Security = domain
vda
vda at port.imtp.ilyichevsk.odessa.ua
Wed Dec 19 02:32:21 GMT 2001
On Wednesday 19 December 2001 08:32, Eduardo Sanz Martin wrote:
> I am trying to use the domain security option on samba 2.2.2 on red hat 7.1
> . Just works with security=server. My PDC is an NT 3.51 (Service Pack 3).
> Here is my smb.conf is :
>
> [global]
> domain master = False
> dns proxy = No
> encrypt passwords = Yes
> name resolve order = lmhosts wins host bcast
> preferred master = no
> hosts allow = 192.168.
> password server = 192.168.1.100
> allow trusted domains = No
> security = domain
> local master = No
> server string = File Server - Linux RH 7.1 Samba 2.2.2
> workgroup = GRUPO
> netbios name = test.grupo.es
Where's "password server = ..." ?
>
> [Edusan]
> path = /home/admin/edusan
> browsable =yes
> writeable = yes
> valid users = edusan
> public = no
> create mask = 0755
My smb.conf is below. It works for me (even commented out sections
were tested and would work if uncommented)
--
vda
# This setup allows to connect as guest
# (invalid username -> you are guest)
# Attempt to connect to \\server\username
# will ask for password _for that username_
# even on braindamaged clients which don't
# let user specify username (Win9x).
#
# Set passwords for users via smbpasswd!
#
# Note! To connect under different username, you may need
# to log off and on again on the client machine.
# Yes, M$ is terminally broken.
#======================= Global Settings =====================================
[global]
# Logging
#0..3 - ERR,WARN,NOTICE,INFO
log file = /var/log/samba.%m
max log size = 256
debug level = 1
syslog = 1
syslog only = No
# makes ping <netbios name> work
# Note:
# /etc/nsswitch: "hosts: files dns wins"
# /lib: libnss_wins.so, libnss_wins.so[.1|2 (glibc 1/2)]
#name resolve order = lmhosts host wins bcast
name resolve order = wins
wins server = 172.16.42.102
# winbindd allows you to have user UID/GID be derived from NT PDC
# and domain users can log in your linux box (shell login, not just SMB
connect!)
# without twiddling with /etc/passwd|shadow|group!
# PAM usage:
# auth sufficient pam_winbind.so
# account required pam_winbind.so
# Note: have to join domain, have to be in domain security mode
# user syntax: DOMAIN.user
winbind separator = .
# Allocate uid/gid range for NT users
winbind uid = 10000-20000
winbind gid = 10000-20000
# Recheck user/group id every N secs
winbind cache time = 300
# Home dir: %D:domain %U:user
template homedir = /home/%D.%U
template shell = /bin/bash
# Browser elections
local master = yes
preferred master = yes
;domain master = depands on security model, see below
# Username/passwd handling
# If username is invalid, treat him as guest
map to guest = Bad user
# Allow users with null passwords to connect
null passwords = yes
# Allow logins from Win311/95/98 (weaker security)
lanman auth = yes
encrypt passwords = yes
;# Authenticate users using given WinNT box
;# - VDA: ok
; workgroup = PORT
; encrypt passwords = yes
; security = server
; password server = PORT_PDC
; domain master = no
# Authenticate users using given WinNT domain
# - VDA: ok, but you'll need to create UNIX users for each connecting Win one
# (same username as found on PDC)
# Update: [2001/12/07] can't make it accept domain users
# when winbindd is running even if local user exists in /etc/passwd
#
workgroup = PORT
encrypt passwords = yes
security = domain
password server = *
domain master = no
;# Authenticate users using local Samba
;# (we are part of a workgroup)
;# - VDA: ok.
;# Set passwords for users via smbpasswd!
; workgroup = LINUX
; os level = 33
; security = share
; domain logons = no
;# We are PDC for our domain (domain name set by 'workgroup')
;# Have to have [netlogon]
;# TODO: check:maybe we need [profiles] too?
; workgroup = LINUX
; os level = 34
; security = user
; domain logons = yes
; domain master = yes # affects browser elections
; ;# To be executed each time user logs in. Stored in [netlogon]
; ;logon script = %u.bat
; # Home dir and drive to map it to
; # (%L: our server netbios name, %u: final user name)
; logon home = \\%L\%u\home\%u
; logon drive = w:
; # Profiles dir for roaming profiles
; logon path = \\%L\%u\home\%u\profiles
# Guess what is this?
client code page = 866
code page directory = /usr/lib/samba/lib/codepages
# ???
socket options = TCP_NODELAY
; TODO: try is this useful
;[global]
; default service = pub
;
;[pub]
; path = /%S
;
;!!!
; preexec = ...
; postexec = ...
#============================ Default share parameters =======================
# Map guests to which UNIX user?
guest account = guest
# Share is visible by default?
browseable = yes
guest ok = yes
# ???
#browse list = yes
read only = yes
follow symlinks = yes
create mode = 0644
force create mode = 0600
directory mode = 0755
force directory mode = 0111
# ???
deadtime = 10
#============================ Share Definitions ==============================
[-pub]
path = /pub
read only = yes
guest ok = yes
guest only = yes
[-in]
path = /pub/in
read only = no
guest ok = yes
guest only = yes
# Special share - replaced by username
# Check that this path is actually accessible by users!!!
[homes]
;path = /home/%S
path = /.share
only user = yes
user = %S
guest ok = no
read only = no
# This stops [homes] to be visible itself
# User shares inherit global setting and hence are visible
browseable = no
;# Special share - replaced by printer name(s)
;[printers]
; comment = All Printers
; path = /var/spool/samba
; browseable = no
;# Set public = yes to allow user 'guest account' to print
; guest ok = no
; writable = no
; printable = yes
# Special share: used for logons if we are PDC
# It stores logon scripts, ??? what else ???
[netlogon]
path = /var/app/samba-2.2.2/netlogon
public = no
writable = no
browsable = no
# ???
[profiles]
path = /var/app/samba-2.2.2/profiles
browseable = no
guest ok = yes
More information about the samba
mailing list