Hi all,
I installed SAMBA 4.8.3 on CentOS 7.6.1810 to be a domain controller and
shared directories. How do I configure it to require IP, username, and
password to access shared directories without having to inform the domain?
smb.conf file:
[global]
workgroup = T12
server string = Samba Server Version %v
netbios name = 165.8.104.12
interfaces = 165.8.104.12
hosts allow = 165.8.104. 127.0.0.1
log level = 2
log file = /var/log/samba/log.%m
max log size = 50
security = user
passdb backend = tdbsam
domain master = yes
domain logons = yes
logon script = %U.bat
logon path = \\165.8.104.12\Profiles\%U
logon drive = z:
add machine script = /usr/sbin/useradd -n -c "Workstation
(%u)" -M -d /nohome -s /bin/false "%u"
local master = yes
os level = 64
preferred master = yes
wins support = yes
load printers = yes
cups options = raw
create mask = 775
directory mask = 775
ntlm auth = yes[homes]
comment = Home Directories
path = /data/users/%u
browseable = no
writeable = yes[printers]
comment = All Printers
path = /var/spool/samba
browseable = No
guest ok = no
writeable = no
printable = Yes[netlogon]
comment = Network Logon Service
path = /data/users/netlogon
guest ok = yes
public = no
writable = no
browsable = no[Profiles]
comment = User Profiles
path = /data/users/Profiles
create mode = 0600
directory mode = 0700
writable = yes
browseable = no[public]
comment = Public Area
path = /data/public
public = yes
writable = yes
printable = no
On 23/05/2019 21:22, Rafael Lenharo via samba wrote:> Hi all, > > I installed SAMBA 4.8.3 on CentOS 7.6.1810 to be a domain controller and > shared directories. How do I configure it to require IP, username, and > password to access shared directories without having to inform the domain?If your OS wasn't Centos, I would say it would be easier to set up an AD domain instead, but unless you can find Samba RPMS that will provision an AD domain or are prepared to compile Samba yourself, then you are stuck with an NT4-Style PDC. Coming back to your problem, I think you mean that you want users to be able to access your Samba server without their computers joining the domain, if this is the case, then you might be better off running Samba as a standalone server.> > smb.conf file: > > [global] > workgroup = T12 > server string = Samba Server Version %v > netbios name = 165.8.104.12Is your computers short hostname really '165.8.104.12' ? It looks more like its ipaddress, you should be aware that you should have dots in the netbios name.> interfaces = 165.8.104.12 > hosts allow = 165.8.104. 127.0.0.1 > log level = 2 > log file = /var/log/samba/log.%m > max log size = 50 > security = user > passdb backend = tdbsam > domain master = yes > domain logons = yes > logon script = %U.bat > logon path = \\165.8.104.12\Profiles\%U > logon drive = z: > add machine script = /usr/sbin/useradd -n -c "Workstation > (%u)" -M -d /nohome -s /bin/false "%u" > local master = yes > os level = 64 > preferred master = yes > wins support = yes > load printers = yes > cups options = raw > create mask = 775 > directory mask = 775 > ntlm auth = yes> [homes] > comment = Home Directories > path = /data/users/%u > browseable = no > writeable = yes> [printers] > comment = All Printers > path = /var/spool/samba > browseable = No > guest ok = no > writeable = no > printable = Yes> [netlogon] > comment = Network Logon Service > path = /data/users/netlogon > guest ok = yes > public = noAre you aware that 'guest ok' is a synonym for 'public' and you are allowing guest access and then immediately turning it off ;-)> writable = no > browsable = no> [Profiles] > comment = User Profiles > path = /data/users/Profiles > create mode = 0600 > directory mode = 0700 > writable = yes > browseable = no> [public] > comment = Public Area > path = /data/public > public = yes > writable = yes > printable = noRowland
