[olug] samba qs - pswds and trust?

Brian Wiese bwiese at cotse.com
Thu Mar 13 15:53:21 UTC 2003


I am in the process of setting up an windows network domain with Samba 2.2
(debian woody) as the primary domain controller[1] and many Win98 clients.
 Just a couple of the questions I've been trying to figure out lately are,
wondering if anyone on the list has experienced this...

Q 1.
Can the PAM modules cracklib or passwdqc be used to test the security of
smbpasswds?  I honestly haven't tried this yet, so I am just looking for a
quick answer before I start messing with (learning) PAM configs.  I have
set in smb.conf on the PDC: security = user
encrypted passwords = yes
obey pam restrictions = yes
pam password change = yes

Q 2.
There is also a WinNT4 PDC on this network for a different domain which
many of the Win98 clients belong to.  On the Samba PDC I've tried setting
up 'allow trusted domains = yes'[2] in the smb.conf, added a unix and
samba machine (trust) account for the WinNT4 PDC -- and thats it?  Anyhow,
it doesn't work.  That should allow any users of the NT4 domain to access
resources on my Samba domain.  Is this at all possible, or must the trust
be between NT4/2k domains, and samba can only act as a member server?  I'm
not sure how else to specifiy which domains to trust either.  The samba
pdc documentation[1] sounds like this is not/no longer possible, but the
smb.conf does not say this function is depricated or anything.  How is
'allow trusted domains' supposed to work?

peace

[1] http://us1.samba.org/samba/ftp/docs/htmldocs/Samba-PDC-HOWTO.html
[2] http://samba.linuxbe.org/en/samba/config/domain-1.html#trusted

  Brian Wiese | bwiese at cotse.com | aim: unolinuxguru
------------------------------------------------------
  GnuPG/PGP key 0x1E820A73 | "FREEDOM!" - Braveheart 
------------------------------------------------------  
This is not about Napster or DVDs. It's about your Freedom.
  I'll see your DMCA and raise you a First Amendment.
              http://www.anti-dmca.org


More information about the OLUG mailing list