samba - Jun 2003 - Hi need some understanding

Hi guys,

(sorry for my typos, i'm dutch :-) )

First I would like to congratulate you all for a job wel done, the samba 
3.0 looks and works great.

I have got a question neverteless,

I want to use the user manager for winnt for my users and group admin.
but i also want to stay off the linux accounts since i don't want 
everyone to be able to login to various programs

i am using the tdbsam backend with the idmap, but i cannot create users 
with the user manager, nor can i create groups.

i know i will have to user net group and pdbedit to make these
but i cannot figure out the right syntaxes with the add user, add group 
scripts in smb.conf

also I cannot use more then 1 group per user, and would like te be able 
to change this.

Could you give me some pointers, or possible the commands for
add user, add group, delete user from, add user to, etc. ?

this is my current smb.conf :

[global]
         workgroup = RJPCNET
         netbios name = RJPC-srv1
         server string = Samba3
         passdb backend = tdbsam, guest
         password level = 8
         username level = 8
         syslog = 0
         log file = /var/log/samba/%m
         name resolve order = wins bcast hosts
         time server = Yes
         socket options = TCP_NODELAY SO_KEEPALIVE SO_SNDBUF=8192 
O_RCVBUF=8192
         disable spoolss = Yes
         domain logons = Yes
         os level = 35
         preferred master = Yes
         domain master = Yes
         wins support = Yes
         utmp = Yes
         idmap uid = 15000-20000
         idmap gid = 15000-20000
         comment = Samba 3.0.0
         printing = cups
 

[homes]
         comment = Home Directories
         valid users = %S
         read only = No
         browseable = No
 

[netlogon]
         comment = Network Logon Service
         path = /var/lib/samba/netlogon
         admin users = root
         guest ok = Yes
         nt acl support = No
         browseable = No
         blocking locks = No
         csc policy = disable
         locking = No
         oplocks = No
         level2 oplocks = No
         posix locking = No
         strict locking = No
         share modes = No
 

[simple]
         comment = simple share
         path = /tmp
         read only = No

RJPvT ?rta:
> Hi guys,
>
> (sorry for my typos, i'm dutch :-) )
>
> First I would like to congratulate you all for a job wel done, the 
> samba 3.0 looks and works great.
>
> I have got a question neverteless,
>
> I want to use the user manager for winnt for my users and group admin.
> but i also want to stay off the linux accounts since i don't want 
> everyone to be able to login to various programs
>
> i am using the tdbsam backend with the idmap, but i cannot create 
> users with the user manager, nor can i create groups.
>
> i know i will have to user net group and pdbedit to make these
> but i cannot figure out the right syntaxes with the add user, add 
> group scripts in smb.conf
>
> also I cannot use more then 1 group per user, and would like te be 
> able to change this.
>
> Could you give me some pointers, or possible the commands for
> add user, add group, delete user from, add user to, etc. ?
>
> this is my current smb.conf :
>
> [global]
>         workgroup = RJPCNET
>         netbios name = RJPC-srv1
>         server string = Samba3
>         passdb backend = tdbsam, guest
>         password level = 8
>         username level = 8
>         syslog = 0
>         log file = /var/log/samba/%m
>         name resolve order = wins bcast hosts
>         time server = Yes
>         socket options = TCP_NODELAY SO_KEEPALIVE SO_SNDBUF=8192 
> O_RCVBUF=8192
>         disable spoolss = Yes
>         domain logons = Yes
>         os level = 35
>         preferred master = Yes
>         domain master = Yes
>         wins support = Yes
>         utmp = Yes
>         idmap uid = 15000-20000
>         idmap gid = 15000-20000
>         comment = Samba 3.0.0
>         printing = cups
>
>
> [homes]
>         comment = Home Directories
>         valid users = %S
>         read only = No
>         browseable = No
>
>
> [netlogon]
>         comment = Network Logon Service
>         path = /var/lib/samba/netlogon
>         admin users = root
>         guest ok = Yes
>         nt acl support = No
>         browseable = No
>         blocking locks = No
>         csc policy = disable
>         locking = No
>         oplocks = No
>         level2 oplocks = No
>         posix locking = No
>         strict locking = No
>         share modes = No
>
>
> [simple]
>         comment = simple share
>         path = /tmp
>         read only = No
>
>
I would suggest you to look at jht@samba.org 's smb.conf sent to the 
list two days ago , you will find it attached to this mail

Good Luck

Geza Gemes
-------------- next part --------------
# Samba config file created using SWAT
# from 192.168.1.1 (192.168.1.1)
# Date: 2003/06/21 14:41:58

