Craig White wrote: > On Fri, 2008-10-03 at 18:22 -0700, Eric Shubert wrote: >> Craig White wrote: >>> On Fri, 2008-10-03 at 15:48 -0700, Eric Shubert wrote: >>>> Craig White wrote: >>>>>>> Are you saying this operational configuration is not possible or just >>>>>>> a bad idea? >>>>>> Sounds like it'd be possible using Share-Level Security "security = >>>>>> share". >>>>>> See >>>>>> http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ServerType.html#id2552417 >>>>>> >>>>> ---- >>>>> NO - don't use security = share >>>>> >>>>> Craig >>>>> >>>> I don't think would, Craig. >>>> >>>> Question though, is how does one use samba authentication (aka standalone >>>> server with separate authentication) while already logged into a windoze >>>> domain? >>> ---- >>> Yes, Windows domain authentication is designed to give a single-sign-on >>> authentication method and if the samba server is not connected to the >>> domain either via security = [server | ads ] or via winbind, it's going >>> to be a bit confused of a setup. >>> >>> If the samba server is not joined to the domain, then I would set the >>> workgroup of that samba server to something other than the Windows >>> domain and set security = user and then each user would have to >>> authenticate to it separately as the domain credentials would be >>> meaningless. Sort of like having a Windows XP Home system which is also >>> not capable of participating in a Windows Domain security model. >>> >>> I have on occasion resorted to stupid dos command line scripts to >>> connect Windows XP Home systems like this (from memory, please verify) >>> >>> net use f: \\SERVER_NAME\SHARE /USER:SAMBA_USER_NAME >>> >>> and it will prompt for the password and that script can be put into >>> 'Startup' to execute on login. >>> >>> Also, managing users/groups separately is another burden as now you >>> would have at least two places to maintain when adding/deleting users >>> and groups. >>> >>> Craig >>> >> I suspect for this scenario you'd also want to use >> domain master = no >> domain logons = no >> in the configuration, yes? > ---- > domain logons = no is the default but if you are wanting to override to > be certain then sure but there are tons of settings that revert to > default if not explicitly stated. You can view them by doing 'testparm > -s' and then 'testparm -s -v' and diff'ing the results. > > if domain logons = no then the 'domain master' setting is meaningless > (default is auto) > > I don't think that setting these values explicitly as indicated above > would matter > > Craig >
Thanks for the clarification. -- -Eric 'shubes' --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
