AW: [Samba] add user script going Horribly Wrong (tm)

Torsten.Wally at mewa.de Torsten.Wally at mewa.de
Mon Aug 12 23:06:01 GMT 2002


(Oups! I forgot to send it to the list so everyone could laugh about it.
Sorry Vicky for disturbing directly)

Good Morning, Vicky!

Seems your smb.conf is messed up a little.

As I can see you're using security = domain. With this configuration the
smbpasswd-file/feature isn't need at all. Authentication is done encrypted
with the domain user database, not with the smbpasswd file.

The explanation of this parameter should make this more clear:
---
encrypt passwords (G)
This boolean controls whether encrypted passwords will be negotiated with
the client. Note that Windows NT 4.0 SP3 and above and also Windows 98 will
by default expect encrypted passwords unless a registry entry is changed. To
use encrypted passwords in Samba see the file ENCRYPTION.txt in the Samba
documentation directory docs/ shipped with the source code.

In order for encrypted passwords to work correctly smbd(8) must either have
access to a local smbpasswd(5) [this one you're thinking of you need it]
file (see the smbpasswd(8) program for information on how to set up and
maintain this file), or set the security = [server|domain] [this way it's
configured at your site] parameter which causes smbd to authenticate against
another server.

Default: encrypt passwords = no
---

As long as the the domain-users you're automatically creating with your
script don't need to log on to the unix/linux machine, you don't need "unix
password sync", "passwd program" and "passwd chat". Maybe you don't even
need to create those users automatically? Maybe a guest account or a simple
user-mapping to an existing unix-user would fulfill your needs? But if you
want to create them (I expect you want to, because you're giving every user
a home-directory that is mapped), don't forget deny access to unix directly,
if they do not need it.

But at this point, login should work either, aside of the misconfiguration.
What exactly is the error message in the log-files when a user tries to
connect? You should be aware that some unix-version do not allow usernames
longer than eight characters. Our AIX doesn't like it at all. But as the
addition of users to the passwd-file already works, this does not seem to
affect you (or you simply have max eight character user names).

I hope this helps you a litte bit?!

Greetings from Germany!

-Torsten


=====================================
= And the music's gonna make me fly =
= --- without fear and without pain =
= Meat Loaf - Heaven can wait       =
=====================================


> -----Ursprüngliche Nachricht-----
> Von: Vicky Clarke [mailto:vclarke at frontier.co.uk]
> Gesendet am: Montag, 12. August 2002 18:04
> An: samba at lists.samba.org
> Betreff: [Samba] add user script going Horribly Wrong (tm)
> 
> Hi,
> 
> I've tried to set up automated user addition and deletion on 
> our Samba 
> server, but something's going wrong. Users appear in 
> /etc/passwd, but not 
> in smbpasswd, so people are getting login errors and so on 
> when they try to 
> access the share. Have I missed a bit of config that's 
> supposed to tell 
> samba to set up smbpasswd's too? (smb.conf included below).
> 
> Thanks!
> Vicky Clarke
> 
> [global]
>          workgroup = DOMAIN1
> 
> # The following is excessively paranoid, but until a solid 
> solution to the 
> network browsing and reliable
> # mapping of network drives issue is arrived at we'll leave it be.
> 
>          domain master = no
>          local master = no
>          preferred master = no
> 
>          browseable = yes
>          os level = 2
>          wins server = 172.17.1.2
>          hosts allow = 172.17.1.2 172.17.3. 127.
>          interfaces = 172.17.1.3/255.255.0.0
>          encrypt passwords = yes
>          guest account = Nobody
>          map to guest = never
>          add user script = /usr/sbin/useradd -d 
> /share/pchomes/%u -m %u
>          delete user script = /usr/sbin/userdel %u
>          unix password sync = yes
>          passwd program = /usr/bin/passwd %u
>          passwd chat = "New password:*" %n\n "Re-enter new 
> password:*" %n\n 
> "Pas\
> sword changed*"
>          passwd chat debug = yes
> 
> # This tells samba to write log files per machine.
>          log file = /var/log/samba/%m
> # This sets an alternate log level. Default is 2.
>          log level = 8
> 
> # Uncomment the following, if you want to use an existing NT-Server to
> # authenticate users, but don't forget that you also have to 
> create them
> 
> # locally!
>          security = domain
>          password server = 172.17.1.2
>          socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
> 
>          local master = No
> 
>          interfaces = lo eth0
> 
>          wins support = no
>          # 'yes' doesn't work; 'no' does work
> 
>          wins server = 172.17.1.2
> 
>          character set = ISO8859-15
>          client code page = 850
> 
>          veto files = /*.eml/*.nws/riched20.dll/*.{*}/
> [vicky]
>          comment = Linux home directory for Vicky
>          browseable = no
>          valid users = vclarke root Administrator
>          path = /home/vclarke
>          read only = no
>          create mask = 0600
>          directory mask = 0700
> 
> [homes]
>          comment = User home directory
>          path = /share/pchomes/%S
>          read only = No
>          create mask = 0640
>          directory mask = 0750
>          browseable = No
>          writeable = yes
> #       nt acl support = yes
> 
> 
> # Create a general-purpose shared directory everyone can use
> 
> [art]
>          comment = Art directories
>          path= /share/art
>          writeable = yes
>          create mask = 0666
>          directory mask = 0775
>          nt acl support = yes
>          admin users = arcserve
>          mangled names = yes
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
> 



More information about the samba mailing list