HPE Community
Operating System - HP-UX
1832695 Members
3149 Online
110043 Solutions
New Discussion

samba and users in another domain

 
SOLVED
Go to solution
Admin.SIF
Frequent Advisor

‎10-02-2001 07:26 AM

‎10-02-2001 07:26 AM

samba and users in another domain

Hi,
the question was already discussed in the forum but I do not find it any more (samba - August 21). How to allow users in another domain to see the shares on a HP 9000? Any suggestion will be appreciated. Thanks in advance,
Nora
Sysd. Amin. Inforef
0 Kudos
Reply
5 REPLIES 5
John Poff
Honored Contributor

‎10-02-2001 07:47 AM

‎10-02-2001 07:47 AM

Re: samba and users in another domain

Hello,

I haven't tried it before, but I think you can do it. There are some security concerns. Here is an excerpt from the smb.conf man page that discusses one of the global parameters for domains in the smb.conf configuration file:



allow trusted domains (G)

This option only takes effect when the security option is set to server or domain. If it is set to no, then attempts to connect to a resource from a domain or workgroup other than the one which smbd is running in will fail, even if that domain is trusted by the remote server doing the authentication.


This is useful if you only want your Samba server to serve resources to users in the domain it is a member of. As an example, suppose that there are two domains DOMA and DOMB. DOMB is trusted by DOMA, which contains the Samba server. Under normal circumstances, a user with an account in DOMB can then access the resources of a UNIX account with the same account name on the Samba server even if they do not have an account in DOMA. This can make implementing a security boundary difficult.


Default: allow trusted domains = Yes


Example: allow trusted domains = No




JP
0 Kudos
Reply
Admin.SIF
Frequent Advisor

‎10-02-2001 11:10 AM

‎10-02-2001 11:10 AM

Re: samba and users in another domain

I tested that between two trusted domains. But it does not work. When I am on domain2, I do not see the share.
My smb.conf file looks like the attached file. Please tell me what I forgot to verify.
Nora
Sysd. Amin. Inforef
0 Kudos
Reply
John Poff
Honored Contributor

‎10-02-2001 12:21 PM

‎10-02-2001 12:21 PM

Re: samba and users in another domain

Have you tried mapping the share even though you can't see it? I used to be able to see my shares in Network Neighborhood, but the local LAN guys reconfigured the switches so that they don't pass the broadcast traffic any more. The shares stopped showing up but we were still able to map them.

Other than that I'm not sure what to try, as I'm not a networking guru.

JP
0 Kudos
Reply
Bill Thorsteinson
Honored Contributor

‎10-02-2001 04:39 PM

‎10-02-2001 04:39 PM

Re: samba and users in another domain

I solved the problem of not seeing shares across
different network segments by using a wins server.
You can use your samba server or an NT server
for this purpose.

I assume you can't see the share from the remote
domain because it is on a different network segment
or protocol. If you are using samba, your windows
machines should use on tcp/ip for netbios traffic.
If you get a browse list of ipx, you won't see the
samba server.

From what I have seen, Windows creates separate
browse lists on each protocol (including WINS). These
lists seem to independent with their own elections
for browse master.
0 Kudos
Reply
Donald Kok
Respected Contributor

‎10-15-2001 12:52 AM

‎10-15-2001 12:52 AM

Solution

Re: samba and users in another domain

This is what I did with 2 domains NOT trusting eachother. I automounted the content to amother unixmachine. There I installed samba with the domainname of the other domain. Thats it. Works fine.
My systems are 100% Murphy Compliant. Guaranteed!!!
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.