On Fri, Oct 3, 2008 at 1:06 PM, Eric Shubert <
ejs@shubes.net> wrote:
>
> What you describe sounds nonsensical to me. Sounds like you want to use
> Linux authentication in addition to a windows domain controller. That'd be
> like trying to use 2 different domain controllers together. I don't see how
> you can keep your windows DC and still have samba do authentication separate
> from that (unless you do peer-to-peer type authentication, which would be
> security = share). I think samba is designed to either work independently
> (entirely), or work together with a domain controller. I could be wrong
> though (it's been known to happen). ;)
>
> You might want to read up on samba server types:
> http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ServerType.html
Maybe what we need to do cannot be done with Samba, which I am willing
to entertain.
We have a certain class of business data that must be completely
restricted from all but a specific list of users. For specific
reasons the restricted people include the IT department. If
authentication of users is controlled by the domain controller, the IT
department has indirect control over the data. So this share cannot
have authentication by the domain.
(I'm ignoring the fact that SMB is not a secure data protocol over the
wire. That is very important but, for the moment, is being
selectively ignored.)
So we want the Samba server to be a stand-alone server. Each allowed
user will have a Linux user defined on the server. When a user wants
to get to the data, they connect to "\\SpecialServer\restricted",
enter their Linux user ID and password and connect to the share.
Are you saying this operational configuration is not possible or just
a bad idea?
BTW, the designer of the SWAT UI needs a lesson in preventing
disasters! The select a share drop-down button is pixels away from
the DELETE button (See attached)! (Backup /etc/samba/smb.conf before
you start!)
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss