security level flag...
Stephen L Arnold
sarnold at coyote.rain.org
Sat Jul 24 21:40:41 GMT 1999
On 24 Jul 99, "Fabio Iovine" <f_iovine at hotmail.com> had questions
about security level flag...:
> Hi all,
> I'm referring to Giulio Orsero's and Steve Arnold's mails replying to my
> previous mail concerning the same subject...
>
> First of all, the environment I'm workin' on is AIX 4.2.5 + Samba
> 1.9.18p10 + Win 95 Clients...
[snip]
My environment is RH4.2(kernel 2.0.30)/samba 1.9.19p8 with
plaintext passwords, and RH5.2(kernel 2.0.36)/samba 1.9.18p10 with
encrypted passwords (using both shadow passwords and the SRP
exponential password suite). I will describe the latter. Home
ethernet, private class C address space, main samba machine (above)
is also ip-masq gateway, DNS, proxy, web, and WINS server. for a
handful of win95(OSR2) and linux clients. All names have been
scrubbed to protect the innocent.
Snippets from smb.conf:
[global]
hosts allow = 192.168.0. 127.
guest account = ftp
security = user
encrypt passwords = yes
smb passwd file = /etc/smbpasswd
username map = /etc/smbusers
socket options = TCP_NODELAY
interfaces = 192.168.0.2/24
#(this interface is actually eth1)
local master = yes
os level = 33
domain master = yes
preferred master = yes
name resolve order = wins lmhosts bcast
wins support = yes
preserve case = no
short preserve case = no
; default case = lower
; case sensitive = no
#===== Share Definitions ==============================
[homes]
comment = Home Directories
browseable = no
writable = yes
[temp]
comment = Temporary file space
path = /home/tmp
public = yes
browseable = yes
writable = yes
create mask = 664
printable = no
# A publicly accessible directory, but read only, except
# for me
[public]
comment = Public Stuff
path = /home/samba
public = yes
writable = yes
printable = no
write list = sjones
The permissions of the last two shares are:
drwxr-xr-x 3 root nobody 1024 Nov 16 1998 samba
drwxrwxr-x 3 root users 2048 May 23 16:53 tmp
The win95 NetBIOS names (and hostnames) are the same as their linux
partition hostnames (eg, sneezy, doc, grumpy, etc). The win95 side
is set to M$ Network Client as default login, and browse master
disabled. The TCP/IP properties point to the main linux/samba box
for WINS, gateway, and DNS (along with my ISP's DNS machines). A
also use my ISP's domain both internally and externally. We use
our personal accounts on the main server to login to windoze from
any machine by mapping user names. Both smbpasswd and shadow have
the same set of usernames and passwords (of course, the smbpasswds
use a different hash).
/etc/smbusers:
root = administrator admin
ftp = guest
mjones = doc sneezy
sjones = doc sneezy
where mjones and sjones are the user accounts on the linux/samba
host, and doc and sneezy are the NetBIOS names of the win95 clients
(the computer name in Network Properties/Identification). They are
the hostnames in TCP/IP properties, as well as the linux hostname
when they boot the other way. All machines have hosts files with
local name-ip mappings (for both OS's), and the samba WINS server
has an lmhosts file too. And all win95 clients have all the system
updates. I even have a friend's win98 machine on the net right
now, and it works fine too.
I believe this setup works the way you describe what you want. If
you can't login from any machine with the above configuration, then
something else is hosed up, either your network setup, your
clients, hardware, name resolution, etc.
> Any "detailed" suggestion?
Other than AIX goofiness, I think that should do it.
Steve
*************************************************************
Steve Arnold sarnold at earthling.net
http://www.rain.org/~sarnold
This message composed of 100% recycled electrons. You should
also recycle yourself. Become an organ donor. Discuss it with
your family. Do it today. :-)
More information about the samba
mailing list