[Samba] password authentification
beefstu350 at hotmail.com
Mon Jun 8 13:24:55 GMT 2009
Thanks, but I have a few more questions. I took a working example of a smb.conf from another machine and placed this into my smb.cnf (see below in red). This is the only thing I did on the UNIX end.
To use AD for password verification, I will follow your directions below,
but is there anything else I need to do on the UNIX end?
What I am trying to say, is how will samba get the password now if there is no password file. I know it will get it from AD, but can you take me through step by step as to what happens.
Lets assume I want to map a drive. By doing a join does samba actually go into AD with my login (it must be cached some how right) and look up my password?
Current working version
workgroup = hshhp
server string = Samba 22.214.171.124
smb passwd file = /var/samba/private/smbpasswd
log file = /usr/local/samba/var/log.%m
mangle case = Yes
workgroup = hshhp
security = DOMAIN
auth methods = ntdomain
password server = ttndc3
max xmit = 65535
socket options = TCP_NODELAY IPTOS_LOWDELAY
ldap ssl = no
oplocks = No
For example, I see things like this (see below) do I need all this?
The smbpasswd File
For security reasons we will place the smbpasswd file in a private directory using the following commands: cd /etc/samba
chmod 600 smbpasswd
chmod 500 private
Now we will add a dummy entry to the smbpasswd file. To do this, first create a user account for yourself on the Linux server [unless one already exists], then execute the following commands: cd /etc/samba/private
cat /etc/passwd | mksmbpasswd.sh > smbpasswdSetting up winbind?
From: samba at nedharvey.com
To: beefstu350 at hotmail.com; samba at lists.samba.org
Date: Sat, 6 Jun 2009 07:03:54 -0400
Subject: RE: [Samba] password authentification
> I am trying to setup samba so that it uses the password from my AD
> instead of having a password file in SAMBA.
> Can somebody tell me what I have to do on the windows 2003 side to make
> this work. I am guessing I have to setup a samaba acct in AD but not to
> sure. Can somebody please verify and maybe send me a screen print.
There are a million and one ways to do what you're trying to do. The simplest way that I know of - you don't need to do anything on the Windows side. You join the domain with the samba server, and that will create a computer account in AD for you, just as if you were joining AD with some windows laptop. Here's how I do that on my systems:
I don't mess with the smb.conf file. I admin the whole thing via SWAT, as follows:
1. Enable SWAT. Browse to http://localhost:901 (note: by default in the xinetd.d config, this interface is only enabled for localhost; by default you can’t browse to this web interface across the network; you must use localhost or change the xinetd.d config)
2. Go to Wizard.
a. Server type: Domain member
3. Edit Parameter Values
a. Workgroup: MYDOMAIN
b. Realm: MYDOMAIN.COM (all caps)
c. Commit changes
4. Go to the command prompt.
net join –w MYDOMAIN –U administrator
(It’s normal to get an error, as long as it says “joined” in the end and the computer account was created in AD)
5. Restart samba
Lauren found her dream laptop. Find the PC that’s right for you.
More information about the samba