Users can map shares without password in domain-security mode
Seip Christian
cseip at sr-online.de
Wed Sep 20 06:46:37 GMT 2000
Hi!
> What software are you using to do the clustering?
It's the Wizard software Watchdog in the light version. Wizard is a german
company and has been renamed to AppTime recently.
> You need to make certain in clustering that the clustered machines
have an identical
> view of things (this includes users).
That's what I'm trying to do and it works. But with the unix users I can't
guarantee this without additional efforts to keep the user lists
synchronized. That's the reason why I use the "add user script" feature.
Samba creates every user that does not yet exist by itself. That works too.
> The best way to do this is
> to ensure that the path to samba's password & lock files is on
> the shared storage. Also, how do you have
It shouldn't be a problem to put the smbpasswd on the shared storage. That
could work, I'll try this today. That does not interfere with generating all
users on the fly. Putting the /etc/passwd on the shared storage is a bad
idea. :-) So I think I have to live with the user homes owned by root
because of different UIDs on the clusternodes for the same user account.
Hey, I like your idea with putting that stuff on the storage. So I can put
the whole private-dir on the storage and have to add only one of the nodes
to the domain. I tried to solve my problem with "smbpasswd -j DOM -r PDC"
all the time because I have to add two machines to the domain with the same
netbios name and a different MAC-address.
Yes, I do a IP-address-takeover but no, I don't do a MAC-address-takeover. A
MAC-address-takeover delays the failover a few more seconds because the
switch has to learn that a MAC-address now appears on a different port. I
can live with a IP-only-takeover and it seems to work too.
BTW: I don't think I have to put the lock files on the shared storage
because there's only one clusternode running smbd at a time. This is managed
by the Watchdog. Since I have an asymmetric cluster configuration the second
node is only a stand-by-node. No load-balancing.
> the [homes] section of smb.conf set up? Are you using the %U (if
they
> don't have a unix account)?
Hmmm, here's an excerpt of my smb.conf:
-------------------------------------- schnipp
--------------------------------------
# Global parameters
[global]
workgroup = SR
netbios name = SMB
interfaces = 192.168.1.77/255.255.255.0
security = DOMAIN
encrypt passwords = Yes
password server = DVDC02
name resolve order = wins lmhosts bcast host
wins server = 192.168.1.2
create mask = 0777
directory mask = 0777
character set = ISO8859-1
local master = no
domain master = no
browseable = No
nt acl support = true
add user script = /usr/sbin/smb_useradd.pl %u
# null passwords = true
mangle case = yes
[homes]
comment = Home-Verzeichnis %u
writeable = yes
browseable = No
guest ok = no
[public]
path = /shares/public
read only = No
browseable = Yes
guest ok = Yes
[pub]
path = /home/public
read only = No
browseable = Yes
guest ok = yes
-------------------------------------- schnipp
--------------------------------------
I tried an additional "valid users = %u" in the [homes]-section, too. But
that didn't work either. Argh, that can't work. I see that now. Stupid idea.
:-)
Maybe this could work but I don't think so because it does the same what the
[homes]-section does as far as I see:
-------------------------------------- schnipp
--------------------------------------
[%u]
path = /shares/home/%u
read only = No
browseable = Yes
guest ok = Yes
valid users = %u
-------------------------------------- schnipp
--------------------------------------
I've got another samba-server from which I have copied the smb.conf and
which authenticates the users against the same PDC. On the other server
everything works, here on my machine it doesn't.
Here's basically what my smb_useradd.pl does, not exactly in perl code but
understandable I hope.
-------------------------------------- schnipp
--------------------------------------
/usr/sbin/useradd -c "created by smb_useradd.pl" -d /shares/home/%u -s
"/bin/false" %u
chmod 777 /shares/home/%u
chown root.root /shares/home/%u
-------------------------------------- schnipp
--------------------------------------
My smb_useradd.pl is a modified version of the script posted by Randy
O'Meara to the list here in April 1999.
Thanks for taking the time and having a look.
Best regards,
Christian
More information about the samba
mailing list