Chunduru, Krishnachaithanya
2017-Jul-03 16:27 UTC
[Samba] Authentication issues with Samba 4.3.8
Hi Rowland, Thanks for the help. Could you please let me know what would be the passwd database if I update my smb.conf. I have created the user locally and in samba using the steps given by you. And it seems it's working fine. The authentication is successful, but I was wondering why it was working in earlier version without adding user in samba database. I'm having around 100+ users/share and the authentication is share level, do I need to add all the users again in the samba database ? can you please comment on these as well. Thank you. Regards, Krishna -----Original Message----- From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Rowland Penny via samba Sent: Sunday, July 02, 2017 8:33 PM To: samba at lists.samba.org Subject: Re: [Samba] Authentication issues with Samba 4.3.8 On Sun, 2 Jul 2017 19:49:12 +0530 "Chunduru, Krishnachaithanya via samba" <samba at lists.samba.org> wrote:> Hi Rowland, > > Sorry I missed your previous mail. > > Our servers are not having any ldap or AD for authentication. It is > using tdbsam option as password database, and yes all the users and > groups are stored locally in the /etc/passwd and /etc/group. >OK, what you seem to be trying to set up is a standalone server with only passworded user access. Can I suggest you alter smb.conf to this: [global] # Change 'WORKGROUP' below to whatever # you want your workgroup to be called. workgroup = WORKGROUP server string = Samba on AIX log file = /var/log/samba/%m.log log level = 2 max log size = 1000 [printers] comment = All Printers path = /usr/spool/samba printable = Yes browseable = No [tmp] comment = Temporary file space path = /tmp read only = No Your users will need to exist in /etc/passwd and also be Samba users, you can do this by running (as root): smbpasswd -a USERNAME You will be asked for a password for the user (twice) and then the user will be added to Samba's database You will also need to run (again as root): smbpasswd -e USERNAME You can find more info on this here: https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Server You do not need to run winbind on a standalone server, only 'smbd' & 'nmbd' Any user that needs to connect to the shares, will need to be both a Unix and Samba user on the standalone server, they will also have to use the Samba users password. Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system.
On Mon, 3 Jul 2017 21:57:12 +0530 "Chunduru, Krishnachaithanya" <Krishnachaithanya.Chunduru at broadridge.com> wrote:> Hi Rowland, > > Thanks for the help. > > Could you please let me know what would be the passwd database if I > update my smb.conf.You will be using tdbsam> > I have created the user locally and in samba using the steps given by > you. And it seems it's working fine.Good> > The authentication is successful, but I was wondering why it was > working in earlier version without adding user in samba database.Not really sure, possibly all your users were being treated as guest users, but I don't really know, mostly because you were using such an old version.> > I'm having around 100+ users/share and the authentication is share > level, do I need to add all the users again in the samba database ? > can you please comment on these as well. Thank you.Yes, you will probably have to add your users, but where are they authenticating from ? Rowland
On Mon, 3 Jul 2017 22:38:49 +0530 "Chunduru, Krishnachaithanya" <Krishnachaithanya.Chunduru at broadridge.com> wrote:> Hi, > > All the users are created locally.Do you mean just on the Samba standalone server or on the windows machines as well ?> > Samba share users are not having a shell to modify anything. They can > just login via the windows machines. >Are the windows machines part of a workgroup or a domain ? Rowland
Chunduru, Krishnachaithanya
2017-Jul-04 08:55 UTC
[Samba] Authentication issues with Samba 4.3.8
Hi, The users are created locally, each user have their own workstation. The workstation id and the unix id are different. Users will try to access the share with the unix local account only. All the VM's are part of domain, so users will first login to their stations using domain id and then will access the share using unix local id. Thank you. Regards, Krishna -----Original Message----- From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Rowland Penny via samba Sent: Monday, July 03, 2017 10:49 PM To: samba at lists.samba.org Subject: Re: [Samba] Authentication issues with Samba 4.3.8 On Mon, 3 Jul 2017 22:38:49 +0530 "Chunduru, Krishnachaithanya" <Krishnachaithanya.Chunduru at broadridge.com> wrote:> Hi, > > All the users are created locally.Do you mean just on the Samba standalone server or on the windows machines as well ?> > Samba share users are not having a shell to modify anything. They can > just login via the windows machines. >Are the windows machines part of a workgroup or a domain ? Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system.