2015-11-04 18:41 GMT+08:00 Rowland Penny <rowlandpenny241155 at gmail.com>:> On 04/11/15 10:28, Roger Wu wrote: > >> >> >> >> OK, you seem to be trying to set up a standalone server, you do >> realise that you will need to create your users on this as well as >> on the windows machines. >> >> >> yes, but I hope samba can use NIS authentication instead of using it's >> own database. >> Do I need to use smbpasswd to create user accounts again? It's against >> what I need... >> > > Well, as I don't know what you what, I can only advise on what I see, and > I see you trying to setup a standalone server. > > >> You might as well remove these lines, they are the defaults: >> >> security = USER >> passdb backend = tdbsam >> >> >> Don't I need to set the security level? >> > > You don't need them because they are the *default* settings. > > >> You might as well remove this line, it isn't needed on a >> standalone server: >> >> idmap config * : backend = tdb >> >> I didn't set these parameters. They are reported by testparm command. >> > > Don't post a smb.conf from testparm without saying so, this is probably > why you are getting the other two lines above, testparm shows *all* lines > in smb.conf, the ones you added *and* the default ones. > >> >> > I think you are going to have to tell us just what you are trying to > achieve. Also if your windows machines are part of a domain. > > Rowland > > Please pardon me for poor English. I tried to describe what I want asclear as I can. My goal is to make our users can access their own workstation account and personal files from windows XP/7. So, it seems to me that if I can setup a samba server and let users login from windows using NIS authentication, that would be perfect, then I don't need to create smb accounts again. The only thing a user needs to do is to explore the link such as \\testcad16\<user_account>, then one can access his own workstation account and files. In such case, how should I do to achieve my goal? I've been tried many samba versions, and each version seems to have mild difference while setting smb.conf. some parameters work and some don't for one version, but maybe stands in opposite for another. I am kind of confused which parameters are what I need. Here is my smb.conf (not from testparm), I removed comments and disabled lines. I did remove those lines you suggested, [global] workgroup = SMBTEST server string = Samba Server Version %v netbios name = testcad16 hosts allow = 127. 172.26. dns proxy = no load printers = yes cups options = raw [homes] comment = Home Directories browseable = no writable = yes ; valid users = %S ; valid users = MYDOMAIN\%S [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes and I tried some test as below [root at testcad16 samba]# /etc/init.d/sernet-samba-smbd start Starting SAMBA smbd : [ OK ] [root at testcad16 samba]# /etc/init.d/sernet-samba-nmbd start Starting SAMBA nmbd : [ OK ] [root at testcad16 samba]# service sernet-samba-smbd status Checking for SAMBA smbd : [ OK ] [root at testcad16 samba]# service sernet-samba-nmbd status Checking for SAMBA nmbd : [ OK ] [root at testcad16 samba]# smbclient -L //testcad16 Enter root's password: session setup failed: NT_STATUS_LOGON_FAILURE [root at testcad16 samba]# smbclient -d3 -L //testcad16 lp_load_ex: refreshing parameters Initialising global parameters rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[global]" added interface eth0 ip=172.26.85.211 bcast=172.26.87.255 netmask=255.255.248.0 Client started (version 4.2.5-SerNet-RedHat-19.el6). Enter root's password: Connecting to 172.26.85.211 at port 445 Doing spnego session setup (blob length=74) got OID=1.3.6.1.4.1.311.2.2.10 got principal=not_defined_in_RFC4178 at please_ignore Got challenge flags: Got NTLMSSP neg_flags=0x608a8215 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60088215 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60088215 SPNEGO login failed: Logon failure session setup failed: NT_STATUS_LOGON_FAILURE Regards, Roger> > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
On 04/11/15 11:33, Roger Wu wrote:> > > 2015-11-04 18:41 GMT+08:00 Rowland Penny <rowlandpenny241155 at gmail.com > <mailto:rowlandpenny241155 at gmail.com>>: > > On 04/11/15 10:28, Roger Wu wrote: > > > > > OK, you seem to be trying to set up a standalone server, > you do > realise that you will need to create your users on this as > well as > on the windows machines. > > > yes, but I hope samba can use NIS authentication instead of > using it's own database. > Do I need to use smbpasswd to create user accounts again? It's > against what I need... > > > Well, as I don't know what you what, I can only advise on what I > see, and I see you trying to setup a standalone server. > > > You might as well remove these lines, they are the defaults: > > security = USER > passdb backend = tdbsam > > > Don't I need to set the security level? > > > You don't need them because they are the *default* settings. > > > You might as well remove this line, it isn't needed on a > standalone server: > > idmap config * : backend = tdb > > I didn't set these parameters. They are reported by testparm > command. > > > Don't post a smb.conf from testparm without saying so, this is > probably why you are getting the other two lines above, testparm > shows *all* lines in smb.conf, the ones you added *and* the > default ones. > > > > I think you are going to have to tell us just what you are trying > to achieve. Also if your windows machines are part of a domain. > > Rowland > > Please pardon me for poor English. I tried to describe what I want as > clear as I can. > My goal is to make our users can access their own workstation account > and personal files from windows XP/7. > So, it seems to me that if I can setup a samba server and let users > login from windows using NIS authentication, > that would be perfect, then I don't need to create smb accounts again.OK, what you are trying to do is possible, but before we can help you, we need just a little more information. How many users and workstations do you have? Do you have any Unix Workstations? You should never apologise for poor English, I do not know what your language is, but I can guarantee I don't speak it, I only speak English :-) Rowland> The only thing a user needs to do is to explore the link such as > \\testcad16\<user_account>, then one can access his own > workstation account and files. > > In such case, how should I do to achieve my goal? > I've been tried many samba versions, and each version seems to have > mild difference while setting smb.conf. > some parameters work and some don't for one version, but maybe stands > in opposite for another. > I am kind of confused which parameters are what I need. > >
2015-11-04 19:43 GMT+08:00 Rowland Penny <rowlandpenny241155 at gmail.com>:> On 04/11/15 11:33, Roger Wu wrote: > >> >> >> 2015-11-04 18:41 GMT+08:00 Rowland Penny <rowlandpenny241155 at gmail.com >> <mailto:rowlandpenny241155 at gmail.com>>: >> >> >> On 04/11/15 10:28, Roger Wu wrote: >> >> >> >> >> OK, you seem to be trying to set up a standalone server, >> you do >> realise that you will need to create your users on this as >> well as >> on the windows machines. >> >> >> yes, but I hope samba can use NIS authentication instead of >> using it's own database. >> Do I need to use smbpasswd to create user accounts again? It's >> against what I need... >> >> >> Well, as I don't know what you what, I can only advise on what I >> see, and I see you trying to setup a standalone server. >> >> >> You might as well remove these lines, they are the defaults: >> >> security = USER >> passdb backend = tdbsam >> >> >> Don't I need to set the security level? >> >> >> You don't need them because they are the *default* settings. >> >> >> You might as well remove this line, it isn't needed on a >> standalone server: >> >> idmap config * : backend = tdb >> >> I didn't set these parameters. They are reported by testparm >> command. >> >> >> Don't post a smb.conf from testparm without saying so, this is >> probably why you are getting the other two lines above, testparm >> shows *all* lines in smb.conf, the ones you added *and* the >> default ones. >> >> >> >> I think you are going to have to tell us just what you are trying >> to achieve. Also if your windows machines are part of a domain. >> >> Rowland >> >> Please pardon me for poor English. I tried to describe what I want as >> clear as I can. >> My goal is to make our users can access their own workstation account and >> personal files from windows XP/7. >> So, it seems to me that if I can setup a samba server and let users login >> from windows using NIS authentication, >> that would be perfect, then I don't need to create smb accounts again. >> > > OK, what you are trying to do is possible, but before we can help you, we > need just a little more information. > How many users and workstations do you have? > Do you have any Unix Workstations? > > You should never apologise for poor English, I do not know what your > language is, but I can guarantee I don't speak it, I only speak English :-) > > RowlandThanks for your kindness. We do have Unix/Linux Workstations, I'm not really sure how many machines we have, maybe around 30 with different domains. But I believe only few persons need samba service, it will be less than 20. Does that matter? Roger> > > The only thing a user needs to do is to explore the link such as >> \\testcad16\<user_account>, then one can access his own >> workstation account and files. >> >> In such case, how should I do to achieve my goal? >> I've been tried many samba versions, and each version seems to have mild >> difference while setting smb.conf. >> some parameters work and some don't for one version, but maybe stands in >> opposite for another. >> I am kind of confused which parameters are what I need. >> >> >> > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >