAILURE. Is there anything I have to change in the config? The smb.conf is an old version from the beginning of samba 2.x, but it worked fine until now. Any ideas? Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3.0.11, security=server and smbpasswd as fallback not working
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ralf Gross wrote: | Hi, | | with samba 2.2.12 a user was able to connect to a share with his local | smbpasswd if he had no user on the password server. I updated the samba | server | to 3.0.11 and this is not working anymore. I kept the config files and the | smbpasswd file. The smb.conf man page describes old behavior, but if the | password server rejects the password the connection gets terminated | with NT_STATUS_LOGON_FAILURE. Fallover to the next auth method only occurs when the current auth method (e.g. the remote server) returns NT_STATUS_NOT_IMPLEMENTED I think. This is by design. You'll have better luck setting 'auth methods = guest sam_ignoredomain smbserver' But I rarely ever recommend setting the 'auth methods' parameter. So keep that in mind. This will authenticate first against the smbpasswd and the fall over to server authentication if the user is not listed in the smbpasswd file. Last recommendation, you should really explore security = domain. security = server has been deprecated. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCCTKxIR7qMdg1EfYRArwHAKCc1pRxuELCCkTbyJHhiAPRnB5aBACdEUYH DodgGGckT0AirH0CQeclZB8= =EuEP -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
