[Samba] Auth. from Win2k Works

Bill Parker dogbert at netnevada.net
Mon Feb 3 15:16:11 GMT 2003 

We have been able to get windows workstations to validate against win2k for
authentication, but in looking at local shares on the linux box (via samba), do
the users need to be localized to a group in /etc/group to allow access to 
files
on the linux system that samba is running on.  Here is the smb.conf we have
come up with (along with modifications):

[global]
         workgroup = donbest
         netbios name = servlets
         comment = Servlets Machine
         os level = 34
#
#       modified from domain to "*"
#
         password server = *
         security = domain
         encrypt passwords = Yes
         smb passwd file = /etc/samba/smbpasswd
         guest account = Nobody
         map to guest = Bad User
         username map = /etc/linuxtowin2k
#
#       modified name resolve order to use WINS instead of local file
#
         name resolve order = wins lmhosts bcast
# This tells samba to use the file smbusers for user mapping.
;       username map = /etc/samba/smbusers

# This tells samba to write log files per machine.
;       log file = /var/log/samba/%m
# This sets an alternate log level. Default is 2.
;       log level = 3
#
# password level (to match current username/password scheme in office)
#
         password level = 12
         username level = 12

# Uncomment the following, if you want to use an existing NT-Server to
# authenticate users, but don't forget that you also have to create them
# locally!
;       security = server
;       password server = 192.168.1.10

         printing = LPRNG
         printcap name = /etc/printcap
         load printers = Yes

# These settings are a suggestion for a local network. Cf. section
# 'socket options' in the man page of smb.conf and socket(7).
         socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY

# Uncomment this, if you want to integrate your server
# into an existing net e.g. with NT-WS to prevent nettraffic
         local master = No

# Please uncomment the following entry and replace the ip number and
# netmask with the values of your network interface configuration.
#
#       values are subject to change once we assign permanent addr
#
         interfaces = 172.21.2.117/255.255.255.0
         remote announce = 172.21.2.117
         hosts allow = 172.21.2. 172.21.3. localhost

# If you want Samba to act as a wins server, please set
# 'wins support' to yes.
         wins support = No

# If you want Samba to use an existing wins server, please uncomment the
# following line and replace the dummy with the wins server's ip number.
#
#       Points at current auth. machine in domain "donbest"
#
         wins server = 172.21.2.6
         dns proxy = No
#
#       Windows Bind Config
#
winbind separator = +
winbind gid = 10000-20000
winbind uid = 10000-20000
template shell = /bin/bash
template homedir = /home/%D/%U
winbind enum groups = yes
winbind enum users = yes

# Set these two parameters to your DOS code page and appropriate UNIX
# character set. These values are for west European languages (Latin-9)
# UNIX character and MS-DOS Latin 1 code page.
         character set = ISO8859-15
         client code page = 850

# This is a simple measure against Nimba Worm. Cf. README.Win32-Viruses
         veto files = /*.eml/*.nws/riched20.dll/*.{*}/

# Do you wan't samba to act as a logon-server for your windows 95/98
# clients, so uncomment the following:
;       domain logons = Yes
         domain master = No
         preferred master = no
# For a specific logon script per user
;       logon script = %U.bat
# For a specific logon script per machine
;       logon script = %m.bat

# Where to store the logon scripts.
;[netlogon]
;       comment = Network Logon Service
;       path = /var/lib/samba/netlogon

# Where profiles of Windows 9x systems are stored.
# First example for a centralized place.
;       logon home = \\%L\profiles\%U
# Second example for a subdirectory of the users home.
;       logon home = \\%L\%U\profile
# Where profiles of Windows NT systems are stored.
;       logon path = \\%L\profiles\%U

# Extra share for profiles. Default is the home of the user.
;[profiles]
;       comment = Network Profiles Service
;       path = /var/lib/samba/profiles
;       browseable = No

[temp]
         comment = Temporary File Space
         path = /tmp
         read only = No
         guest ok = Yes

[test]
         comment = Test Network on Servlets
         path = /dbs/share
         valid users = @testgroup
;       force group = @dbsapps
         read only = No
         writeable = Yes
         guest ok = No
         create mask = 0777
         force create mode = 0777
         directory mask = 0777
         force directory mode = 0777


[homes]
         comment = Home Directories
         path = /home
         read only = No
         writable = Yes
         create mask = 0640
         directory mask = 0750
         browseable = no

More information about the samba mailing list