LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Newbie Samba PDC questions (https://www.linuxquestions.org/questions/linux-networking-3/newbie-samba-pdc-questions-67187/)

zos 06-22-2003 01:08 AM

Newbie Samba PDC questions
 
I setup a Samba file server as a PDC. On my network I have a couple of computers in the domain and a couple of other computers outside of the domain simply as part of a different workgroup. I have some common user names in the two different groups. For example:

Workgroup WG1 User_U1
Domain: DM1 User_U1


On computer #1, I logged on as \\WG1\U1. I could not see the shares associated with \\DM1\U1.

On compter #2, I logon as \\DM1\U1. I am able to see the appropriate shares and directories.

Next, I went back to computer #1 (\\WG1\U1) and all of a sudden it is able to read and write the files associated with \\DM1\U1.

It seems like once I log on to the domain, that samba stops checkiing to see if the user is actually a member of the domain.

I didn't expect to be able to modify files if the computer and/or user was not a member of the domain.

What am I doing wrong?

david_ross 06-22-2003 06:39 AM

No idea - post your smb.conf file. It looks like a permissions problem.

zos 06-22-2003 09:10 AM

Ok here's my smb.conf:

[global]
workgroup = W100
netbios name = W100M00
encrypt passwords = Yes
log file = /var/log/samba/log.%m
max log size = 50
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192
domain admin group = @wadmin
logon script = wlogon.bat
logon path = \\%N\profiles\%U
logon drive = h:
domain logons = Yes
os level = 64
preferred master = Yes
domain master = Yes
dns proxy = No
hide local users = Yes
hide unreadable = Yes
map system = Yes
map hidden = Yes

[homes]
comment = Home directories
read only = No
create mask = 0755
browseable = No

[profiles]
comment = User profiles
path = /win/profiles
read only = No
create mask = 0711
directory mask = 0711
browseable = No

[netlogon]
comment = Network services
path = /win/netlogon
write list = @wadmin
browseable = No

[printers]
comment = Printers
path = /var/spool/samba
printable = Yes
browseable = No

zos 06-22-2003 04:06 PM

I have been reviewing the log. After some experimenting I think I understand what has happened. The same userid while on different domains also has the the same password on each system.

The log shows that the domain client password for the client fails, yet the userid/password passes the smbpasswd check.

As far as windows is concerned as long as the userid/password matches the smbpasswd it seems to allow access to the same shares.

There doesn't seem to be an option in windows or samba to change this behavior. I guess the thing to remember is that the only protection againt this problem is to maintain unqiue userids and passwords on each domain.


All times are GMT -5. The time now is 09:21 PM.