Users can map shares without password in domain-security mode

Seip Christian cseip at
Wed Sep 20 06:46:37 GMT 2000


	> What software are you using to do the clustering? 

It's the Wizard software Watchdog in the light version. Wizard is a german
company and has been renamed to AppTime recently.

	> You need to make certain in clustering that the clustered machines
have an identical
	> view of things (this includes users).

That's what I'm trying to do and it works. But with the unix users I can't
guarantee this without additional efforts to keep the user lists
synchronized. That's the reason why I use the "add user script" feature.
Samba creates every user that does not yet exist by itself. That works too.

	> The best way to do this is 
	> to ensure that the path to samba's password & lock files is on
	> the shared storage.  Also, how do you have

It shouldn't be a problem to put the smbpasswd on the shared storage. That
could work, I'll try this today. That does not interfere with generating all
users on the fly. Putting the /etc/passwd on the shared storage is a bad
idea. :-) So I think I have to live with the user homes owned by root
because of different UIDs on the clusternodes for the same user account.
Hey, I like your idea with putting that stuff on the storage. So I can put
the whole private-dir on the storage and have to add only one of the nodes
to the domain. I tried to solve my problem with "smbpasswd -j DOM -r PDC"
all the time because I have to add two machines to the domain with the same
netbios name and a different MAC-address.

Yes, I do a IP-address-takeover but no, I don't do a MAC-address-takeover. A
MAC-address-takeover delays the failover a few more seconds because the
switch has to learn that a MAC-address now appears on a different port. I
can live with a IP-only-takeover and it seems to work too.

BTW: I don't think I have to put the lock files on the shared storage
because there's only one clusternode running smbd at a time. This is managed
by the Watchdog. Since I have an asymmetric cluster configuration the second
node is only a stand-by-node. No load-balancing.

	> the [homes] section of smb.conf set up?  Are you using the %U (if
	> don't have a unix account)? 

Hmmm, here's an excerpt of my smb.conf:

-------------------------------------- schnipp

# Global parameters
        workgroup = SR
        netbios name = SMB
        interfaces =
        security = DOMAIN
        encrypt passwords = Yes
        password server = DVDC02
        name resolve order = wins lmhosts bcast host
        wins server =
        create mask = 0777
        directory mask = 0777
        character set = ISO8859-1
        local master = no
        domain master = no

        browseable = No
        nt acl support = true
        add user script = /usr/sbin/ %u
#       null passwords = true
        mangle case = yes

        comment = Home-Verzeichnis %u
        writeable = yes
        browseable = No
        guest ok = no

        path = /shares/public
        read only = No
        browseable = Yes
        guest ok = Yes

        path = /home/public
        read only = No
        browseable = Yes
        guest ok = yes

-------------------------------------- schnipp

I tried an additional "valid users = %u" in the [homes]-section, too. But
that didn't work either. Argh, that can't work. I see that now. Stupid idea.

Maybe this could work but I don't think so because it does the same what the
[homes]-section does as far as I see:

-------------------------------------- schnipp

        path = /shares/home/%u
        read only = No
        browseable = Yes
        guest ok = Yes
        valid users = %u

-------------------------------------- schnipp

I've got another samba-server from which I have copied the smb.conf and
which authenticates the users against the same PDC. On the other server
everything works, here on my machine it doesn't.

Here's basically what my does, not exactly in perl code but
understandable I hope.

-------------------------------------- schnipp

/usr/sbin/useradd -c "created by" -d /shares/home/%u -s
"/bin/false" %u
chmod 777 /shares/home/%u
chown root.root /shares/home/%u

-------------------------------------- schnipp

My is a modified version of the script posted by Randy
O'Meara to the list here in April 1999.

Thanks for taking the time and having a look.

Best regards,


More information about the samba mailing list