i'm not sure if you have done this yet, but i had problems with it when i was attemting something similar, did you add the computer as a user? its something weird, and they explain how to do it in chapter 8 i think of the samba HOWTO.
Josef > Thanks to Jon for his response. > Troubles remain... > > My distribution is Redhat 7.3 with smbd version 2.2.3a > I now have security=server set in the smb.conf on 2 of my Linux servers. > These point at my third Linux server which is set with security=user. > Other settings are listed at the bottom of this message. No Win2K or NT > servers are members of this workgroup. User PC's are running Win2K Pro > and are members of another domain. > > I am able to browse, map drives and manipulate files using shares of all > 3 Linux servers. My user ID and password stored on the 'security=user' > server happen to be the same as the user ID and password I use to > access the company domain. > > Problem: When I try to map drives to Linux SMB shares using the > credentials of another user (other than what I used when I logged into > my Win2K PC in the company domain) the mapping fails. Here is an > example. > > ============================================================= > D:\>net use * \\IP_address_of_target\testuser /u:testuser > The password or user name is invalid for > \\IP_address_of_target\testuser. > > Type the password for \\IP_address_of_target\testuser: > System error 1326 has occurred. > > Logon failure: unknown user name or bad password. > > I have verified that the user id and password are correct and I have > updated the smbpasswd file using the same shell script used for my > working account. > It seems to me that the credentials used for my company domain should > have nothing to do with authentication on my Linux servers - the fact > that the same strings are used is coincidence. > Still, this is the only account that can browse and map drives both in > the company domain and the Linux server workgroup. > Am I wrong ? Is there something else going on ? > > Ryan > > > # Global parameters > [global] > workgroup = PILOT > netbios name = PILOT1 > server string = Dell 8450 Redhat 7.3 > interfaces = eth2 > encrypt passwords = Yes > obey pam restrictions = Yes > pam password change = Yes > passwd program = /usr/bin/passwd %u > passwd chat = *New*password* %n\n *Retype*new*password* %n\n > *passwd:*all*authentication*tokens*updated*successfully* > unix password sync = Yes > log file = /var/log/samba/%m.log > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > preferred master = True > dns proxy = No > hosts allow = (x.x.x. my RFC 1918 subnet here) > printing = lprng > > [homes] > comment = Home Directories > valid users = %S > read only = No > create mask = 0664 > directory mask = 0775 > > [printers] > comment = All Printers > path = /var/spool/samba > printable = Yes > browseable = No > > [additional shares have been sanitized] > > > > > > There are few reason not to add the servers to your present network. > > You have an existing PDC on your subnet (even though its a windows > server...) - point your samba server to that for authentication. You can > use either server authentication or domain authentication. If you use > server authentication then point to either a PDC or a BDC. > > Please note that if you use server, it will authenticate each and every > file access, while if you choose domain, it will cache the > authentication for a period or time. > > If you choose to Authenticate to a local samba server then you have > quite a bit of work ahead for yourself - but I'm sure you already know > that. > > In any case you will have to setup local users/groups on each server > (though Samba lets you create these automagically on authenticated > access). > > Browseability of the servers should be easy enough. You can use either > WINS or DNS (Win2k pro has the ability to use DNS for its browseable > base). > > At my former company I authenticated using all of the above methods with > no difficulties. Good Luck in your quest. BTW: what distribution are > you using? and what version of Samba? > > Jon Carnes > > On Tue, 2002-09-24 at 17:45, Ryan Leathers wrote: > > I'm migrating services from Win2k to Linux. The majority of my end > > users are sticking with windows on their desktop PC's. > > I am in need of some sound advice in handling authentication of users > > who "browse" SMB shares on Linux servers. > > > > In my pilot, I have 3 Linux servers running SMB. They are part of the > > same workgroup/domain. I am compelled to leave the existing domain > > alone and build this new workgroup during the pilot. I suppose it's > > most correct to call it a workgroup since there are no NT or Win2k > hosts > > (no domain controllers). > > Authentication is being handled per user. End users have Win2k Pro on > > their PC's and are generally logged in as members of another domain. > My > > problems are: synchronization of credentials, visibility of Linux SMB > > shares in browse lists on the Win2k hosts. > > > > My current plan: configure the Linux servers to point to one place for > > credentials. I will still have a credential conflict since users are > > members of a domain and a workgroup. They want to use a single set of > > uid/passwd for both. By setting the security=server option and > picking > > one of the Linux servers to be that server I hope to simplify my life. > > At least this way the credentials will be consistent for all shares on > > the Linux servers. To aid in my quest for "browsability" I plan on > > making the authentication server handle WINS chores and point the > others > > at it. > > > > Any thoughts ? > > > > Ryan > > -----Original Message----- > > From: Jon Carnes [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, September 24, 2002 7:53 AM > > To: [EMAIL PROTECTED] > > Subject: Re: [TriLUG] Suse releases exchange server clone ($999) no > > client licenses > > > > It's also worthy to note that this is now the cheapest drop-in > > replacement for an Exchange server. It's 40% cheaper than the previous > > Linux solution. This may not be a mile-stone for Open Source, but it > is > > certainly one for the evolution of Linux in the workplace. > > > > Migrating folks off of proprietary MS solutions is made difficult by > > their dependence on Exchange. If you remove the Exchange dependency > then > > you break the strongest lock that MS has on small and medium sized > > businesses. > > > > Also, this adds more competition into that market - which drops prices > > and encourages better more responsive programming and services. It's > a > > big deal for Linux to have these solutions available and actively > being > > developed. It's also a big deal to contractors (like me) who setup > Linux > > based services for folks - or even help them migrate off of MS > products > > over to cheaper Linux based solutions. > > > > The next nice thing will be when LDAP (or some Directory Services) is > > fully functional and supported with easy installations and > > administration. > > > > Jon Carnes > > > > On Tue, 2002-09-24 at 08:43, Ben Pitzer wrote: > > > Can this group ever get past the flame-bait distro bashing? C'mon, > > > folks, whatever your personal preference, other distros have > redeeming > > > qualities, too. And while the Skyrix portion of this product may be > > > closed source, it may be exactly what somebody needs to start to > move > > > towards Linux and an open source, non-Exchange clone groupware > > platform. > > > > > > Regards, > > > Ben Pitzer > > > > > > PS - Sorry to pick on you, Tom. Nothing personal. I've seen it, > and > > > thought about it before, and your post just reminded me that I > wanted > > to > > > say something. > > > > > > > I looked at this product before they released, and the important > > pieces > > > > (Skyrix) are closed source, in typical SuSE fashion. > > > > > > _______________________________________________ > > > TriLUG mailing list > > > http://www.trilug.org/mailman/listinfo/trilug > > > TriLUG Organizational FAQ: > > > http://www.trilug.org/~lovelace/faq/TriLUG-faq.html > > > > > > _______________________________________________ > > TriLUG mailing list > > http://www.trilug.org/mailman/listinfo/trilug > > TriLUG Organizational FAQ: > > http://www.trilug.org/~lovelace/faq/TriLUG-faq.html > > > _______________________________________________ > TriLUG mailing list > http://www.trilug.org/mailman/listinfo/trilug > TriLUG Organizational FAQ: > http://www.trilug.org/~lovelace/faq/TriLUG-faq.html > _______________________________________________ TriLUG mailing list http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ: http://www.trilug.org/~lovelace/faq/TriLUG-faq.html
