[Samba] Local accounts and AD - Samba

This is a discussion on [Samba] Local accounts and AD - Samba ; So has anyone been able to do this? I have a Samba member server joined to AD on Win2003 server. I have winXP workstations and one can login with their AD credentials but I also want to allow users with ...

+ Reply to Thread
Results 1 to 6 of 6

Thread: [Samba] Local accounts and AD

  1. [Samba] Local accounts and AD

    So has anyone been able to do this?

    I have a Samba member server joined to AD on Win2003 server. I have
    winXP workstations and one can login with their AD credentials but I
    also want to allow users with local accounts on the Samba machine to be
    able to login with winXP.

    Is it possible?
    If so I haven't been able to make it work and would appreciate some
    pointers.

    Ubuntu 7.04 server
    Samba 3.0.24
    Kerberos etc etc

    I tried storing the local accounts in tdbsam, no go.


    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  2. Re: [Samba] Local accounts and AD

    On Thu, Jun 14, 2007 at 02:29:11PM -0700, George Farris wrote:
    > So has anyone been able to do this?
    >
    > I have a Samba member server joined to AD on Win2003 server. I have
    > winXP workstations and one can login with their AD credentials but I
    > also want to allow users with local accounts on the Samba machine to be
    > able to login with winXP.
    >
    > Is it possible?
    > If so I haven't been able to make it work and would appreciate some
    > pointers.
    >
    > Ubuntu 7.04 server
    > Samba 3.0.24
    > Kerberos etc etc
    >
    > I tried storing the local accounts in tdbsam, no go.


    If you need to have the tdbsam-defined users also log on
    locally to XP, you can make your samba box a domain
    controller for a separate domain and establish a trust to
    from you AD to the Samba domain.

    Volker

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.5 (GNU/Linux)

    iD8DBQFGcbREpZr5CauZH5wRAlkZAKDKC2EIffE2idqlb+JT4c bYKsgJpACeJS38
    PhnekJeVLanEHwC2Y2B+AbE=
    =66hJ
    -----END PGP SIGNATURE-----


  3. Re: [Samba] Local accounts and AD

    On Thu, 2007-14-06 at 23:33 +0200, Volker Lendecke wrote:
    > On Thu, Jun 14, 2007 at 02:29:11PM -0700, George Farris wrote:
    > > So has anyone been able to do this?
    > >
    > > I have a Samba member server joined to AD on Win2003 server. I have
    > > winXP workstations and one can login with their AD credentials but I
    > > also want to allow users with local accounts on the Samba machine to be
    > > able to login with winXP.
    > >
    > > Is it possible?
    > > If so I haven't been able to make it work and would appreciate some
    > > pointers.
    > >
    > > Ubuntu 7.04 server
    > > Samba 3.0.24
    > > Kerberos etc etc
    > >
    > > I tried storing the local accounts in tdbsam, no go.

    >
    > If you need to have the tdbsam-defined users also log on
    > locally to XP, you can make your samba box a domain
    > controller for a separate domain and establish a trust to
    > from you AD to the Samba domain.


    I can't establish a trust because AD is running in native mode. To
    establish a trust domain AD must be running in mixed mode. At least
    this is how I understand the problem.




    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  4. Re: [Samba] Local accounts and AD

    On Thu, Jun 14, 2007 at 03:50:13PM -0700, George Farris wrote:
    > > If you need to have the tdbsam-defined users also log on
    > > locally to XP, you can make your samba box a domain
    > > controller for a separate domain and establish a trust to
    > > from you AD to the Samba domain.

    >
    > I can't establish a trust because AD is running in native mode. To
    > establish a trust domain AD must be running in mixed mode. At least
    > this is how I understand the problem.


    That's a wrong assumption. You can certainly use a trust in
    native mode. The only thing you can not do anymore is
    install an NT4 BDC into the domain that was converted to
    native.

    Volker

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.5 (GNU/Linux)

    iD8DBQFGciWQpZr5CauZH5wRAmTLAJ9ap1BhNmVEyWSUwN/kRyeCCaXhjQCfc7lD
    NBu2pIT7MhffxMveXOp/B7I=
    =DJiq
    -----END PGP SIGNATURE-----


  5. Re: [Samba] Local accounts and AD

    On Fri, 2007-15-06 at 07:37 +0200, Volker Lendecke wrote:
    > On Thu, Jun 14, 2007 at 03:50:13PM -0700, George Farris wrote:
    > > > If you need to have the tdbsam-defined users also log on
    > > > locally to XP, you can make your samba box a domain
    > > > controller for a separate domain and establish a trust to
    > > > from you AD to the Samba domain.

    > >
    > > I can't establish a trust because AD is running in native mode. To
    > > establish a trust domain AD must be running in mixed mode. At least
    > > this is how I understand the problem.

    >
    > That's a wrong assumption. You can certainly use a trust in
    > native mode. The only thing you can not do anymore is
    > install an NT4 BDC into the domain that was converted to
    > native.
    >


    That's fantastic, none of the documentation I've ever read suggested
    such thing. Everything always mentioned it must be mixed mode. Even
    the Samba docs say this and I read them religiously!!

    Thanks


    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  6. Re: [Samba] Local accounts and AD

    On Fri, Jun 15, 2007 at 08:49:52AM -0700, George Farris wrote:
    > That's fantastic, none of the documentation I've ever read suggested
    > such thing. Everything always mentioned it must be mixed mode. Even
    > the Samba docs say this and I read them religiously!!


    Oh, that's a bug in the docs then. Can you give me a
    pointer?

    Volker

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.5 (GNU/Linux)

    iD8DBQFGcrkmpZr5CauZH5wRAkAxAJ0V+C5ksNnja9ojOPatCo DON76npACfbFlV
    rwn9kfPp2jF8VziBB+4/ujo=
    =zs6E
    -----END PGP SIGNATURE-----


+ Reply to Thread