Amit Zvigoren
2006-May-24 05:02 UTC
[Samba] help needed: connecting with similar windows-unix usernames?
Hello all samba'ers I'm trying to configure samba for Windows (active-directory) authentication, with every Windows-user having a similar unix username. I've created the users in both sides but I couldn't configure the smb.conf file (either with or without SWAT) to make it work. I'm using XP clients with a Win2K3 as the domain server and Solaris 9 as the samba server. Everything works fine when I use the 'security = share' option so I believe the physical connection is ok. 1. Do I actually need to use 'security = user', or should I use 'security = server"? 2. I've created the smbpasswd(5) file and edited it with smbpasswd(8), and synchronized users+passwords with the relevant ones at /etc/passwd and /etc/shadow. Do I actually need the smbpasswd(5)? 3. Is it feasible without using winbind? 4. Does any of you have some smb.conf sample for connecting using similar windows-unix usernames? 5. Do I need to use the 'username map' option even if the usernames are similar? Here is a part of the [global] section at my smb.conf, each line suffiixed (here, not actually in the file itself) with my description: [global] workgroup = GIS ' windows workgroup to 'contain' the samba server null passwords = yes ' preferred, not a must valid users = minhal, +pcgis ' pcgis is a group on unix. am I right? or does this parameter meant to be for windows groups? write list = minhal ' this user should have write-permission on shared directories regardless of their mode Here is another section of my smb.conf for defining a samba share: [home1] path = /home1 read only = no guest ok = yes ' not necessary, just for the test Now what am I missing? what have I done wrong? Thanks and regards, Amit Zvigoren Systematics Technologies
Gary Dale
2006-May-24 11:42 UTC
[Samba] help needed: connecting with similar windows-unix usernames?
You need to establish your Solaris box as a member server in the W2K3 domain. SWAT has a wizard for that which will create the appropriate smb.conf. When you do this, the W2K3 domain controller will be used for authentication. The accounts and/or groups need to map between the two boxes. Your Solaris box works using Unix priviliges at the file level. Therefore your Windows users need to be in appropriate Unix groups to access the shares. A simple way of handling this is to ensure that "Domain Users" maps to a local Unix such as "pcgis" (if that is a local group) that has access to the shares. Amit Zvigoren wrote:>Hello all samba'ers > > >I'm trying to configure samba for Windows (active-directory) >authentication, with every Windows-user having a similar unix username. >I've created the users in both sides but I couldn't configure the >smb.conf file (either with or without SWAT) to make it work. > >I'm using XP clients with a Win2K3 as the domain server and Solaris 9 as >the samba server. > >Everything works fine when I use the 'security = share' option so I >believe the physical connection is ok. > > >1. Do I actually need to use 'security = user', or should I use >'security = server"? >2. I've created the smbpasswd(5) file and edited it with smbpasswd(8), >and synchronized users+passwords with the relevant ones at /etc/passwd >and /etc/shadow. Do I actually need the smbpasswd(5)? >3. Is it feasible without using winbind? >4. Does any of you have some smb.conf sample for connecting using >similar windows-unix usernames? >5. Do I need to use the 'username map' option even if the usernames are >similar? > > >Here is a part of the [global] section at my smb.conf, each line >suffiixed (here, not actually in the file itself) with my description: >[global] >workgroup = GIS ' windows workgroup to 'contain' the >samba server >null passwords = yes ' preferred, not a must >valid users = minhal, +pcgis ' pcgis is a group on unix. am I right? >or does this parameter meant to be for windows groups? >write list = minhal ' this user should have >write-permission on shared directories regardless of their mode > >Here is another section of my smb.conf for defining a samba share: >[home1] >path = /home1 >read only = no >guest ok = yes ' not necessary, just for the test > > >Now what am I missing? what have I done wrong? > > > >Thanks and regards, > >Amit Zvigoren >Systematics Technologies > > >