On Mon, 12 Mar 2001, Simon Bryan wrote:
> Hi,
> I am working with a package called AUC to setup our intranet on the school
> network. All is good at the moment, except I want to be able to give access
> to the home directories on an NT share using Samba. I can do this by
> mounting the share at an appropriate point on the Linux server. However
> this seems to bypass all security, I have struggled with Samba/NT users,
> mapping etc, but never seem to get it right. Can anyone tell me how to do
> this? ie have Samba use the credentials of the logged in user on either the
> NT box or AUC (which is a linux box and should be identical) instead of
> apparently carrying out all operations as root (which is mapped to
> administrator on the NT box).
It's not very clear from the test above what you want, but hey life is a
learning experience.
I _think_ we do at work what do are describing here. I know that we have
the samba boxen taken the user authentication off the NT PDC. Hence, if
you log onto windows as 'mikal', then when you map a network drive from
\\myunixbox then it will be as the user 'mikal'. The samba server also
uses the passwords from the PDC, so that I only have to enter my password
at logon.
This sort of authentication is called domain, and you have to define the
PDC in your config file. I haven't got an example handy, but check through
the samba docs on domain authentication and you should be fine.
On a side note, you can also have all user logons authenticated against
the PDC. For instance I telnet to myunixhost, and my login would be mikal
with the PDC password, despite the fact that the use mikal doesn't exist
on that machine. All you need is an OS that supports PAM (Linux and
Solaris for instance), and the samba PAM code.
Cheers,
Mikal
--
Michael Still ([EMAIL PROTECTED])
- Panda PDF Generation Library
(http://www.stillhq.com/cgi-bin/getpage?area=panda&page=index.htm)
- PandaLex PDF Parsing Library
(http://www.stillhq.com/cgi-bin/getpage?area=pandalex&page=index.htm)
- PandaScript PDF Scripting Interface
(http://www.stillhq.com/cgi-bin/getpage?area=pandascript&page=index.htm)
- GPG Public Key at http://www.stillhq.com/mikal.asc and on pgp.net keyservers
"To read makes our speaking english good" -- Xander, Buffy the Vampire Slayer in "I
Robot, You Jane"
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
