On Fri, Oct 3, 2008 at 1:06 PM, Eric Shubert wrote: > > What you describe sounds nonsensical to me. Sounds like you want to use > Linux authentication in addition to a windows domain controller. That'd be > like trying to use 2 different domain controllers together. I don't see how > you can keep your windows DC and still have samba do authentication separate > from that (unless you do peer-to-peer type authentication, which would be > security = share). I think samba is designed to either work independently > (entirely), or work together with a domain controller. I could be wrong > though (it's been known to happen). ;) > > You might want to read up on samba server types: > http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ServerType.html Maybe what we need to do cannot be done with Samba, which I am willing to entertain. We have a certain class of business data that must be completely restricted from all but a specific list of users. For specific reasons the restricted people include the IT department. If authentication of users is controlled by the domain controller, the IT department has indirect control over the data. So this share cannot have authentication by the domain. (I'm ignoring the fact that SMB is not a secure data protocol over the wire. That is very important but, for the moment, is being selectively ignored.) So we want the Samba server to be a stand-alone server. Each allowed user will have a Linux user defined on the server. When a user wants to get to the data, they connect to "\\SpecialServer\restricted", enter their Linux user ID and password and connect to the share. Are you saying this operational configuration is not possible or just a bad idea? BTW, the designer of the SWAT UI needs a lesson in preventing disasters! The select a share drop-down button is pixels away from the DELETE button (See attached)! (Backup /etc/samba/smb.conf before you start!)