On Fri, 2008-10-03 at 18:22 -0700, Eric Shubert wrote: > Craig White wrote: > > On Fri, 2008-10-03 at 15:48 -0700, Eric Shubert wrote: > >> Craig White wrote: > > > >>>>> Are you saying this operational configuration is not possible or just > >>>>> a bad idea? > >>>> Sounds like it'd be possible using Share-Level Security "security = share". > >>>> See > >>>> http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ServerType.html#id2552417 > >>>> > >>> ---- > >>> NO - don't use security = share > >>> > >>> Craig > >>> > >> I don't think would, Craig. > >> > >> Question though, is how does one use samba authentication (aka standalone > >> server with separate authentication) while already logged into a windoze domain? > > ---- > > Yes, Windows domain authentication is designed to give a single-sign-on > > authentication method and if the samba server is not connected to the > > domain either via security = [server | ads ] or via winbind, it's going > > to be a bit confused of a setup. > > > > If the samba server is not joined to the domain, then I would set the > > workgroup of that samba server to something other than the Windows > > domain and set security = user and then each user would have to > > authenticate to it separately as the domain credentials would be > > meaningless. Sort of like having a Windows XP Home system which is also > > not capable of participating in a Windows Domain security model. > > > > I have on occasion resorted to stupid dos command line scripts to > > connect Windows XP Home systems like this (from memory, please verify) > > > > net use f: \\SERVER_NAME\SHARE /USER:SAMBA_USER_NAME > > > > and it will prompt for the password and that script can be put into > > 'Startup' to execute on login. > > > > Also, managing users/groups separately is another burden as now you > > would have at least two places to maintain when adding/deleting users > > and groups. > > > > Craig > > > > I suspect for this scenario you'd also want to use > domain master = no > domain logons = no > in the configuration, yes? ---- domain logons = no is the default but if you are wanting to override to be certain then sure but there are tons of settings that revert to default if not explicitly stated. You can view them by doing 'testparm -s' and then 'testparm -s -v' and diff'ing the results. if domain logons = no then the 'domain master' setting is meaningless (default is auto) I don't think that setting these values explicitly as indicated above would matter Craig --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss