Users can map shares without password in domain-security mode

Seip Christian cseip at sr-online.de
Wed Sep 20 06:46:37 GMT 2000


Hi!

	> What software are you using to do the clustering? 

It's the Wizard software Watchdog in the light version. Wizard is a german
company and has been renamed to AppTime recently.

	> You need to make certain in clustering that the clustered machines
have an identical
	> view of things (this includes users).

That's what I'm trying to do and it works. But with the unix users I can't
guarantee this without additional efforts to keep the user lists
synchronized. That's the reason why I use the "add user script" feature.
Samba creates every user that does not yet exist by itself. That works too.

	> The best way to do this is 
	> to ensure that the path to samba's password & lock files is on
	> the shared storage.  Also, how do you have

It shouldn't be a problem to put the smbpasswd on the shared storage. That
could work, I'll try this today. That does not interfere with generating all
users on the fly. Putting the /etc/passwd on the shared storage is a bad
idea. :-) So I think I have to live with the user homes owned by root
because of different UIDs on the clusternodes for the same user account.
Hey, I like your idea with putting that stuff on the storage. So I can put
the whole private-dir on the storage and have to add only one of the nodes
to the domain. I tried to solve my problem with "smbpasswd -j DOM -r PDC"
all the time because I have to add two machines to the domain with the same
netbios name and a different MAC-address.

Yes, I do a IP-address-takeover but no, I don't do a MAC-address-takeover. A
MAC-address-takeover delays the failover a few more seconds because the
switch has to learn that a MAC-address now appears on a different port. I
can live with a IP-only-takeover and it seems to work too.

BTW: I don't think I have to put the lock files on the shared storage
because there's only one clusternode running smbd at a time. This is managed
by the Watchdog. Since I have an asymmetric cluster configuration the second
node is only a stand-by-node. No load-balancing.

	> the [homes] section of smb.conf set up?  Are you using the %U (if
they
	> don't have a unix account)? 

Hmmm, here's an excerpt of my smb.conf:

-------------------------------------- schnipp
--------------------------------------

# Global parameters
[global]
        workgroup = SR
        netbios name = SMB
        interfaces = 192.168.1.77/255.255.255.0
        security = DOMAIN
        encrypt passwords = Yes
        password server = DVDC02
        name resolve order = wins lmhosts bcast host
        wins server = 192.168.1.2
        create mask = 0777
        directory mask = 0777
        character set = ISO8859-1
        local master = no
        domain master = no

        browseable = No
        nt acl support = true
        add user script = /usr/sbin/smb_useradd.pl %u
#       null passwords = true
        mangle case = yes

[homes]
        comment = Home-Verzeichnis %u
        writeable = yes
        browseable = No
        guest ok = no

[public] 
        path = /shares/public
        read only = No
        browseable = Yes
        guest ok = Yes

[pub]
        path = /home/public
        read only = No
        browseable = Yes
        guest ok = yes

-------------------------------------- schnipp
--------------------------------------

I tried an additional "valid users = %u" in the [homes]-section, too. But
that didn't work either. Argh, that can't work. I see that now. Stupid idea.
:-)

Maybe this could work but I don't think so because it does the same what the
[homes]-section does as far as I see:

-------------------------------------- schnipp
--------------------------------------

[%u] 
        path = /shares/home/%u
        read only = No
        browseable = Yes
        guest ok = Yes
        valid users = %u

-------------------------------------- schnipp
--------------------------------------

I've got another samba-server from which I have copied the smb.conf and
which authenticates the users against the same PDC. On the other server
everything works, here on my machine it doesn't.

Here's basically what my smb_useradd.pl does, not exactly in perl code but
understandable I hope.

-------------------------------------- schnipp
--------------------------------------

/usr/sbin/useradd -c "created by smb_useradd.pl" -d /shares/home/%u -s
"/bin/false" %u
chmod 777 /shares/home/%u
chown root.root /shares/home/%u

-------------------------------------- schnipp
--------------------------------------

My smb_useradd.pl is a modified version of the script posted by Randy
O'Meara to the list here in April 1999.

Thanks for taking the time and having a look.

Best regards,

Christian






More information about the samba mailing list