[Samba] password authentification
Dale Schroeder
dale at BriannasSaladDressing.com
Mon Jun 8 17:17:29 GMT 2009
You will need winbind. Easy to understand 2-part howto for linux/AD
following:
http://www.enterprisenetworkingplanet.com/netos/article.php/3487081
http://www.enterprisenetworkingplanet.com/netos/article.php/10951_3502441_1
Choose the idmap backend that works for you. I'm partial to RID.
http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html
And SWAT is a good way to fine-tune your setup. There are links to each
parameter and what each of them does (if Samba docs are installed).
Good luck,
Dale
BeefStu BeefStu wrote:
> Ed,
>
>
>
> Thanks, but I have a few more questions. I took a working example of a smb.conf from another machine and placed this into my smb.cnf (see below in red). This is the only thing I did on the UNIX end.
>
>
>
> To use AD for password verification, I will follow your directions below,
>
> but is there anything else I need to do on the UNIX end?
>
>
>
> What I am trying to say, is how will samba get the password now if there is no password file. I know it will get it from AD, but can you take me through step by step as to what happens.
>
>
>
> Lets assume I want to map a drive. By doing a join does samba actually go into AD with my login (it must be cached some how right) and look up my password?
>
>
>
> Current working version
>
> [global]
> workgroup = hshhp
> server string = Samba 3.0.4.0
> smb passwd file = /var/samba/private/smbpasswd
> log file = /usr/local/samba/var/log.%m
> mangle case = Yes
>
>
>
>
> New version
>
> [global]
> workgroup = hshhp
> security = DOMAIN
> auth methods = ntdomain
> password server = ttndc3
> max xmit = 65535
> socket options = TCP_NODELAY IPTOS_LOWDELAY
> ldap ssl = no
> oplocks = No
>
>
> For example, I see things like this (see below) do I need all this?
>
>
>
> The smbpasswd File
> For security reasons we will place the smbpasswd file in a private directory using the following commands: cd /etc/samba
> mkdir private
> cd private
> touch smbpasswd
> chmod 600 smbpasswd
> cd ..
> chmod 500 private
>
> Now we will add a dummy entry to the smbpasswd file. To do this, first create a user account for yourself on the Linux server [unless one already exists], then execute the following commands: cd /etc/samba/private
> cat /etc/passwd | mksmbpasswd.sh > smbpasswdSetting up winbind?
>
>
>
>
> From: samba at nedharvey.com
> To: beefstu350 at hotmail.com; samba at lists.samba.org
> Date: Sat, 6 Jun 2009 07:03:54 -0400
> Subject: RE: [Samba] password authentification
>
>
>
>
>
>
>> I am trying to setup samba so that it uses the password from my AD
>> instead of having a password file in SAMBA.
>>
>> Can somebody tell me what I have to do on the windows 2003 side to make
>>
>> this work. I am guessing I have to setup a samaba acct in AD but not to
>> sure. Can somebody please verify and maybe send me a screen print.
>>
>
> There are a million and one ways to do what you're trying to do. The simplest way that I know of - you don't need to do anything on the Windows side. You join the domain with the samba server, and that will create a computer account in AD for you, just as if you were joining AD with some windows laptop. Here's how I do that on my systems:
>
> I don't mess with the smb.conf file. I admin the whole thing via SWAT, as follows:
> 1. Enable SWAT. Browse to http://localhost:901 (note: by default in the xinetd.d config, this interface is only enabled for localhost; by default you can’t browse to this web interface across the network; you must use localhost or change the xinetd.d config)
> 2. Go to Wizard.
> a. Server type: Domain member
> b. Commit
> 3. Edit Parameter Values
> a. Workgroup: MYDOMAIN
> b. Realm: MYDOMAIN.COM (all caps)
> c. Commit changes
> 4. Go to the command prompt.
> net join –w MYDOMAIN –U administrator
> (It’s normal to get an error, as long as it says “joined” in the end and the computer account was created in AD)
> 5. Restart samba
> _________________________________________________________________
> Lauren found her dream laptop. Find the PC that’s right for you.
> http://www.microsoft.com/windows/choosepc/?ocid=ftp_val_wl_290--
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list