samba - Sep 2002 - users/passwds

Could somebody please explain just how one is supposed to set up samba 
users, groups and passwords so connections can be established to Win2k 
clients to connect to FBSD samba server for file sharing and to use cups 
for printing.

I am afraid that the manuals and config files and various examples I have 
found on the Internet are quite confusing.

How is the Windows username/passord related to samba access? Must the same 
username/password be created with smbpasswd?
What users/groups need to exist or be created on the Unix machine? Are any 
created automatically by samba installation?
What users/groups need to be set up for "guest" access?
What is the difference between smb.conf entries "public = yes (or no)"
and
"guest ok = yes (or no)"?

Phil

Donnerstag den 19.09.2002 um 16:19 CEST  +0200, schrieb P.
Jourdan:
> Could somebody please explain just how one is supposed to set up samba 
> users, groups and passwords so connections can be established to Win2k 
> clients to connect to FBSD samba server for file sharing and to use cups 
> for printing.
> 
> I am afraid that the manuals and config files and various examples I have 
> found on the Internet are quite confusing.
> 
> How is the Windows username/passord related to samba access? Must the same 
> username/password be created with smbpasswd?
You have to make sure that you create unix user and groups, that should
be used by samba/windows client.

For the first time it's easier to generate from your actual passwd the
corresponding smbpasswd:

cat  /etc/passwd  |  /usr/sbin/mksmbpasswd  > /etc/samba/smbpasswd
> What users/groups need to exist or be created on the Unix machine? Are any 
> created automatically by samba installation?
samba itself runs as root, but switch to the assigned windows/unix user,
to make sure to access with the correct rights.

> What users/groups need to be set up for "guest" access?
It's up to you, which unix user would be the "guest". But
hopefully not
"root".
> What is the difference between smb.conf entries "public = yes (or
no)" and
> "guest ok = yes (or no)"?
man smb.conf

and last but not least:

http://www.samba.org/samba/docs/Samba-HOWTO-Collection.html

-- 
Frank Matthie?                                          fm@Microdata-pos.de

Donnerstag den 19.09.2002 um 18:16 CEST  +0200, schrieb P.
Jourdan:
> At 04:40 PM 9/19/2002 +0200, you wrote:
> >> How is the Windows username/passord related to samba access? Must
the
> >same
> >> username/password be created with smbpasswd?
> >
> >You have to make sure that you create unix user and groups, that should
> >be used by samba/windows client.
> 
> Right. But before installing samba there are already users and groups on 
> the machine. Does one need to create new users/groups for samba? Which
ones?
samba and the windows access based on the unix permissions. You can use your
already avalilable users/groups. 
> 
> 
> >For the first time it's easier to generate from your actual passwd
the
> >corresponding smbpasswd:
> >
> >cat  /etc/passwd  |  /usr/sbin/mksmbpasswd  > /etc/samba/smbpasswd
> 
> on my machine (FreeBSD 4.6.2) there is no "mksmbpasswd" , at
least, I could
> not find it.
if you are a little bit familar with shellscripting, you are able to generate
from your /etc/passwd a valid smbpasswd.

[start]
#!/bin/bash
cat /etc/passwd | while read UNAME PW UID GID GECOS HOME SHELL; 
	do 
		# if not root account 
		[ $UID -ne 0 ] && smbpasswd $UNAME $UNAME
	done;
[stop]

This should generate all users from passwd with the password=username.
This is not testet yet.

But - wait. mksmbpasswd should also be a shellscript. Found and attached.
mksmbpasswd set _no_ password.
> 
> 
> >> What users/groups need to exist or be created on the Unix machine?
Are
> >any
> >> created automatically by samba installation?
> >
> >samba itself runs as root, but switch to the assigned windows/unix
user,
> >to make sure to access with the correct rights.
> 
> Who is the "assigned windows/unix user"?

man smb.conf: 

       guest account (S)
              This is a username which will be used for access to
              services  which  are  specified  as   guest ok (see
              below). Whatever privileges this user has  will  be
              available  to  any  client  connecting to the guest
              service.  Typically this user  will  exist  in  the
              password file, but will not have a valid login. The
              user account "ftp" is often a good choice for  this
              parameter.  If  a  username is specified in a given
              service, the specified username overrides this one.

              One some systems the default guest account "nobody"
              may not be able to print. Use  another  account  in
              this case. You should test this by trying to log in
              as your guest user (perhaps by using the su -  com?
              mand)  and  trying  to print using the system print
              command such as lpr(1) or  lp(1).

              Default:  specified  at   compile   time,   usually
              "nobody"

              Example: guest account = ftp

       guest ok (S)
              If  this  parameter  is  yes for a service, then no
              password is required to  connect  to  the  service.
              Privileges will be those of the  guest account.

              See  the section below on  security for more infor?
              mation about this option.

              Default: guest ok = no

> 
> >> What users/groups need to be set up for "guest" access?
> >
> >It's up to you, which unix user would be the "guest". But
hopefully not
> >"root".
> 
> How do I determine or set up the guest?
> 
> 
> >> What is the difference between smb.conf entries "public = yes
(or no)"
> >and
> >> "guest ok = yes (or no)"?

       public (S)
              Synonym for guest ok.


> >
> >man smb.conf
> >
> >and last but not least:
> >
> >http://www.samba.org/samba/docs/Samba-HOWTO-Collection.html
> 
> I've been through all that... tedious & confusing - I could not
find clear
> answers.
You a fighting on two areas. It isn't really easy. 
In the beginning with samba, i read the while man smb.conf, to get an idea of
the conf posibilities.

After that, i prefer to "decode" the actual smb.conf with the testparm
tool.
testparm check the smb.conf as smbd should do, and much more important at this
stage, it print out the _whole_ config. Also the default and buildin vars.


Frank.

PS: One note: Please let all samba listmember participate from this
              thread, so i forward that to the list.
-- 
Frank Matthie?                                          fm@Microdata-pos.de
Am Wellbach 4                                        Tel +49 521 97 22 6 0
D 33609 Bielefeld                                    Fax +49 521 97 22 6 30

-------------- next part --------------
#!/usr/bin/awk -f
BEGIN {FS=":"
	printf("#\n# SMB password file.\n#\n")
	}
{ printf(
"%s:%s:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U
]:LCT-00000000:%s\n", $1, $3, $5) }

Freitag den 20.09.2002 um 13:54 CEST  +0200, schrieb P.
Jourdan:
> At 09:33 AM 9/20/2002 +0200, you wrote:
> 
> >This should generate all users from passwd with the password=username.
> >This is not testet yet.
> >
> >But - wait. mksmbpasswd should also be a shellscript. Found and
attached.
> >mksmbpasswd set _no_ password.
> As I understand it, I should delete the existing smbpasswd file and then 
> run mksmbpasswd to create a new smbpasswd.
> kWhat then, do I need to give passwords to the users in the created 
> smbpasswd file - that is, for the users, not the system or builtin users.
> 
> 
> I did read man smb.conf and did understand. Still, nothing seems to work. I
> am attaching all files that might be relevant.
> I cleaned out cups & samba files, reinstalled all.
> Installation is FreeBSD 4.6.2, cups-1.1.15.1, 
> cups-base-1.1.15.1_4;cups-lpr-1.1.15.1_1; cups-pstoraster-7.05.5, 
> ghostscript-gnu-7.05_3 (installed by cups-lpr); gimp-print-4.2.1; 
> samba-2.2.6.p2 (installled after cups)
> 
> Before installing samba, I could print from commandline.
Two problems in parallel.
Solve one, and than the next.
I prefer first samba as fileserver, and then cups.

At this point the smb.conf is correct for cups.
But set at [printers] " browseable = yes".
> 
> After installation, I did configuration and rebooted.
> I cannot print.
This isn't a samba problem. With the lpr from cups, you must be able to
print via command line. If not,  samba can't print too, because samba
sit on top of unix. 

If the cups server runs on "biggie2", phil_cups.conf should be ok.

With <TextWebbrowserOfYouChoice> http://localhost:631, you can check
the permissons of the cups server.
> I cannot access Unix from Win2k.
Try to login as pippo from your commandline:

smbclient //<samba-maschine>/www -U pippo -W KITCHEN

If this failed, your samba conf isn't suitable.
Take a look in the logfile /var/log/log.<YourMaschineName>
If there are not enough information, increase the debug level of smbd.


Try it after this setup with yout w2k system.

guest account:

Nor in passwd, wether in smbpasswd i can see a "pcguest" useraccount.
But you told samba to use this account for guest access.

The same for the user administrator. This can't be coorect.

unix user = samba user 

passwd    -> smbpasswd: Problem: password!

The password "crypt" of windows systems can't handled by unix, so
this
is the resaon for smbpasswd.

One user, two password's: unix password, samba/windows password.

There are a chance to map samba usernames to unix usernames, but first
this must be run with native accounts.

> I have been re-reading the manuals etc and seeking explanations.
> But it looks like I just don't understand something.
> Attached are all the files that might be relevant.
> There is a user (pippo) on Unix with same password as on Win2k; the guest 
> account is "pcguest" with no password. Does there need to be a
"pcguest"
> entry in smbpasswd?
This must be a valid unix user account (ftp, nobody...).
> I really would appreciate learning what it is that I am doing wrong.
> Let me know if there is anything else I should look for or what files or 
> info I can send to debug this.
> Thanks in advance,
> Phil 
Think about character sets:

	character set = ISO8859-1
	client code page = 437
	
-- 
Frank Matthie?                                          fm@Microdata-pos.de
Am Wellbach 4                                        Tel +49 521 97 22 6 0
D 33609 Bielefeld                                    Fax +49 521 97 22 6 30

Freitag den 20.09.2002 um 18:35 CEST  +0200, schrieb P.
Jourdan:
> At 03:35 PM 9/20/2002 +0200, you wrote:
> Gentlemen, and all others who have helped me:
> 
> Someohow, I think I understand the samba configuration enough to make it 
> work.
> OK. It works.
> 
> Now comes the stinger.
> 
> SAMBA WORKS FINE.
ok. first step.
> 
> CUPS IS SICK. VERY SICK INDEED.  And I need help to fix it.
>
If you have to start this correectly, you won't miss them. 
But i must agree, the first time is hard to configure.
> After bootup, cups does not print. cupsd is running, so is smbd and nmbd.
> 
> IF I KILL CUPS AND THEN RESTART IT - ALL OF A SUDDEN EVERYTHING WORKS. I 
> can print from command line, from Win2k, the web interface works.
The config seems to be ok.
> Now, the installation has been by the book. Done by good old make; make 
> install.
> cups startup is from rc.d.
> 
> Why do I have to restart cups to make it work when CUPS IS SUPPOSED TO WORK
> "OUT OF THE BOX"  -
It sounds like a dependency problem of services. Do you startup cups
after the network setup?

Restarting manually is just only starting at last.

Just increase ther debug level of cups, reboot the machine and read the
logs carefully. cupsd must complain some "missing parts".

Try to connect after the startup via browser to the webinterface. OK?

Frank.
-- 
Frank Matthie?                                    fm+samba@Microdata-pos.de