# Global parameters
[global]
	workgroup = MIDEARTH
	server string = Samba3
	interfaces = eth0, lo
	bind interfaces only = Yes
	server schannel = Yes
	passdb backend = tdbsam, guest
	pam password change = Yes
	passwd chat = *New*Password* %n\n *Re-enter*new*password* %n\n
*Password*changed*
	username map = /etc/samba/smbusers
	password level = 8
	username level = 8
	unix password sync = Yes
	log level = 1
	syslog = 0
	log file = /var/log/samba/%m
	smb ports = 139 445
	name resolve order = wins bcast hosts
	time server = Yes
	socket options = TCP_NODELAY SO_KEEPALIVE SO_SNDBUF=8192 SO_RCVBUF=8192
	printcap name = CUPS
	disable spoolss = Yes
	add user script = /usr/sbin/useradd -m %u
	delete user script = /usr/sbin/userdel -r %u
	add group script = /usr/sbin/groupadd %g
	delete group script = /usr/sbin/groupadd %g
	add user to group script = /usr/sbin/usermod -G %g %u
	add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null %u
	shutdown script = /var/lib/samba/scripts/shutdown.sh
	abort shutdown script = /sbin/shutdown -c
	logon script = scripts\logon.bat
	logon path = \\%L\Profiles\%U
	logon drive = H:
	logon home = \\%L\%U
	domain logons = Yes
	os level = 35
	preferred master = Yes
	domain master = Yes
	wins support = Yes
	ldap ssl = no
	utmp = Yes
	panic action = export DISPLAY=localhost:0; /usr/bin/X11/xterm -e gdb
/proc/%d/exe %d || /bin/sleep
	idmap uid = 15000-20000
	idmap gid = 15000-20000
	winbind separator = +
	comment = Samba 3.0.0
	hosts allow = 127., 192.168.1.
	use sendfile = Yes
	printing = cups
	veto files = /*.eml/*.nws/riched20.dll/*.{*}/
	veto oplock files = /*.doc/*.xls/*.mdb/
	include = /etc/samba/machine.

[homes]
	comment = Home Directories
	valid users = %S
	read only = No
	browseable = No

[print$]
	comment = Printer Drivers Share
	path = /var/lib/samba/drivers
	write list = jht, root
	printer admin = jht, root
	create mask = 0664
	directory mask = 0775

[netlogon]
	comment = Network Logon Service
	path = /var/lib/samba/netlogon
	admin users = root, jht
	guest ok = Yes
	nt acl support = No
	browseable = No
	blocking locks = No
	csc policy = disable
	locking = No
	oplocks = No
	level2 oplocks = No
	posix locking = No
	strict locking = No
	share modes = No

[Profiles]
	comment = Roaming Profile Share
	path = /var/lib/samba/profiles
	read only = No
	profile acls = Yes

[printers]
	comment = All Printers
	path = /var/spool/samba
	printer admin = root, jht
	create mask = 0600
	guest ok = Yes
	printable = Yes
	use client driver = Yes
	default devmode = Yes
	browseable = No

[media]
	comment = Public Stuff
	path = /export2
	read list = @users
	write list = jht
	read only = No
	blocking locks = No
	csc policy = disable
	locking = No
	oplocks = No
	level2 oplocks = No
	posix locking = No
	strict locking = No
	share modes = No

[data]
	comment = Data Stuff
	path = /export/data
	write list = @ntadmin
	read only = No
	blocking locks = No
	csc policy = disable
	locking = No
	oplocks = No
	level2 oplocks = No
	posix locking = No
	strict locking = No
	share modes = No

[cdr]
	comment = CDR Production Files
	path = /export/CDR
	force user = root
	read only = No
	case sensitive = Yes

Greetings and Thank You in advance to anyone who responds to this message.
As the saying goes long time listener first time caller.

Our campus is switching(might I add not with our blessing) to a windows 
2003 backend.
Since we at the library prefer to stay Linux/FreeBsd we are searching for 
information about joining a Samba Server to a 2003 environment. Has anyone 
been successful in integrating the two?
If so could you offer any advice, pointers, roadblocks, showstoppers etc.

Thanks
Johan Dowdy

Cabrillo College Library

To be full ADS member in W2003 server you have to use Samba 3(-beta1).

You have to compile Samba 3 with kerberos and ldap support to get ADS 
support within
Samba.

/Patrik


Johan wrote:
> Greetings and Thank You in advance to anyone who responds to this 
> message.
> As the saying goes long time listener first time caller.
>
> Our campus is switching(might I add not with our blessing) to a 
> windows 2003 backend.
> Since we at the library prefer to stay Linux/FreeBsd we are searching 
> for information about joining a Samba Server to a 2003 environment. 
> Has anyone been successful in integrating the two?
> If so could you offer any advice, pointers, roadblocks, showstoppers etc.
>
> Thanks
> Johan Dowdy
>
> Cabrillo College Library
>
-- 
"In a world without fences who needs Gates"
Patrik Gustavsson, Senior Technical Consultant
patrik.gustavsson@sun.com     Telephone: +46 60 671540
http://glen.sweden            Mobile: +46 70 3551040
SUN MICROSYSTEMS              Fax: +46 60 671550
--------------------------------------------------------------