Craig White wrote: > On Fri, 2008-10-03 at 14:47 -0700, Eric Shubert wrote: >> Alan Dayley wrote: >>> On Fri, Oct 3, 2008 at 1:06 PM, Eric Shubert wrote: >>>> What you describe sounds nonsensical to me. Sounds like you want to use >>>> Linux authentication in addition to a windows domain controller. That'd be >>>> like trying to use 2 different domain controllers together. I don't see how >>>> you can keep your windows DC and still have samba do authentication separate >>>> from that (unless you do peer-to-peer type authentication, which would be >>>> security = share). I think samba is designed to either work independently >>>> (entirely), or work together with a domain controller. I could be wrong >>>> though (it's been known to happen). ;) >>>> >>>> You might want to read up on samba server types: >>>> http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ServerType.html >>> Maybe what we need to do cannot be done with Samba, which I am willing >>> to entertain. >>> >>> We have a certain class of business data that must be completely >>> restricted from all but a specific list of users. For specific >>> reasons the restricted people include the IT department. If >>> authentication of users is controlled by the domain controller, the IT >>> department has indirect control over the data. So this share cannot >>> have authentication by the domain. >>> >>> (I'm ignoring the fact that SMB is not a secure data protocol over the >>> wire. That is very important but, for the moment, is being >>> selectively ignored.) >>> >>> So we want the Samba server to be a stand-alone server. Each allowed >>> user will have a Linux user defined on the server. When a user wants >>> to get to the data, they connect to "\\SpecialServer\restricted", >>> enter their Linux user ID and password and connect to the share. >>> >>> Are you saying this operational configuration is not possible or just >>> a bad idea? >> Sounds like it'd be possible using Share-Level Security "security = share". >> See >> http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ServerType.html#id2552417 >> > ---- > NO - don't use security = share > > Craig > I don't think would, Craig. Question though, is how does one use samba authentication (aka standalone server with separate authentication) while already logged into a windoze domain? -- -Eric 'shubes' --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss