[Samba] Samba - User Authentication

Leonardo Rodríguez leonardorleon at cantv.net
Wed Apr 30 17:46:41 GMT 2003 

Clint,

I was fighting with samba the day before and I finally found to do
something new (something good)... as you did it I had to use winbind with
samba too and I could do this:

[root at redhatcus etc]# wbinfo -u
Administrator
db2admin
Guest
guigonza
IUSR_HAL
IWAM_HAL
krbtgt
leosamba
lrodrigu
NetShowServices
pruebasamba
samba
smbusr
sysadm
TsInternetUser
usrsamba
[root at redhatcus etc]#

[root at redhatcus etc]# wbinfo -g
Domain Admins
Domain Users
Domain Guests
Domain Computers
Domain Controllers
Cert Publishers
Schema Admins
Enterprise Admins
Group Policy Creator Owners
[root at redhatcus etc]#

[root at redhatcus etc]# wbinfo -t
Secret is good
[root at redhatcus etc]#

Now I can do a telnet connection using the Windows users and everything's ok

But I still can't authenticate the Windows users in order to they can
access the Linux folder, take at look at the folder configuration in my
smb.conf file:

[Samba]
   comment = Shared Folder
   path = /Samba
   valid users = administrator lrodrigu
   public = no
   writable = yes
   printable = no
   create mask = 0775

If I delete the valid users, public, create mask lines then I can access it
without using any username and password but I don't want do it that way,
I'd like to only some users could have access...

Do you know something about that? What do I have to do to figure this out?

Thanks

Leonardo
	  		
----------- Mensaje Original --------------
							
Leonard,
Here are the preliminary steps i went through to setup RedHat9, running
Samba 3.0 23alpha-1 as a domain member:

Downloaded the Samba SRPM and did a build
installed my new build

smb.conf changes:
security = DOMAIN
workgroup = DOM
password server = *
wins server = xxx.xxx.xxx.xxx
hosts allow = xxx.xxx.xxx. 127.

I would run testparm just to make sure my smb.conf is not broken.

Created computer account on the domain through server manager
Join the domain

root#net join -S DOMPDC -U 'DOM\Administrator%password'

As long as this returns "Joined domain DOM" or some other success message
you are good to go.

At this point your samba server is setup as a domain member, if you are not
concerned about using domain level users and groups for permissions you
don't need to go any further.

Next i added the winbind configuration to the smb.conf
winbind uid = 10000-20000
winbind gid = 10000-20000
template homedir = /home/winnt/%D/%U
template shell = /bin/bash

I would run testparm just to make sure my smb.conf is not broken again.

Start samba and winbind and make sure they are both running.

Test to see if the machine account on the domain is valid.

root#wbinfo -t

Test to see if you can authenticate on the domain from winbind.

root#wbinfo -a 'DOM\user%password'

Set the account that winbind will use to retrieve user and group
information. This needs to be the domain administrator account or an account
with domain admin rights.

root#wbinfo -A 'DOM\user%password'

Test to see if it is working.

root#wbinfo -u

You should see a list of users from the domain :)

Let me know if you have questions or if you get to a point of failure. I
definatly want to know the outcome if it is successful.

More information about the samba mailing list