Is it possible to use "user mapping" to make 1 unix user "smbuser" represent all windows users. I would enable the user "smbuser" as a samba user, then authenticate users from a PDC (separate machine)so each windows user "winuser1,winuser2,etc" has no unix account, but automatically gets mapped as "smbuser" on the Samba box. I don't need file level permissions for this Samba share, just want to authenticate that they are a windows user, then they have full read/write access to the share. IT won't let me add the Samba machine to the domain, but perhaps I could use the PDC for authentication anyway? Thanks for any help Anthony J. Galella anthony.galella@intel.com
MCCALL,DON (HP-USA,ex1)
2002-Mar-20 11:58 UTC
[Samba] Samba authentication without unix account?
Hi Anthony, What you could do is set your server up in smb.conf global section with: security=server (note:security = server doesn't require you to 'join' the nt domain.) password server = <NT Domain controller name> username map = /usr/local/samba/lib/user.map Then make your user.map file, to map any pc username to the unix user smbuser: Contents of /usr/local/samba/lib/user.map: smbuser = * (make sure that you create the user 'smbuser' in your /etc/passwd file as well). Finally, make sure that you specify 'public = no' in your share definition, so that if authentication of a username to the NT domain controller fails, they won't get in as 'guest'. Hope this helps Don -----Original Message----- From: Galella, Anthony [mailto:anthony.galella@intel.com] Sent: Wednesday, March 20, 2002 2:48 PM To: 'samba@lists.samba.org' Subject: [Samba] Samba authentication without unix account? Is it possible to use "user mapping" to make 1 unix user "smbuser" represent all windows users. I would enable the user "smbuser" as a samba user, then authenticate users from a PDC (separate machine)so each windows user "winuser1,winuser2,etc" has no unix account, but automatically gets mapped as "smbuser" on the Samba box. I don't need file level permissions for this Samba share, just want to authenticate that they are a windows user, then they have full read/write access to the share. IT won't let me add the Samba machine to the domain, but perhaps I could use the PDC for authentication anyway? Thanks for any help Anthony J. Galella anthony.galella@intel.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Thanks Don, this worked perfect! Anthony J. Galella anthony.galella@intel.com -----Original Message----- From: MCCALL,DON (HP-USA,ex1) [mailto:don_mccall@hp.com] Sent: Wednesday, March 20, 2002 2:57 PM To: 'Galella, Anthony'; 'samba@lists.samba.org' Subject: RE: [Samba] Samba authentication without unix account? Hi Anthony, What you could do is set your server up in smb.conf global section with: security=server (note:security = server doesn't require you to 'join' the nt domain.) password server = <NT Domain controller name> username map = /usr/local/samba/lib/user.map Then make your user.map file, to map any pc username to the unix user smbuser: Contents of /usr/local/samba/lib/user.map: smbuser = * (make sure that you create the user 'smbuser' in your /etc/passwd file as well). Finally, make sure that you specify 'public = no' in your share definition, so that if authentication of a username to the NT domain controller fails, they won't get in as 'guest'. Hope this helps Don -----Original Message----- From: Galella, Anthony [mailto:anthony.galella@intel.com] Sent: Wednesday, March 20, 2002 2:48 PM To: 'samba@lists.samba.org' Subject: [Samba] Samba authentication without unix account? Is it possible to use "user mapping" to make 1 unix user "smbuser" represent all windows users. I would enable the user "smbuser" as a samba user, then authenticate users from a PDC (separate machine)so each windows user "winuser1,winuser2,etc" has no unix account, but automatically gets mapped as "smbuser" on the Samba box. I don't need file level permissions for this Samba share, just want to authenticate that they are a windows user, then they have full read/write access to the share. IT won't let me add the Samba machine to the domain, but perhaps I could use the PDC for authentication anyway? Thanks for any help Anthony J. Galella anthony.galella@intel.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba