[Samba] Samba with Domain User accounts

McKeever Chris tech-mail at prupref.com
Sat Nov 8 03:23:40 GMT 2003


On Fri, 07 Nov 2003 15:08 , anth jaz <antsoundz at eudoramail.com> sent:

>I am trying to find an option to M$ file server under Linux. Everything to this point is M$. Whether anybody goes for it or not, I would like to 
put the option out there for choice. One of the important necessities is that this doesn't become any more complicated for the EU. As soon as 
you say Linux to the bosses they think more complex for the user and the users have trouble enough logging in to there computers. I am a 
Linux newbie trying to become more efficient. At present, I am using RH9, Samba 3, and have security = Domain and have joined the domain 
successfully. I have a user joe created on the Linux/Samba server and when user joe logs onto his Win2k computer on the NT domain he can 
access the Samba share I have configured like this:
>
>[share]
>path = /test
>public = no
>writable = yes
>printable = no
>valid users = joe jon art
>create mask = 0765
>
>Unless users "joe, jon, and art" are created on the Linux box, the user gets prompted for network authentication:
>
>Connect As:
>Password:
>
>I also have set "password server = *" and I still get promted for authentication. I enter a vaild domain user account but not one that I have 
added to the Linux box and it will not take it. I also tried using 
>"password server = x.x.x.x" where x.x.x.x was PDC and BDC and had the same results.
>
>I have also set the following:
>unix password sync = Yes
>passwd program = /usr/bin/passwd %u
>
>I don't want anybody to have to do this, since they do not have to do this now (all windoze 2k & NT). There are a lot of users and equally a 
lot of passwords on the domain and it isn't very efficient to add every user to the Linux box. Is there a way to get around this. Have the Linux 
server communicate with the PDC or BDC since it is a member of the domain? 
>
>If that is even possible can I then give joe "read only", jon & art "read & write", and "deny" everybody else access to the "test dir." 
>
>

With the 2.2.x version there was windbind, which would communicate with the PDC and pull the user accounts.  I believe there is something 
similiar with 3.0 net vampire (or something to that effect, if not still windbind)...

The howto at samba.org (dont have the exact address), is very resourcefull to these types of issues.





---- Prudential Preferred Properties   www.prupref.com  




More information about the samba mailing list