Users can map shares without password in domain-security mode
Jeffry Smith
smith at mclinux.com
Tue Sep 19 18:16:44 GMT 2000
What software are you using to do the clustering? You need to make
certain in clustering that the clustered machines have an identical
view of things (this includes users). The best way to do this is
to ensure that the path to samba's password & lock files is on
the shared storage. Also, how do you have
the [homes] section of smb.conf set up? Are you using the %U (if they
don't have a unix account)?
On Tue, 19 Sep 2000, Seip Christian wrote:
> Date: Tue, 19 Sep 2000 09:43:40 +0200
> From: Seip Christian <cseip at sr-online.de>
> To: "'samba at lists.samba.org'" <samba at us4.samba.org>
> Subject: Users can map shares without password in domain-security mode
>
> Hi!
>
> I've got this setup:
>
> My Samba 2.0.7 is clustered by two nodes with RedHat Linux 6.2 and kernel
> 2.2.16 and a SCSI-RAID as a shared storage. The Samba-server is a member of
> domain (add in NT-Server-Manager followed by "smbpasswd -j DOM -r PDC) and
> creates its user accounts on the fly with an add user script. This is
> necessary because only one node is active at a time and the other one serves
> as a stand-by. The active node has the shared storage mounted. All users
> have their homes on the shares storage. When a failover happens and the
> stand-by node takes over the samba-service, the stand-by node mounts the
> storage. The users can't be synchronized between those two nodes but that
> doesn't matter because they're created when they're needed.
>
> Now I have two probs:
>
> 1. Samba authenticates the users against the PDC, so as far as I have
> unterstood the concept, there sohould only be a linux user necessary and not
> an user in the smbpasswd. But without an entry in the smbpasswd I can't map
> any share. Yep, security-mode is domain and it works. But only with "useradd
> %u; smbpasswd -a -n %u".
>
> 2. The user-homes on the shared storage are owned by root because I don't
> need a local login for any user. This samba-server is really only a
> file-server. No remote logins. Since the user list between the two
> clusternodes are not synchronized, the user-homes can't be owned by the
> users because of different UIDs. If on node A user testuser1 has UID 500 and
> on node B user testuser2 UID 500, there will be a problem with the file and
> directory permissions depending on which node the shared storage is mounted.
> So create mask and directory mask is 777. Now my question: Why can other
> users map my home-share (defined by the [homes]-section in smb.conf) without
> being asked for a password?
>
> Any suggestions? Thanks in advance and sorry for the long explanation.
>
> Best regards,
>
> Christian
>
>
------------------------------------------------------------------------
Jeffry Smith Technical Sales Consultant Mission Critical Linux
smith at missioncriticallinux.com phone:603.930.9739 fax:978.446.9470
------------------------------------------------------------------------
Thought for today: hot chat n.
Sexually explicit one-on-one chat. See
teledildonics.
More information about the samba
mailing list