[Samba] Samba - User Authentication

Leonardo Rodríguez leonardorleon at cantv.net
Mon May 5 11:52:16 GMT 2003 

Hi Clint,

I'm back again, as I told you here you are my smb.conf

[global]
   workgroup = MCSE
   server string = Samba Server 
   netbios name = redhatcus
   printcap name = /etc/printcap
   load printers = yes
   printing = lprng
   log file = /var/log/samba/%m.log
   max log size = 10
   log level = 1
   security = domain
   password server = win2k1
   winbind separator = +
   winbind uid = 10000-20000
   winbind gid = 10000-20000
   winbind cache time = 15
   winbind enum users = yes
   winbind enum groups = yes
   template homedir = /home/%U
   template shell = /bin/bash
   winbind use default domain = yes
   encrypt passwords = yes
   smb passwd file = /etc/samba/smbpasswd
   unix password sync = Yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
   pam password change = yes
   obey pam restrictions = yes
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   remote browse sync = 192.168.58.255 9.177.255.255
   remote announce = 192.168.58.255 9.177.255.255
   local master = no
   wins server = 192.168.58.103
   name resolve order = wins lmhosts host bcast
   dns proxy = no
  preserve case = no
  short preserve case = no
  default case = lower
  case sensitive = no

[homes]
   comment = Home Directories
   browseable = no
   writable = yes
   valid users = %D+%S
   create mode = 0664
   directory mode = 0775

[Test]
   comment = Shared Folder
   path = /Test
   valid users = Administrator lrodrigu
   public = no
   writable = yes
   printable = no
   create mask = 0775

--------end of file-----------------

When I run testparm I get a message related with the winbind separator like
this:

[root at redhatcus samba]# testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[Test]"
Loaded services file OK.
'winbind separator = +' might cause problems with group membership.
Press enter to see a dump of your service definitions

Is there something wrong with that? Could it cause some problem?

I hope this can help you to figure this out.....

Thanks...
	  		
----------- Mensaje Original --------------

Lets get a look at your smb.conf again :)

-----Original Message-----
From: Leonardo Rodríguez [mailto:leonardorleon at cantv.net]
Sent: Wednesday, April 30, 2003 2:58 PM
To: cboard at ufsonline.com
Cc: samba at lists.samba.org
Subject: RE: [Samba] Samba - User Authentication


Hi Clint,

There's something I don't understand.... why when I do 'wbinfo -u'  the
users doesn't appear with their domain for example MCSE\administrator? I
just get it like this: administrator..... as you can see down in the
list......

So I had to made this: chown 'administrator:Domain Users' /Samba/ and I had
to add it just like 'administrator' without the domain..... as you could
see I still haven't had any success.

Any clue about it?

Thanks
  		
----------- Mensaje Original --------------
								
De: Board, Clint [cboard at ufsonline.com]
Para: leonardorleon at cantv.net [leonardorleon at cantv.net], Board, Clint
[cboard at ufsonline.com]
Cc: samba at lists.samba.org [samba at lists.samba.org]
Asunto: RE: [Samba] Samba -  User Authentication
Fecha: 30/04/2003 14:41:27
Mensaje:

	  		
	  			I just tested this out, here is what i did
and worked fine:

smb.conf (share definition):
[test]
   comment = Shared Folder
   path = /home/test
   valid users = DOM\Administrator DOM\user
   public = no
   writable = yes
   printable = no
   create mask = 0775

i ran testparm to make sure everything was cool.

i created the directory as root, which set the owner:group to root, so:

chown 'DOM\Administrator:DOM\Domain Admins' test

I stopped winbind

I restarted smb

I started winbind

Let me know if this works for you, i think you problem is in your
permissions.

-----Original Message-----
From: Leonardo Rodríguez [mailto:leonardorleon at cantv.net]
Sent: Wednesday, April 30, 2003 12:47 PM
To: cboard at ufsonline.com
Cc: samba at lists.samba.org
Subject: RE: [Samba] Samba - User Authentication


Clint,

I was fighting with samba the day before and I finally found to do
something new (something good)... as you did it I had to use winbind with
samba too and I could do this:

[root at redhatcus etc]# wbinfo -u
Administrator
db2admin
Guest
guigonza
IUSR_HAL
IWAM_HAL
krbtgt
leosamba
lrodrigu
NetShowServices
pruebasamba
samba
smbusr
sysadm
TsInternetUser
usrsamba
[root at redhatcus etc]#

[root at redhatcus etc]# wbinfo -g
Domain Admins
Domain Users
Domain Guests
Domain Computers
Domain Controllers
Cert Publishers
Schema Admins
Enterprise Admins
Group Policy Creator Owners
[root at redhatcus etc]#

[root at redhatcus etc]# wbinfo -t
Secret is good
[root at redhatcus etc]#

Now I can do a telnet connection using the Windows users and everything's ok

But I still can't authenticate the Windows users in order to they can
access the Linux folder, take at look at the folder configuration in my
smb.conf file:

[Samba]
   comment = Shared Folder
   path = /Samba
   valid users = administrator lrodrigu
   public = no
   writable = yes
   printable = no
   create mask = 0775

If I delete the valid users, public, create mask lines then I can access it
without using any username and password but I don't want do it that way,
I'd like to only some users could have access...

Do you know something about that? What do I have to do to figure this out?

Thanks

Leonardo
	  		
----------- Mensaje Original --------------
							
Leonard,
Here are the preliminary steps i went through to setup RedHat9, running
Samba 3.0 23alpha-1 as a domain member:

Downloaded the Samba SRPM and did a build
installed my new build

smb.conf changes:
security = DOMAIN
workgroup = DOM
password server = *
wins server = xxx.xxx.xxx.xxx
hosts allow = xxx.xxx.xxx. 127.

I would run testparm just to make sure my smb.conf is not broken.

Created computer account on the domain through server manager
Join the domain

root#net join -S DOMPDC -U 'DOM\Administrator%password'

As long as this returns "Joined domain DOM" or some other success message
you are good to go.

At this point your samba server is setup as a domain member, if you are not
concerned about using domain level users and groups for permissions you
don't need to go any further.

Next i added the winbind configuration to the smb.conf
winbind uid = 10000-20000
winbind gid = 10000-20000
template homedir = /home/winnt/%D/%U
template shell = /bin/bash

I would run testparm just to make sure my smb.conf is not broken again.

Start samba and winbind and make sure they are both running.

Test to see if the machine account on the domain is valid.

root#wbinfo -t

Test to see if you can authenticate on the domain from winbind.

root#wbinfo -a 'DOM\user%password'

Set the account that winbind will use to retrieve user and group
information. This needs to be the domain administrator account or an account
with domain admin rights.

root#wbinfo -A 'DOM\user%password'

Test to see if it is working.

root#wbinfo -u

You should see a list of users from the domain :)

Let me know if you have questions or if you get to a point of failure. I
definatly want to know the outcome if it is successful.



  					  	
  					  	
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list