I am trying to find an option to M$ file server under Linux. Everything to this point is M$. Whether anybody goes for it or not, I would like to put the option out there for choice. One of the important necessities is that this doesn't become any more complicated for the EU. As soon as you say Linux to the bosses they think more complex for the user and the users have trouble enough logging in to there computers. I am a Linux newbie trying to become more efficient. At present, I am using RH9, Samba 3, and have security = Domain and have joined the domain successfully. I have a user joe created on the Linux/Samba server and when user joe logs onto his Win2k computer on the NT domain he can access the Samba share I have configured like this: [share] path = /test public = no writable = yes printable = no valid users = joe jon art create mask = 0765 Unless users "joe, jon, and art" are created on the Linux box, the user gets prompted for network authentication: Connect As: Password: I also have set "password server = *" and I still get promted for authentication. I enter a vaild domain user account but not one that I have added to the Linux box and it will not take it. I also tried using "password server = x.x.x.x" where x.x.x.x was PDC and BDC and had the same results. I have also set the following: unix password sync = Yes passwd program = /usr/bin/passwd %u I don't want anybody to have to do this, since they do not have to do this now (all windoze 2k & NT). There are a lot of users and equally a lot of passwords on the domain and it isn't very efficient to add every user to the Linux box. Is there a way to get around this. Have the Linux server communicate with the PDC or BDC since it is a member of the domain? If that is even possible can I then give joe "read only", jon & art "read & write", and "deny" everybody else access to the "test dir." Need a new email address that people can remember Check out the new EudoraMail at http://www.eudoramail.com
On Fri, 07 Nov 2003 15:08 , anth jaz <antsoundz@eudoramail.com> sent:>I am trying to find an option to M$ file server under Linux. Everything to this point is M$. Whether anybody goes for it or not, I would like toput the option out there for choice. One of the important necessities is that this doesn't become any more complicated for the EU. As soon as you say Linux to the bosses they think more complex for the user and the users have trouble enough logging in to there computers. I am a Linux newbie trying to become more efficient. At present, I am using RH9, Samba 3, and have security = Domain and have joined the domain successfully. I have a user joe created on the Linux/Samba server and when user joe logs onto his Win2k computer on the NT domain he can access the Samba share I have configured like this:> >[share] >path = /test >public = no >writable = yes >printable = no >valid users = joe jon art >create mask = 0765 > >Unless users "joe, jon, and art" are created on the Linux box, the user gets prompted for network authentication: > >Connect As: >Password: > >I also have set "password server = *" and I still get promted for authentication. I enter a vaild domain user account but not one that I haveadded to the Linux box and it will not take it. I also tried using>"password server = x.x.x.x" where x.x.x.x was PDC and BDC and had the same results. > >I have also set the following: >unix password sync = Yes >passwd program = /usr/bin/passwd %u > >I don't want anybody to have to do this, since they do not have to do this now (all windoze 2k & NT). There are a lot of users and equally alot of passwords on the domain and it isn't very efficient to add every user to the Linux box. Is there a way to get around this. Have the Linux server communicate with the PDC or BDC since it is a member of the domain?> >If that is even possible can I then give joe "read only", jon & art "read & write", and "deny" everybody else access to the "test dir." > >With the 2.2.x version there was windbind, which would communicate with the PDC and pull the user accounts. I believe there is something similiar with 3.0 net vampire (or something to that effect, if not still windbind)... The howto at samba.org (dont have the exact address), is very resourcefull to these types of issues. ---- Prudential Preferred Properties www.prupref.com
"anth jaz" <antsoundz@eudoramail.com> wrote in message news:BKDKLCJBJFNDBAAA@whowhere.com... There are a lot of users and equally a lot of passwords on the domain and it isn't very efficient to add every user to the Linux box. Is there a way to get around this. Have the Linux server communicate with the PDC or BDC since it is a member of the domain? Yes. You can use the add user script. Create a group for the users. You could use staff for example. groupadd staff Add the following line to the global section of your smb.conf file. add user script = useradd -c "Account from PDC" -s /bin/false \ -d /home/%u -m -n -g staff %u The commands do the following: useradd -c "Account from PDC". Adds a user to the Linux box and call it "Account from PDC". -s /bin/false \ Prevents the user from logging in locally. -d /home/%u -m Creates the user's home directory -n -g staff %u Adds the user to the staff group The commands may vary slightly from one distro to the next.
On Friday 07 November 2003 5:08 pm, anth jaz wrote:> I am trying to find an option to M$ file server under Linux. > Everything to this point is M$. Whether anybody goes for it or not, I > would like to put the option out there for choice. One of the > important necessities is that this doesn't become any more > complicated for the EU. As soon as you say Linux to the bosses they > think more complex for the user and the users have trouble enough > logging in to there computers. I am a Linux newbie trying to become > more efficient. At present, I am using RH9, Samba 3, and have > security = Domain and have joined the domain successfully. I have a > user joe created on the Linux/Samba server and when user joe logs > onto his Win2k computer on the NT domain he can access the Samba > share I have configured like this:Yes, you need to use winbind, which came with your samba distribution. Winbind add the domain users to the unix environment, so you don't need unix accounts for them to log in. Otherwise, you would need a file to map windows users to unix users.