[olug] samba qs - pswds and trust?

ktb xyf at nixnotes.org
Thu Mar 13 19:58:18 UTC 2003 

On Thu, Mar 13, 2003 at 09:53:21AM -0600, Brian Wiese wrote:
> I am in the process of setting up an windows network domain with Samba 2.2
> (debian woody) as the primary domain controller[1] and many Win98 clients.
>  Just a couple of the questions I've been trying to figure out lately are,
> wondering if anyone on the list has experienced this...
> 
> Q 1.
> Can the PAM modules cracklib or passwdqc be used to test the security of
> smbpasswds?  I honestly haven't tried this yet, so I am just looking for a
> quick answer before I start messing with (learning) PAM configs.  I have
> set in smb.conf on the PDC: security = user
> encrypted passwords = yes
> obey pam restrictions = yes
> pam password change = yes
> 

Take a look at the pam section in smb.conf for this.  Pam is only used
if you use plain text passwords.  Pam is ignored if encrypted passwords
are used.

> Q 2.
> There is also a WinNT4 PDC on this network for a different domain which
> many of the Win98 clients belong to.  On the Samba PDC I've tried setting
> up 'allow trusted domains = yes'[2] in the smb.conf, added a unix and
> samba machine (trust) account for the WinNT4 PDC -- and thats it?  Anyhow,
> it doesn't work.  That should allow any users of the NT4 domain to access
> resources on my Samba domain.  Is this at all possible, or must the trust
> be between NT4/2k domains, and samba can only act as a member server?  I'm
> not sure how else to specifiy which domains to trust either.  The samba
> pdc documentation[1] sounds like this is not/no longer possible, but the
> smb.conf does not say this function is depricated or anything.  How is
> 'allow trusted domains' supposed to work?

I found security_level.{txt|html} or DOMAIN_MEMBER.{txt|html} to be real
helpful.  You will find the two files in the source code.  

Also take a look at "man smb.conf" there is a section dedicated to "allow
trusted domains."  You say the WinNT4 PDC is on a different network.
If the two PDCs are on different subnets WINS has to be enabled IIRC.  

I've not tried merging two networks with WinNT4 in the mix so can't really
answer your questions directly.
hth,
kent

-- 
To know the truth is to distort the Universe.
                      Alfred N. Whitehead (adaptation)

More information about the OLUG mailing list