Account management...newbie question

Scott McGillivray McGillivrayS at aadl.org
Tue Jan 4 15:30:33 GMT 2000 

I've had the Samba server join the domain and set security = domain.  I also
have named 3 domain controllers as security servers.  I guess what I'm
missing is how to get the Samba server to accept client connections from the
NT Domain without creating an account somewhere on the Linux machine.  I'm
sure it's something simple, but I don't know what it is.  Here's the config:

# Samba config file created using SWAT
# from XXX.XXX.XXX.XXX (XXX.XXX.XXX.XXX)
# Date: 2000/01/04 10:40:28

# Global parameters
[global]
	workgroup = AADL.ORG
	netbios name = LXTEST1
	netbios aliases = 
	server string = Samba 2.0.5
	interfaces = 
	bind interfaces only = No
	security = DOMAIN
	encrypt passwords = Yes
	update encrypted = No
	allow trusted domains = Yes
	hosts equiv = 
	min passwd length = 5
	map to guest = Never
	null passwords = Yes
	password server = STAFF, ADMIN, EXCHANGE
	smb passwd file = /etc/samba.d/smbpasswd
	root directory = /
	passwd program = /usr/bin/passwd
	passwd chat = *old*password* %o\n *new*password* %n\n *new*password*
%n\n *changed*
	passwd chat debug = No
	username map = 
	password level = 0
	username level = 0
	unix password sync = No
	restrict anonymous = No
	use rhosts = No
	log level = 1
	syslog = 1
	syslog only = No
	log file = 
	max log size = 5000
	timestamp logs = Yes
	protocol = NT1
	read bmpx = No
	read raw = Yes
	write raw = Yes
	nt smb support = Yes
	nt pipe support = Yes
	nt acl support = Yes
	announce version = 4.2
	announce as = NT
	max mux = 50
	max xmit = 65535
	name resolve order = lmhosts host wins bcast
	max packet = 65535
	max ttl = 259200
	max wins ttl = 518400
	min wins ttl = 21600
	time server = No
	change notify timeout = 60
	deadtime = 0
	getwd cache = Yes
	keepalive = 300
	lpq cache time = 10
	max disk size = 0
	max open files = 10000
	read prediction = No
	read size = 16384
	shared mem size = 1048576
	socket options = 
	stat cache size = 50
	load printers = No
	printcap name = /etc/printcap
	printer driver file = /etc/samba.d/printers.def
	strip dot = No
	character set = 
	mangled stack = 50
	coding system = 
	client code page = 850
	stat cache = Yes
	domain groups = 
	domain admin group = 
	domain guest group = 
	domain admin users = 
	domain guest users = 
	machine password timeout = 604800
	add user script = 
	delete user script = 
	logon script = 
	logon path = \\%N\%U\profile
	logon drive = 
	logon home = \\%N\%U
	domain logons = No
	os level = 0
	lm announce = Auto
	lm interval = 60
	preferred master = No
	local master = No
	domain master = No
	browse list = Yes
	dns proxy = Yes
	wins proxy = No
	wins server = 204.38.6.179
	wins support = No
	kernel oplocks = Yes
	ole locking compatibility = Yes
	oplock break wait time = 10
	smbrun = /usr/bin/smbrun
	config file = 
	preload = 
	lock dir = /var/lock/samba.d
	default service = 
	message command = 
	dfree command = 
	valid chars = 
	remote announce = 
	remote browse sync = 
	socket address = 0.0.0.0
	homedir map = 
	time offset = 0
	unix realname = No
	NIS homedir = No
	panic action = 
	comment = 
	path = 
	alternate permissions = No
	revalidate = No
	username = 
	guest account = nobody
	invalid users = 
	valid users = 
	admin users = 
	read list = 
	write list = 
	force user = 
	force group = 
	read only = Yes
	create mask = 0744
	force create mode = 00
	security mask = 037777777777
	force security mode = 037777777777
	directory mask = 0755
	force directory mode = 00
	directory security mask = 037777777777
	force directory security mode = 037777777777
	guest only = No
	guest ok = No
	only user = No
	hosts allow = 
	hosts deny = 
	status = Yes
	max connections = 0
	min print space = 0
	strict sync = No
	sync always = No
	print ok = No
	postscript = No
	printing = bsd
	print command = lpr -r -P%p %s
	lpq command = lpq -P%p
	lprm command = lprm -P%p %j
	lppause command = 
	lpresume command = 
	queuepause command = 
	queueresume command = 
	printer name = 
	printer driver = NULL
	printer driver location = 
	default case = lower
	case sensitive = No
	preserve case = Yes
	short preserve case = Yes
	mangle case = No
	mangling char = ~
	hide dot files = Yes
	delete veto files = No
	veto files = 
	hide files = 
	veto oplock files = 
	map system = No
	map hidden = No
	map archive = Yes
	mangled names = Yes
	mangled map = 
	browseable = Yes
	blocking locks = Yes
	fake oplocks = No
	locking = Yes
	mangle locks = Yes
	oplocks = Yes
	level2 oplocks = No
	oplock contention limit = 2
	strict locking = No
	share modes = Yes
	copy = 
	include = 
	exec = 
	postexec = 
	root preexec = 
	root postexec = 
	available = Yes
	volume = 
	fstype = NTFS
	set directory = No
	wide links = Yes
	follow symlinks = Yes
	dont descend = 
	magic script = 
	magic output = 
	delete readonly = No
	dos filetimes = No
	dos filetime resolution = No
	fake directory create times = No

Thanks again for the help,
Scott


-----Original Message-----
From: John J. LeMay Jr. [mailto:jlemay at njmc.com]
Sent: Tuesday, January 04, 2000 8:58 AM
To: Scott McGillivray
Cc: Multiple recipients of list SAMBA
Subject: Re: Account management...newbie question



I think what you want to do is set security=server and set the password
server to the name of your PDC or a local BDC (if your PDC is located at a
remote site). 

On Wed, 5 Jan 2000, Scott McGillivray wrote:

> Hi all,
> 
> I'm currently in the process of piloting a Samba server for file/print in
a
> Windoze NT network.  I'm using Samba 2.0.5 on Caldera OpenLinux 2.3  I've
> been managing Windows networks for quite a while, but Linux/Samba is new
to
> me.  
> 
> What I want to know is:  Other than making my Samba server a domain
> controller, is there a relatively easy way to import my existing user
> accounts (and administrative groups) from my NT network into my Linux box?
> I don't have a huge user base (only 300 or so) but don't relish the
thought
> of having to create all of those users again, twice if you count
smbpasswd.
> 
> 
> If possible, I'd like to use something that's either web-based or runs on
> the command line so I don't have to install X on the server.  I know that
> might not be possible, but I thought I'd ask... ;)
> 
> Since I'd want to use the Samba to serve users' home directories and
> departmental shares, this is kind of important.  I'd be willing to do the
> daily account administration if I could get an initial dump from NT, but
> would rather not have to make things so complicated.  
> 
> Any help at all would be...well, helpful.  Please feel free to email me if
> I've been unclear about this.
> 
> Thanks,
> Scott
> 
> ----------------------------
> Scott McGillivray
> Network Administrator
> Ann Arbor District Library
> mcgillivrays at aadl.org
>

More information about the samba mailing list