samba and NT

Craig White CraigWhite@AzApple.com
Fri, 19 May 2000 15:02:49 -0700 

yup - I can't tell the difference in browse lists - as long as the Win2k
system is PDC (actually, with 'active directory' there isn't really a
designation like PDC/BDC)...

again the info that I had in earlier message seems to be the trick...

I have a 'machine account' for the netbios name of the samba computer on the
domain controller.
I have a 'machine account' for the netbios name of the domain contoller as
samba user.

and I have samba set up to verify users against the domain controller.

perfect setup to leave the security aspects in the hands of Microsoft so I
really can't monitor violations. It does however keep the number of
complaints down from the clients since there's little to document security
violations.

the biggest problem that I have with win2k playing nicely is that MS DNS is
either poorly behaved or not easily enough for dummies like me to
understand. If I make the MS DNS the primary and the DNS on linux a slave
(and accept updates from the Windows master), then it all behaves reasonably
well but that's not the way I feel most comfortable setting it up. So for
time being, I tolerate stupid syslog errors where some updates from the
Win2k computer are rejected on the linux box and the win2k even log moans
about dynamic updates. It's not possible to use win2k active directory
without DNS (at least as far as I can tell).

----:----|----:----|----:----|----:----|----:----|----:----|
- Craig White - PO Box 8634 - Scottsdale, Arizona - 85252
- e-mail address ................ - CraigWhite@AzApple.com
- world wide web address ........ - http://www.AzApple.com
- e-mail my pager address ....... - 6023779752@airtouch.net
- cellular phone ................ - (602) 377-9752
- voice/facsimile ............... - (480) 945-8445
----:----|----:----|----:----|----:----|----:----|----:----|

> -----Original Message-----
> From: plug-discuss-admin@lists.plug.phoenix.az.us
> [mailto:plug-discuss-admin@lists.plug.phoenix.az.us]On Behalf Of Joel
> Hanger
> Sent: Friday, May 19, 2000 1:46 PM
> To: plug-discuss@lists.plug.phoenix.az.us
> Subject: RE: samba and NT
>
>
> Has anyone had success in integrating win2k with samba? As far as I know
> Samba doesn't support browsing user lists and I have a 2000 computer set
> up haven't had any success in integrating the two...
>
> Thanks,
>   Joel
>
> -----Original Message-----
> From: plug-discuss-admin@lists.PLUG.phoenix.az.us
> [mailto:plug-discuss-admin@lists.PLUG.phoenix.az.us]On Behalf Of Craig
> White
> Sent: Friday, May 19, 2000 1:40 PM
> To: plug-discuss@lists.PLUG.phoenix.az.us
> Subject: RE: samba and NT
>
>
> When I have a Windows NT Domain controller on the network...
>
> My smb.conf has...
>
> security = domain
> password server = FRED #netbios name of NT Domain controller
> wins support = no
> domain logons = no
> workgroup = WORKGROUP #whatever the name of the domain is
> netbios name = BARNEY
> OS level = 20
> domain master = no
> preferred master = no
> encrypted passwords = yes
>
>
> You MUST have an account for "BARNEY" (the netbios name of your Samba
> computer) whatever it is. I would suggest that you make it a 'trusted
> machine' account instead of a user account. This setup would allow two way
> access with the samba server and its shares and use the NT domain
> controller
> to approve / disapprove.
>
> Note - this works well as long as the NT Domain controller is on the same
> subnet. If not...you'll have to play with the routing.
>
> Too much of a fight to get it to work (requires editing your registry)
> without password encryption.
>
> Craig
>
> ----:----|----:----|----:----|----:----|----:----|----:----|
> - Craig White - PO Box 8634 - Scottsdale, Arizona - 85252
> - e-mail address ................ - CraigWhite@AzApple.com
> - world wide web address ........ - http://www.AzApple.com
> - e-mail my pager address ....... - 6023779752@airtouch.net
> - cellular phone ................ - (602) 377-9752
> - voice/facsimile ............... - (480) 945-8445
> ----:----|----:----|----:----|----:----|----:----|----:----|
>
> > -----Original Message-----
> > From: plug-discuss-admin@lists.plug.phoenix.az.us
> > [mailto:plug-discuss-admin@lists.plug.phoenix.az.us]On Behalf Of Joel
> > Dudley
> > Sent: Friday, May 19, 2000 12:19 PM
> > To: plug-discuss@lists.plug.phoenix.az.us
> > Subject: samba and NT
> >
> >
> > Well, for some reason I am having a heck of a newbie time with
> > samba.  I can
> > smbmount win 98 shares no prob, but I cannot mount an NT share on our
> > network for anything.  Every time I try to mount an NT share I get:
> >
> > ERRdos - ERRnoaccess
> > login failed.
> >
> > even is I supply the administrators login credentials I get rejected.  I
> > dont think encryption is an issue because win98 shares are
> mounting fine.
> > Any ideas?  Anyone have a sample smb.conf file that works well
> in a linux
> > /win98/NT network with NT domain controllers??  Thanks a ton.
> >
> > - Joel
> >
> >
> > _______________________________________________
> > Plug-discuss mailing list  -  Plug-discuss@lists.PLUG.phoenix.az.us
> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
>
> _______________________________________________
> Plug-discuss mailing list  -  Plug-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
>
> _______________________________________________
> Plug-discuss mailing list  -  Plug-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss