Is there a way to have users of the samba server, but not add them by
smbpasswd -a <UserID>?
I want the samba server to be a domain member and the users to only
authentic from the PDC. These are the steps that I have attempted:
Users are in both the Windows domain and the UNIX NIS account
1. smbpasswd -j <Domain> -r PDC -U <admin>
Joined the Domain
2. edited the smb.conf file
[global]
# workgroup = NT-Domain-Name or Workgroup-Name
workgroup = AM
netbios name = SUNTST1
server string = SUNTST1
max log size = 0
security = domain
password server = *
encrypt passwords = yes
username map = /usr/local/samba/lib/username.map
max open files = 30000
oplocks = No
smb passwd file = /etc/samba/smbpasswd
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
remote browse sync = 40.1.142.11 40.25.17.9 40.25.12.26
40.1.129.224 40.1.129.225
remote announce = 40.1.142.11 40.25.17.9 40.25.12.26 40.1.129.224
40.1.129.225
wins proxy = yes
dns proxy = yes
3. restarted the samba server
4. From windows "search for computer" suntst1 unknown
4a. If I add the my userid to the smbpasswd -a <userid>
newpasswd = Windows Password
4b. From windows "search for computer" suntst1 AM samba server
I want the PDC to do the security, so I do not have to add the users to
the smbpasswd file.
Mathew Spurgeon
Eli Lilly and Company
Software Engineering Support Team
Phone: (317) 276-7436
Mobile: (317) 716-7789
http://mcntstep03.d51.lilly.com/SEST
mspurgeon@lilly.com
On Thu, 2003-04-03 at 13:49, SPURGEON_MATHEW_D@LILLY.COM wrote:> Is there a way to have users of the samba server, but not add them by > smbpasswd -a <UserID>? >I think you want winbind - there are docs in the howto collection brad -- Bradley W. Langhorst <brad@langhorst.com>
Thank you,
However if every user has a UNIX account and all I want is for the windows
users to get the security from the windows PDC. It seems to me that the
method that I am using the users are actually authenticating against the samba
server's smbpasswd file.
Mathew Spurgeon
"Bradley W. Langhorst" <brad@langhorst.com>
04/03/2003 01:56 PM
To: SPURGEON_MATHEW_D@LILLY.COM
cc: samba@lists.samba.org
Subject: Re: [Samba] security = problems
On Thu, 2003-04-03 at 13:49, SPURGEON_MATHEW_D@LILLY.COM
wrote:> Is there a way to have users of the samba server, but not add them by
> smbpasswd -a <UserID>?
>
I think you want winbind -
there are docs in the howto collection
brad
--
Bradley W. Langhorst <brad@langhorst.com>
SPURGEON_MATHEW_D@LILLY.COM wrote:> 2. edited the smb.conf file > [global] > remote browse sync = 40.1.142.11 40.25.17.9 40.25.12.26 > 40.1.129.224 40.1.129.225 > remote announce = 40.1.142.11 40.25.17.9 40.25.12.26 > 40.1.129.224 > 40.1.129.225 > wins proxy = yes > dns proxy = yesAre the above options really what you want? Try to leave them out and if you have a wins server add: wins server = <wins server ip address> You only need the remote stuff if you are on a WAN. If you are this would have been nice to know ;-) If you are on a WAN make sure the above remote-IPs have really been elected as browsers in the remote network. And no, you don't need winbind if you already have unix users (or NIS users). Uli
You just make the same thing that a windows workstation client. No password in the client, only is the PDC. But, I think it's no necessary that you insert the username map and the smbpasswd file in your smb.conf. Le jeu 03/04/2003 ? 20:49, SPURGEON_MATHEW_D@LILLY.COM a ?crit :> Is there a way to have users of the samba server, but not add them by > smbpasswd -a <UserID>? > > I want the samba server to be a domain member and the users to only > authentic from the PDC. These are the steps that I have attempted: > > Users are in both the Windows domain and the UNIX NIS account > > 1. smbpasswd -j <Domain> -r PDC -U <admin> > Joined the Domain > 2. edited the smb.conf file > [global] > # workgroup = NT-Domain-Name or Workgroup-Name > workgroup = AM > netbios name = SUNTST1 > server string = SUNTST1 > max log size = 0 > security = domain > password server = * > encrypt passwords = yes > username map = /usr/local/samba/lib/username.map > max open files = 30000 > oplocks = No > smb passwd file = /etc/samba/smbpasswd > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > remote browse sync = 40.1.142.11 40.25.17.9 40.25.12.26 > 40.1.129.224 40.1.129.225 > remote announce = 40.1.142.11 40.25.17.9 40.25.12.26 40.1.129.224 > 40.1.129.225 > wins proxy = yes > dns proxy = yes > 3. restarted the samba server > 4. From windows "search for computer" suntst1 unknown > > 4a. If I add the my userid to the smbpasswd -a <userid> > newpasswd = Windows Password > 4b. From windows "search for computer" suntst1 AM samba server > > I want the PDC to do the security, so I do not have to add the users to > the smbpasswd file. > > Mathew Spurgeon > Eli Lilly and Company > Software Engineering Support Team > Phone: (317) 276-7436 > Mobile: (317) 716-7789 > http://mcntstep03.d51.lilly.com/SEST > mspurgeon@lilly.com
We are not using a WAN for the Samba connections, so thank you, I will
take those setting out of the file.
Why do I need to add the users to the smbpasswd file?
Mathew Spurgeon
Uli Luckas <luckas@musoft.de>
04/03/2003 02:10 PM
To: SPURGEON_MATHEW_D@LILLY.COM, samba@lists.samba.org
cc:
Subject: Re: [Samba] security = problems
SPURGEON_MATHEW_D@LILLY.COM wrote:> 2. edited the smb.conf file
> [global]
> remote browse sync = 40.1.142.11 40.25.17.9 40.25.12.26
> 40.1.129.224 40.1.129.225
> remote announce = 40.1.142.11 40.25.17.9 40.25.12.26
> 40.1.129.224
> 40.1.129.225
> wins proxy = yes
> dns proxy = yes
Are the above options really what you want? Try to leave them out and if
you
have a wins server add:
wins server = <wins server ip address>
You only need the remote stuff if you are on a WAN. If you are this would
have been nice to know ;-)
If you are on a WAN make sure the above remote-IPs have really been
elected
as browsers in the remote network.
And no, you don't need winbind if you already have unix users (or NIS
users).
Uli
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am Donnerstag, 3. April 2003 21:19 schrieb SPURGEON_MATHEW_D@Lilly.com:> We are not using a WAN for the Samba connections, so thank you, I will > take those setting out of the file. > Why do I need to add the users to the smbpasswd file?You should not need to. Try and see if things go better after the remote and proxy keywords are removed. And make sure to set a wins server if and only if other servers and workstations are using it too. Uli -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+jJ9jN0tc9u1WyP0RAicoAKCQLn/Q964xIUfmECNC9fC3nYln6gCgnGMS POLG8GlKsBIJ+I5ddLjQMac=DXhi -----END PGP SIGNATURE-----
Am Don, 2003-04-03 um 20.49 schrieb SPURGEON_MATHEW_D@LILLY.COM:> password server = *And by the way, try sticking your PDC's IP in the "password server" line. Contrary to the documentation I have had trouble at least at join with a "*" as password server in smb.conf. Uli -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Dies ist ein digital signierter Nachrichtenteil Url : http://lists.samba.org/archive/samba/attachments/20030404/1d6b2623/attachment.bin