Anyone know how to do this?

I have samba downloaded and compiled with winbind and which I am succesfully using to log into the box localy and through telnet and ftp using domain authenication. But I can not figure out how to get samba to use the domain authentication.

I'm not quite sure I fully understand the question, or the significance of being able to log in locally, telnet, or ftp. None of the latter require or use samba.

From a windows client, you typically "log in" to a linux box running samba through Network Neighborhood. If samba is running, the linux box is visible in Network Neighborhood. To "log in" double click on the icon for the linux box.

All this assumes you have samba user accounts and passwords set up. These are different than linux user accounts and passwords. If you haven't done this, or if you do not already know what I'm talking about, read the section in Chapter 11 of the Red Hat Linux Customization guide about samba passwords (http://www.redhat.com/docs/manuals/linux/RHL-7.2-Manual/custom-guide/samba-winnt.html). The process described in this link can be done more easily by webmin, but I recommend doing it at least once yourself from the command line in order to understand what it is doing.

If the user account and password of the Windows workstation you are logging in from is the same as a valid samba user account and password on the linux box, double-clicking on the linux box icon in Network Neighborhood should automatically bring up the shares that valid for that account. If the username and account and password of the windows workstation are not the same as a samba account on the linux box, you should get prompted for a username and password. Any valid samba account and password should expose the shares for that account.

Yes you missed the significance. I have no accounts on the linux box exept for root. however I can log in locally, through telnet , and ftp using my logins from the win2k domain controler. this is done by pam. using pam_winbind, which is distributed and written by the samba folks, but I cannot get it to work with samba itself.

What I am trying to avoid her is keeping multiple user databases. all my user info is stored on the win2k domain controler and I'd prefer to use that.

Worst case senario I can just use ftp for file transfers, but I'd rather use samba. It's easier for the users.

Well, even though I misunderstood what you were trying to do, I think the problem is still related. Here is something cut from a link (http://info.ccone.at/INFO/Samba/PAM-Authentication-And-Samba.html) that may describe the problem you are facing:

[begin cut]

PAM Configuration in smb.conf

There is an option in smb.conf called obey pam restrictions. The following is from the on-line help for this option in SWAT;

When Samba 2.2 is configure to enable PAM support (i.e. --with-pam), this parameter will control whether or not Samba should obey PAM's account and session management directives. The default behavior is to use PAM for clear text authentication only and to ignore any account or session management. Note that Samba always ignores PAM for authentication in the case of encrypt passwords = yes. The reason is that PAM modules cannot support the challenge/response authentication mechanism needed in the presence of SMB password encryption.

Default: obey pam restrictions = no

[end cut]

So to get Samba to use PAM, you'd have to disable

encrypt passwords = yes

and if you do that you are using clear text passwords and samba will no longer work with windows clients sending encrypted passwords.

Yes I saw that this weekend and I am affraid that you are correct, however I have not had a chance to test it all out. I will get to testing everything later this morning. I don't really see why samba should need the encripted passwords if it is strictly following pam because everything else used pam just fine. Like I said I am using it for login , telnet , and ftp no problems. So I am going to play with that obey pam restrictions switch. One thing I did notice is it did not say where it goes in the smb.conf file. I am assuming it goes in the global section, but you know what they say about assuming. I also may have to recompile samba with pam enabled. Looks like I have a fun morning ahead of me.

ive gotten aroudn that problem myself, but im having problems on the win2k side, make the path to the logon file, a path to the win2k machine or laptop!

Dont forget to config windows to send plain text passwords.

stick
encrypt passwords = yes

in global section, that should do the trick!!

ooops allmost forgot, heres a short and sweet version of a samba conf file i have!!! CHANGE WORKGROUP ETC AND YOU SHOULD BE ALL SET, oh yeah make a samba password file....

[global]
workgroup = WELLS
server string = Toshiba-Caldera-Linux-Samba Server

printcap name = /etc/printcap
load printers = yes
printing = lprng

security = user
encrypt passwords = yes
smb passwd file = /etc/samba.d/smbpasswd

socket options = TCP_NODELAY
dns proxy = no

[homes]
comment = Home Directories
path = %H/Public
browseable = yes
writable = yes
create mask = 0750

[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
create mask = 0700

[public]
comment = Public Stuff
path = /home/public
browseable = yes
public = yes
writable = yes
printable = no
write list = @users

ok everyone is missing the point here I have all my users defined on the domain. I do not want to create a password file I want my users to be authenticated over the network so I don't have to maintain two user databases. this is working just fine with telnet and ftp and even local login. I can sit at the machine and log in as someone from the domain that does not have a login defined on the local machine. but I cannot access my samba shares.

Basically I am trying to keep from having to recreate my entire user database on the linux machine. That would be fine at my house with three or four users but not so good at work with 2 or 3 hundred.

smb passwd file = /path to computer/path to file on computer/filename

if you want it to use the same file, its going to have to be like that, and tricky to pull off, ive modified my dhcp router to sit on network and send me a users file for samba everytime, my linux machine logs, on (thats not recomended) voided warrenty.

couldnt you just get samba to cpoy over the user file every time he logs on??

soemthign to that effect ne way??