[Samba] password authentification

Dale Schroeder dale at BriannasSaladDressing.com
Mon Jun 8 17:17:29 GMT 2009 

You will need winbind.  Easy to understand 2-part howto for linux/AD 
following:
http://www.enterprisenetworkingplanet.com/netos/article.php/3487081
http://www.enterprisenetworkingplanet.com/netos/article.php/10951_3502441_1

Choose the idmap backend that works for you.  I'm partial to RID.
http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html

And SWAT is a good way to fine-tune your setup.  There are links to each 
parameter and what each of them does (if Samba docs are installed).

Good luck,
Dale


BeefStu BeefStu wrote:
> Ed,
>
>  
>
> Thanks, but I have a few more questions. I took a working example of a smb.conf from another machine and placed this into my smb.cnf (see below in red). This is the only thing I did on the UNIX end.
>
>  
>
> To use AD for password verification, I will follow your directions below, 
>
> but is there anything else I need to do on the UNIX end?
>
>  
>
> What I am trying to say, is how will samba get the password now if there is no password file. I know it will get it from AD, but can you take me through step by step as to what happens. 
>
>  
>
> Lets assume I want to map a drive. By doing a join does samba actually go into AD with my login (it must be cached some how right) and look up my password?
>
>  
>
> Current working version
>
>  [global]
>         workgroup = hshhp
>         server string = Samba 3.0.4.0
>         smb passwd file = /var/samba/private/smbpasswd
>         log file = /usr/local/samba/var/log.%m
>         mangle case = Yes
>
>
>  
>
> New version
>
> [global]
>         workgroup = hshhp
>         security = DOMAIN
>         auth methods = ntdomain
>         password server = ttndc3
>         max xmit = 65535
>         socket options = TCP_NODELAY IPTOS_LOWDELAY
>         ldap ssl = no
>         oplocks = No
>
>
> For example, I see things like this (see below) do I need all this?
>
>  
>
> The smbpasswd File 
> For security reasons we will place the smbpasswd file in a private directory using the following commands: cd /etc/samba
> mkdir private
> cd private
> touch smbpasswd
> chmod 600 smbpasswd
> cd ..
> chmod 500 private
>
> Now we will add a dummy entry to the smbpasswd file. To do this, first create a user account for yourself on the Linux server [unless one already exists], then execute the following commands: cd /etc/samba/private
> cat /etc/passwd | mksmbpasswd.sh  > smbpasswdSetting up winbind?  
>
>  
>
>
> From: samba at nedharvey.com
> To: beefstu350 at hotmail.com; samba at lists.samba.org
> Date: Sat, 6 Jun 2009 07:03:54 -0400
> Subject: RE: [Samba] password authentification
>
>
>
>
>
>   
>> I am trying to setup samba so that it uses the password from my AD
>> instead of having a password file in SAMBA.
>>
>> Can somebody tell me what I have to do on the windows 2003 side to make
>>
>> this work. I am guessing I have to setup a samaba acct in AD but not to
>> sure. Can somebody please verify and maybe send me a screen print.
>>     
>  
> There are a million and one ways to do what you're trying to do.  The simplest way that I know of - you don't need to do anything on the Windows side.  You join the domain with the samba server, and that will create a computer account in AD for you, just as if you were joining AD with some windows laptop.  Here's how I do that on my systems:
>  
> I don't mess with the smb.conf file.  I admin the whole thing via SWAT, as follows:
> 1.  Enable SWAT.  Browse to http://localhost:901  (note: by default in the xinetd.d config, this interface is only enabled for localhost; by default you can’t browse to this web interface across the network; you must use localhost or change the xinetd.d config)
> 2.  Go to Wizard.
> a.  Server type:  Domain member
> b.  Commit
> 3.  Edit Parameter Values
> a.  Workgroup:  MYDOMAIN
> b.  Realm:      MYDOMAIN.COM     (all caps)
> c.  Commit changes
> 4.  Go to the command prompt.
> net join –w MYDOMAIN –U administrator
> (It’s normal to get an error, as long as it says “joined” in the end and the computer account was created in AD)
> 5.  Restart samba
> _________________________________________________________________
> Lauren found her dream laptop. Find the PC that’s right for you.
> http://www.microsoft.com/windows/choosepc/?ocid=ftp_val_wl_290-- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
>

More information about the samba mailing list