On Fri, 2008-10-03 at 15:48 -0700, Eric Shubert wrote:
> Craig White wrote:

> >>> Are you saying this operational configuration is not possible or just
> >>> a bad idea?
> >> Sounds like it'd be possible using Share-Level Security "security = share".
> >> See
> >> http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ServerType.html#id2552417
> >>
> > ----
> > NO - don't use security = share
> > 
> > Craig
> > 
> 
> I don't think would, Craig.
> 
> Question though, is how does one use samba authentication (aka standalone
> server with separate authentication) while already logged into a windoze domain?
----
Yes, Windows domain authentication is designed to give a single-sign-on
authentication method and if the samba server is not connected to the
domain either via security = [server | ads ] or via winbind, it's going
to be a bit confused of a setup.

If the samba server is not joined to the domain, then I would set the
workgroup of that samba server to something other than the Windows
domain and set security = user and then each user would have to
authenticate to it separately as the domain credentials would be
meaningless. Sort of like having a Windows XP Home system which is also
not capable of participating in a Windows Domain security model.

I have on occasion resorted to stupid dos command line scripts to
connect Windows XP Home systems like this (from memory, please verify)

net use f: \\SERVER_NAME\SHARE /USER:SAMBA_USER_NAME

and it will prompt for the password and that script can be put into
'Startup' to execute on login.

Also, managing users/groups separately is another burden as now you
would have at least two places to maintain when adding/deleting users
and groups.

Craig

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss