Example ConfigurationSamba as a Domain Member Server
This method involves addition of the following parameters in the=20
smb.conf file:
security =3d domainworkgroup =3d MIDEARTH
In order for this method to work, the Samba server needs to join the=20
MS Windows NT security domain. This is done as follows:
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ServerType.html#id2559628
Use of this mode of authentication requires there to be a standard=20
UNIX account for each user in order to assign a UID once the account=20
has been authenticated by the Windows domain controller. This account=20
can be blocked to prevent logons by clients other than MS Windows=20
through means such as setting an invalid shell in the /etc/passwd=20
entry. The best way to allocate an invalid shell to a user account is=20
to set the shell to the file /bin/false. Domain controllers can be=20
located anywhere that is convenient. The best advice is to have a BDC=20
on every physical network segment, and if the PDC is on a remote=20
network segment the use of WINS (see Network Browsing for more=20
information) is almost essential.
An alternative to assigning UIDs to Windows users on a Samba member=20
server is presented in Winbind, Winbind: Use of Domain Accounts.
Also see:
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html#domain-member-server
>
>
> map to guest =3d Bad User
> syslog =3d 0
> log file =3d /var/log/samba/log.%m
> max log size =3d 1000
> dns proxy =3d No
> wins server =3d density.aarcane.info
> usershare allow guests =3d Yes
> panic action =3d /usr/share/samba/panic-action %d
>
> [videos]
> comment =3d Rebirth local Videos
> path =3d /media/local/videos
> write list =3d @rebirth
> force group =3d videos
> create mask =3d 0664
> force create mode =3d 0664
> directory mask =3d 0775
> force directory mode =3d 0775
>
> [music]
> comment =3d Rebirth local Music
> path =3d /media/local/music
> write list =3d @rebirth
> force group =3d music
> create mask =3d 0664
> force create mode =3d 0664
> directory mask =3d 0775
> force directory mode =3d 0775
>
> The server is not honoring domain accounts (the PDC honors domain
> accounts and shows owners/groups as domain users without issue), but
> this one is saying "Unknown username or bad password" when trying
to
> browse to it, and when you specify your domain username and password
> manually in the prompt, it shows files and groups as REBIRTH/username=20
> or
> UNIX-GROUP/groupname instead of as domain users and groups.
>
> below I've stopped the server, cleared out the old log files, and
> restarted smbd (and nmbd) and double-clicked on rebirth in the windows=20
> 7
> network pane.
>
> ikari (10.0.0.241) is the client I'm using.
>
> aarcane at rebirth:/var/log/samba$ ls
> cores log.10.0.0.241 log.ikari log.nmbd log.smbd
> aarcane at rebirth:/var/log/samba$ cat log.10.0.0.241
> aarcane at rebirth:/var/log/samba$ cat log.ikari
> [2010/12/29 16:04:30.647903, 0]=20
> lib/util_sock.c:474(read_fd_with_timeout)
> [2010/12/29 16:04:30.648046, 0]
> lib/util_sock.c:1432(get_peer_addr_internal)
> getpeername failed. Error was Transport endpoint is not connected
> read_fd_with_timeout: client 0.0.0.0 read error =3d Connection=20
> reset by
> peer.
> aarcane at rebirth:/var/log/samba$ cat log.nmbd
> [2010/12/29 16:03:44, 0] nmbd/nmbd.c:857(main)
> nmbd version 3.5.4 started.
> Copyright Andrew Tridgell and the Samba Team 1992-2010
> aarcane at rebirth:/var/log/samba$ cat log.smbd
> [2010/12/29 16:03:41, 0] smbd/server.c:1123(main)
> smbd version 3.5.4 started.
> Copyright Andrew Tridgell and the Samba Team 1992-2010
> [2010/12/29 16:03:41.923307, 0]=20
> printing/print_cups.c:108(cups_connect)
> Unable to connect to CUPS server localhost:631 - Connection=20
> refused
> [2010/12/29 16:03:41.928781, 0]=20
> printing/print_cups.c:108(cups_connect)
> Unable to connect to CUPS server localhost:631 - Connection=20
> refused
> [2010/12/29 16:03:41.929413, 0] smbd/server.c:1169(main)
> standard input is not a socket, assuming -D option
> aarcane at rebirth:/var/log/samba$
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba