James: (Again someone correct me if I'm wrong)
PAM allows local access to the Samba machine as well as authenticating Samba users. Winbind *only* allows for Samba access. This is why I chose *not* to use PAM in my setup. I don't want normal users to have local logon access to *MY* servers. <evil grin> With Winbind, you don't need PAM at all. If you're planning on using PAM you *will* have to have local Unix accounts. These local accounts can be generated using both Winbind and PAM together, but it's a process that I don't remember right now. At any rate, I don't think you're going to be able to achieve what your after. I think it'll be a one or the other kinda thing - either adding the machine to the domain, or adding local user accounts. Kevin > -----Original Message----- > From: James Lamanna [mailto:jamesl@;appliedminds.net] > Sent: Thursday, November 07, 2002 4:55 PM > To: 'Collins, Kevin' > Cc: [EMAIL PROTECTED] > Subject: RE: [Samba] Problems authentication with NT PDCs in > security = > server (was security = user) > > > The interesting part is that PAM nor the SMB auth plugin for Apache > requires you to be a member of the domain. > > However, the caveat with pam_smb_auth is that you have to have a unix > account for every windows user you want to authenticate. > > I guess the behavior I'm trying to achieve is the one > achieved with the > Apache plugin: > 1) Doesn't require you to be a member of the domain > 2) Doesn't require unix accounts for windows users. > > --James > > -----Original Message----- > From: Collins, Kevin [mailto:KCollins@;nesbittengineering.com] > Sent: Thursday, November 07, 2002 1:50 PM > To: 'James Lamanna'; Collins, Kevin > Subject: RE: [Samba] Problems authentication with NT PDCs in > security = > server (was security = user) > > > James: > > My best guess (someone correct me if I'm wrong) is that you'll need to > have the Samba machine as a member of the NT/2000 domain before it can > authenticate against it. > > This is a Windows issue - and it's by design. Adding a machine to the > domain creates the machine trust. The NT/2000 DCs will only > share user > account info with other members (or machines that it trusts). > I have a > Windows 2000 laptop that I keep in "Workgroup" mode. I can't retrieve > *any* info about the domain computers or the Domain itself > while in this > mode. > > Other than adding the machine to the domain, you're probably stuck > adding Unix users - and keeping up with password changes. > > Kevin > > > -----Original Message----- > > From: James Lamanna [mailto:jamesl@;appliedminds.net] > > Sent: Thursday, November 07, 2002 4:40 PM > > To: 'Collins, Kevin' > > Subject: RE: [Samba] Problems authentication with NT PDCs in > > security = > > server (was sercurity = user) > > > > > > Well as you can see, I'm getting a funky error when I try to do it > > anyways. > > > > And I don't know if the Windows Box administrator will give me > > permission. > > > > > > -----Original Message----- > > From: Collins, Kevin [mailto:KCollins@;nesbittengineering.com] > > Sent: Thursday, November 07, 2002 1:24 PM > > To: 'James Lamanna'; [EMAIL PROTECTED] > > Subject: RE: [Samba] Problems authentication with NT PDCs in > > security = > > server (was sercurity = user) > > > > > > > Is it possible to get samba to authenticate from the > Domain without > > > adding a machine account to the domain (using smbpasswd -j ...) > > > > I've always had to add the machine to the domain. Any > reason why you > > *don't* want to? > > > > Kevin C. > > > > > Also, when I tried to add the machine to the domain anyways, I > > > received an interesting error: > > > "Set net rpc join for this functionality" > > > > > > Thanks. > > > --James > > > > > > -- > > > To unsubscribe from this list go to the following URL and read the > > > instructions: http://lists.samba.org/mailman/listinfo/samba > > > > > >
smime.p7s
Description: application/pkcs7-signature