On 23/05/2019 21:44, Rowland penny via samba wrote:> On 23/05/2019 21:22, Rafael Lenharo via samba wrote: >> Hi all, >> >> I installed SAMBA 4.8.3 on CentOS 7.6.1810 to be a domain controller and >> shared directories. How do I configure it to require IP, username, and >> password to access shared directories without having to inform the >> domain? > > If your OS wasn't Centos, I would say it would be easier to set up an > AD domain instead, but unless you can find Samba RPMS that will > provision an AD domain or are prepared to compile Samba yourself, then > you are stuck with an NT4-Style PDC. > > Coming back to your problem, I think you mean that you want users to > be able to access your Samba server without their computers joining > the domain, if this is the case, then you might be better off running > Samba as a standalone server. > >> >> smb.conf file: >> >> [global] >> workgroup = T12 >> server string = Samba Server Version %v >> netbios name = 165.8.104.12 > Is your computers short hostname really '165.8.104.12' ? It looks more > like its ipaddress, you should be aware that you should have dots in > the netbios name.And of course that should be 'not have dots in the netbios name'>> interfaces = 165.8.104.12 >> hosts allow = 165.8.104. 127.0.0.1 >> log level = 2 >> log file = /var/log/samba/log.%m >> max log size = 50 >> security = user >> passdb backend = tdbsam >> domain master = yes >> domain logons = yes >> logon script = %U.bat >> logon path = \\165.8.104.12\Profiles\%U >> logon drive = z: >> add machine script = /usr/sbin/useradd -n -c "Workstation >> (%u)" -M -d /nohome -s /bin/false "%u" >> local master = yes >> os level = 64 >> preferred master = yes >> wins support = yes >> load printers = yes >> cups options = raw >> create mask = 775 >> directory mask = 775 >> ntlm auth = yes > >> [homes] >> comment = Home Directories >> path = /data/users/%u >> browseable = no >> writeable = yes > >> [printers] >> comment = All Printers >> path = /var/spool/samba >> browseable = No >> guest ok = no >> writeable = no >> printable = Yes > >> [netlogon] >> comment = Network Logon Service >> path = /data/users/netlogon >> guest ok = yes >> public = no > Are you aware that 'guest ok' is a synonym for 'public' and you are > allowing guest access and then immediately turning it off ;-) >> writable = no >> browsable = no > >> [Profiles] >> comment = User Profiles >> path = /data/users/Profiles >> create mode = 0600 >> directory mode = 0700 >> writable = yes >> browseable = no > >> [public] >> comment = Public Area >> path = /data/public >> public = yes >> writable = yes >> printable = no > > Rowland > >
On Thu, May 23, 2019 at 4:25 PM Rafael Lenharo via samba <samba at lists.samba.org> wrote:> > Hi all, > > I installed SAMBA 4.8.3 on CentOS 7.6.1810 to be a domain controller and > shared directories. How do I configure it to require IP, username, and > password to access shared directories without having to inform the domain?Distinguish between a file server, and a domain controller. You don't need to hand-build Samba to be a file server, you can use the built-in Samba and save yourself a lot of work. Define "inform the domain" Do you mean to make the shares available to everyone, with no authenticaiton? That is controllable in the "smb.conf" file. You'll need to define the directory you want to share, and there are many good descriptions of how to do this. That includes the smb.conf man pag, and it can even be set to allow "usersshares" to allow people to personally choose what to share. But you need to define what you want to share.> smb.conf file: > > [global] > workgroup = T12 > server string = Samba Server Version %v > netbios name = 165.8.104.12 > interfaces = 165.8.104.12 > hosts allow = 165.8.104. 127.0.0.1 > log level = 2 > log file = /var/log/samba/log.%m > max log size = 50 > security = user > passdb backend = tdbsam > domain master = yes > domain logons = yes > logon script = %U.bat > logon path = \\165.8.104.12\Profiles\%U > logon drive = z: > add machine script = /usr/sbin/useradd -n -c "Workstation > (%u)" -M -d /nohome -s /bin/false "%u" > local master = yes > os level = 64 > preferred master = yes > wins support = yes > load printers = yes > cups options = raw > create mask = 775 > directory mask = 775 > ntlm auth = yes[homes] > comment = Home Directories > path = /data/users/%u > browseable = no > writeable = yes[printers] > comment = All Printers > path = /var/spool/samba > browseable = No > guest ok = no > writeable = no > printable = Yes[netlogon] > comment = Network Logon Service > path = /data/users/netlogon > guest ok = yes > public = no > writable = no > browsable = no[Profiles] > comment = User Profiles > path = /data/users/Profiles > create mode = 0600 > directory mode = 0700 > writable = yes > browseable = no[public] > comment = Public Area > path = /data/public > public = yes > writable = yes > printable = no > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba