[Samba] Samba - User Authentication

daniel.jarboe at custserv.com daniel.jarboe at custserv.com
Thu May 1 16:40:29 GMT 2003 

Sounds like a winbind use default domain = yes thing to me.

~ Daniel

On Wednesday, April 30, 2003 3:58 PM Leonardo Rodríguez wrote:
> 
> Hi Clint,
> 
> There's something I don't understand.... why when I do 
> 'wbinfo -u'  the
> users doesn't appear with their domain for example 
> MCSE\administrator? I
> just get it like this: administrator..... as you can see down in the
> list......
> 
> So I had to made this: chown 'administrator:Domain Users' 
> /Samba/ and I had
> to add it just like 'administrator' without the domain..... 
> as you could
> see I still haven't had any success.
> 
> Any clue about it?
> 
> Thanks
>   		
> ----------- Mensaje Original --------------
> 								
> De: Board, Clint [cboard at ufsonline.com]
> Para: leonardorleon at cantv.net [leonardorleon at cantv.net], Board, Clint
> [cboard at ufsonline.com]
> Cc: samba at lists.samba.org [samba at lists.samba.org]
> Asunto: RE: [Samba] Samba -  User Authentication
> Fecha: 30/04/2003 14:41:27
> Mensaje:
> 
> 	  		
> 	  			I just tested this out, here is 
> what i did and worked fine:
> 
> smb.conf (share definition):
> [test]
>    comment = Shared Folder
>    path = /home/test
>    valid users = DOM\Administrator DOM\user
>    public = no
>    writable = yes
>    printable = no
>    create mask = 0775
> 
> i ran testparm to make sure everything was cool.
> 
> i created the directory as root, which set the owner:group to 
> root, so:
> 
> chown 'DOM\Administrator:DOM\Domain Admins' test
> 
> I stopped winbind
> 
> I restarted smb
> 
> I started winbind
> 
> Let me know if this works for you, i think you problem is in your
> permissions.
> 
> -----Original Message-----
> From: Leonardo Rodríguez [mailto:leonardorleon at cantv.net]
> Sent: Wednesday, April 30, 2003 12:47 PM
> To: cboard at ufsonline.com
> Cc: samba at lists.samba.org
> Subject: RE: [Samba] Samba - User Authentication
> 
> 
> Clint,
> 
> I was fighting with samba the day before and I finally found to do
> something new (something good)... as you did it I had to use 
> winbind with
> samba too and I could do this:
> 
> [root at redhatcus etc]# wbinfo -u
> Administrator
> db2admin
> Guest
> guigonza
> IUSR_HAL
> IWAM_HAL
> krbtgt
> leosamba
> lrodrigu
> NetShowServices
> pruebasamba
> samba
> smbusr
> sysadm
> TsInternetUser
> usrsamba
> [root at redhatcus etc]#
> 
> [root at redhatcus etc]# wbinfo -g
> Domain Admins
> Domain Users
> Domain Guests
> Domain Computers
> Domain Controllers
> Cert Publishers
> Schema Admins
> Enterprise Admins
> Group Policy Creator Owners
> [root at redhatcus etc]#
> 
> [root at redhatcus etc]# wbinfo -t
> Secret is good
> [root at redhatcus etc]#
> 
> Now I can do a telnet connection using the Windows users and 
> everything's ok
> 
> But I still can't authenticate the Windows users in order to they can
> access the Linux folder, take at look at the folder 
> configuration in my
> smb.conf file:
> 
> [Samba]
>    comment = Shared Folder
>    path = /Samba
>    valid users = administrator lrodrigu
>    public = no
>    writable = yes
>    printable = no
>    create mask = 0775
> 
> If I delete the valid users, public, create mask lines then I 
> can access it
> without using any username and password but I don't want do 
> it that way,
> I'd like to only some users could have access...
> 
> Do you know something about that? What do I have to do to 
> figure this out?
> 
> Thanks
> 
> Leonardo
> 	  		
> ----------- Mensaje Original --------------
> 							
> Leonard,
> Here are the preliminary steps i went through to setup 
> RedHat9, running
> Samba 3.0 23alpha-1 as a domain member:
> 
> Downloaded the Samba SRPM and did a build
> installed my new build
> 
> smb.conf changes:
> security = DOMAIN
> workgroup = DOM
> password server = *
> wins server = xxx.xxx.xxx.xxx
> hosts allow = xxx.xxx.xxx. 127.
> 
> I would run testparm just to make sure my smb.conf is not broken.
> 
> Created computer account on the domain through server manager
> Join the domain
> 
> root#net join -S DOMPDC -U 'DOM\Administrator%password'
> 
> As long as this returns "Joined domain DOM" or some other 
> success message
> you are good to go.
> 
> At this point your samba server is setup as a domain member, 
> if you are not
> concerned about using domain level users and groups for 
> permissions you
> don't need to go any further.
> 
> Next i added the winbind configuration to the smb.conf
> winbind uid = 10000-20000
> winbind gid = 10000-20000
> template homedir = /home/winnt/%D/%U
> template shell = /bin/bash
> 
> I would run testparm just to make sure my smb.conf is not 
> broken again.
> 
> Start samba and winbind and make sure they are both running.
> 
> Test to see if the machine account on the domain is valid.
> 
> root#wbinfo -t
> 
> Test to see if you can authenticate on the domain from winbind.
> 
> root#wbinfo -a 'DOM\user%password'
> 
> Set the account that winbind will use to retrieve user and group
> information. This needs to be the domain administrator 
> account or an account
> with domain admin rights.
> 
> root#wbinfo -A 'DOM\user%password'
> 
> Test to see if it is working.
> 
> root#wbinfo -u
> 
> You should see a list of users from the domain :)
> 
> Let me know if you have questions or if you get to a point of 
> failure. I
> definatly want to know the outcome if it is successful.
> 
> 
> 
>   					  	
>   					  	
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
> 
> 

-----------------------------------------------------------------------

This message is the property of Time Inc. or its affiliates. It may be
legally privileged and/or confidential and is intended only for the use
of the addressee(s). No addressee should forward, print, copy, or
otherwise reproduce this message in any manner that would allow it to be
viewed by any individual not originally listed as a recipient. If the
reader of this message is not the intended recipient, you are hereby
notified that any unauthorized disclosure, dissemination, distribution,
copying or the taking of any action in reliance on the information
herein is strictly prohibited. If you have received this communication
in error, please immediately notify the sender and delete this message.
Thank you.

More information about the samba mailing list