Chunduru, Krishnachaithanya
2017-Jul-02 14:19 UTC
[Samba] Authentication issues with Samba 4.3.8
Hi Rowland, Sorry I missed your previous mail. Our servers are not having any ldap or AD for authentication. It is using tdbsam option as password database, and yes all the users and groups are stored locally in the /etc/passwd and /etc/group. I will try removing the "encrypt password = no". Below is the whole old smb.conf file. bash-4.2$ cat /usr/local/samba/lib/smb.conf [global] server string = Samba on AIX encrypt passwords = No passdb backend = tdbsam log file = /var/log/samba/%m.log log level = 2 max log size = 1000 preferred master = No local master = No domain master = No dns proxy = No wins server = XXXXXX hosts allow = XXXXXX [printers] comment = All Printers path = /usr/spool/samba printable = Yes browseable = No [tmp] comment = Temporary file space path = /tmp read only = No Thank you for the help !! Regards, Krishna -----Original Message----- From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Rowland Penny via samba Sent: Friday, June 30, 2017 1:52 PM To: samba at lists.samba.org Subject: Re: [Samba] Authentication issues with Samba 4.3.8 On Fri, 30 Jun 2017 12:41:13 +0530 "Chunduru, Krishnachaithanya" <Krishnachaithanya.Chunduru at broadridge.com> wrote:> Hi All, > > Can someone kindly help on my issue. I'm almost stuck and couldn't > proceed further on my samba migration project. >OK, way back when you started posting about this issue, you posted his as your smb.conf: [global] workgroup = XXXX server string = XXXXXXX encrypt passwords = no passdb backend = tdbsam log file = /var/log/samba/%m.log log level = 2 max log size = 1000 preferred master = no local master = no domain master = no domain logons = no dns proxy = no wins server = X.X.X.X, X.X.X.X hosts allow = 10., 149.83., 127. Andrew advised you to remove 'encrypt passwords = no' Before we go any further, can you tell us if this Samba machine is a domain member, if so, what sort of domain, NT4-style or AD If it isn't a domain member, is LDAP involved in any way, or are your users/groups just stored in /etc/passwd and /etc/group. Please reply to the mailing list, not directly to me. Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system.
On Sun, 2 Jul 2017 19:49:12 +0530 "Chunduru, Krishnachaithanya via samba" <samba at lists.samba.org> wrote:> Hi Rowland, > > Sorry I missed your previous mail. > > Our servers are not having any ldap or AD for authentication. It is > using tdbsam option as password database, and yes all the users and > groups are stored locally in the /etc/passwd and /etc/group. >OK, what you seem to be trying to set up is a standalone server with only passworded user access. Can I suggest you alter smb.conf to this: [global] # Change 'WORKGROUP' below to whatever # you want your workgroup to be called. workgroup = WORKGROUP server string = Samba on AIX log file = /var/log/samba/%m.log log level = 2 max log size = 1000 [printers] comment = All Printers path = /usr/spool/samba printable = Yes browseable = No [tmp] comment = Temporary file space path = /tmp read only = No Your users will need to exist in /etc/passwd and also be Samba users, you can do this by running (as root): smbpasswd -a USERNAME You will be asked for a password for the user (twice) and then the user will be added to Samba's database You will also need to run (again as root): smbpasswd -e USERNAME You can find more info on this here: https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Server You do not need to run winbind on a standalone server, only 'smbd' & 'nmbd' Any user that needs to connect to the shares, will need to be both a Unix and Samba user on the standalone server, they will also have to use the Samba users password. Rowland
Chunduru, Krishnachaithanya
2017-Jul-03 16:27 UTC
[Samba] Authentication issues with Samba 4.3.8
Hi Rowland, Thanks for the help. Could you please let me know what would be the passwd database if I update my smb.conf. I have created the user locally and in samba using the steps given by you. And it seems it's working fine. The authentication is successful, but I was wondering why it was working in earlier version without adding user in samba database. I'm having around 100+ users/share and the authentication is share level, do I need to add all the users again in the samba database ? can you please comment on these as well. Thank you. Regards, Krishna -----Original Message----- From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Rowland Penny via samba Sent: Sunday, July 02, 2017 8:33 PM To: samba at lists.samba.org Subject: Re: [Samba] Authentication issues with Samba 4.3.8 On Sun, 2 Jul 2017 19:49:12 +0530 "Chunduru, Krishnachaithanya via samba" <samba at lists.samba.org> wrote:> Hi Rowland, > > Sorry I missed your previous mail. > > Our servers are not having any ldap or AD for authentication. It is > using tdbsam option as password database, and yes all the users and > groups are stored locally in the /etc/passwd and /etc/group. >OK, what you seem to be trying to set up is a standalone server with only passworded user access. Can I suggest you alter smb.conf to this: [global] # Change 'WORKGROUP' below to whatever # you want your workgroup to be called. workgroup = WORKGROUP server string = Samba on AIX log file = /var/log/samba/%m.log log level = 2 max log size = 1000 [printers] comment = All Printers path = /usr/spool/samba printable = Yes browseable = No [tmp] comment = Temporary file space path = /tmp read only = No Your users will need to exist in /etc/passwd and also be Samba users, you can do this by running (as root): smbpasswd -a USERNAME You will be asked for a password for the user (twice) and then the user will be added to Samba's database You will also need to run (again as root): smbpasswd -e USERNAME You can find more info on this here: https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Server You do not need to run winbind on a standalone server, only 'smbd' & 'nmbd' Any user that needs to connect to the shares, will need to be both a Unix and Samba user on the standalone server, they will also have to use the Samba users password. Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system.