Newbie Samba PDC questions
I setup a Samba file server as a PDC. On my network I have a couple of computers in the domain and a couple of other computers outside of the domain simply as part of a different workgroup. I have some common user names in the two different groups. For example:
Workgroup WG1 User_U1 Domain: DM1 User_U1 On computer #1, I logged on as \\WG1\U1. I could not see the shares associated with \\DM1\U1. On compter #2, I logon as \\DM1\U1. I am able to see the appropriate shares and directories. Next, I went back to computer #1 (\\WG1\U1) and all of a sudden it is able to read and write the files associated with \\DM1\U1. It seems like once I log on to the domain, that samba stops checkiing to see if the user is actually a member of the domain. I didn't expect to be able to modify files if the computer and/or user was not a member of the domain. What am I doing wrong? |
No idea - post your smb.conf file. It looks like a permissions problem.
|
Ok here's my smb.conf:
[global] workgroup = W100 netbios name = W100M00 encrypt passwords = Yes log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192 domain admin group = @wadmin logon script = wlogon.bat logon path = \\%N\profiles\%U logon drive = h: domain logons = Yes os level = 64 preferred master = Yes domain master = Yes dns proxy = No hide local users = Yes hide unreadable = Yes map system = Yes map hidden = Yes [homes] comment = Home directories read only = No create mask = 0755 browseable = No [profiles] comment = User profiles path = /win/profiles read only = No create mask = 0711 directory mask = 0711 browseable = No [netlogon] comment = Network services path = /win/netlogon write list = @wadmin browseable = No [printers] comment = Printers path = /var/spool/samba printable = Yes browseable = No |
I have been reviewing the log. After some experimenting I think I understand what has happened. The same userid while on different domains also has the the same password on each system.
The log shows that the domain client password for the client fails, yet the userid/password passes the smbpasswd check. As far as windows is concerned as long as the userid/password matches the smbpasswd it seems to allow access to the same shares. There doesn't seem to be an option in windows or samba to change this behavior. I guess the thing to remember is that the only protection againt this problem is to maintain unqiue userids and passwords on each domain. |
All times are GMT -5. The time now is 09:21 PM. |