No subject


Wed Oct 20 02:45:58 MDT 2010 

Example ConfigurationSamba as a Domain Member Server
This method involves addition of the following parameters in the=20
smb.conf file:
security =3d domainworkgroup =3d MIDEARTH
In order for this method to work, the Samba server needs to join the=20
MS Windows NT security domain. This is done as follows:

http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ServerType.html#i=
d2559628

Use of this mode of authentication requires there to be a standard=20
UNIX account for each user in order to assign a UID once the account=20
has been authenticated by the Windows domain controller. This account=20
can be blocked to prevent logons by clients other than MS Windows=20
through means such as setting an invalid shell in the /etc/passwd=20
entry. The best way to allocate an invalid shell to a user account is=20
to set the shell to the file /bin/false. Domain controllers can be=20
located anywhere that is convenient. The best advice is to have a BDC=20
on every physical network segment, and if the PDC is on a remote=20
network segment the use of WINS (see Network Browsing for more=20
information) is almost essential.
An alternative to assigning UIDs to Windows users on a Samba member=20
server is presented in Winbind, Winbind: Use of Domain Accounts.



Also see:


http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.htm=
l#domain-member-server

>
>
>                  map to guest =3d Bad User
>                  syslog =3d 0
>                  log file =3d /var/log/samba/log.%m
>                  max log size =3d 1000
>                  dns proxy =3d No
>                  wins server =3d density.aarcane.info
>                  usershare allow guests =3d Yes
>                  panic action =3d /usr/share/samba/panic-action %d
>
> [videos]
>                  comment =3d Rebirth local Videos
>                  path =3d /media/local/videos
>                  write list =3d @rebirth
>                  force group =3d videos
>                  create mask =3d 0664
>                  force create mode =3d 0664
>                  directory mask =3d 0775
>                  force directory mode =3d 0775
>
> [music]
>                  comment =3d Rebirth local Music
>                  path =3d /media/local/music
>                  write list =3d @rebirth
>                  force group =3d music
>                  create mask =3d 0664
>                  force create mode =3d 0664
>                  directory mask =3d 0775
>                  force directory mode =3d 0775
>
> The server is not honoring domain accounts (the PDC honors domain
> accounts and shows owners/groups as domain users without issue), but
> this one is saying "Unknown username or bad password" when trying to
> browse to it, and when you specify your domain username and password
> manually in the prompt, it shows files and groups as REBIRTH/username=20
> or
> UNIX-GROUP/groupname instead of as domain users and groups.
>
> below I've stopped the server, cleared out the old log files, and
> restarted smbd (and nmbd) and double-clicked on rebirth in the windows=20
> 7
> network pane.
>
> ikari (10.0.0.241) is the client I'm using.
>
> aarcane at rebirth:/var/log/samba$ ls
> cores  log.10.0.0.241  log.ikari  log.nmbd  log.smbd
> aarcane at rebirth:/var/log/samba$ cat log.10.0.0.241
> aarcane at rebirth:/var/log/samba$ cat log.ikari
> [2010/12/29 16:04:30.647903,  0]=20
> lib/util_sock.c:474(read_fd_with_timeout)
> [2010/12/29 16:04:30.648046,  0]
> lib/util_sock.c:1432(get_peer_addr_internal)
>      getpeername failed. Error was Transport endpoint is not connected
>      read_fd_with_timeout: client 0.0.0.0 read error =3d Connection=20
> reset by
> peer.
> aarcane at rebirth:/var/log/samba$ cat log.nmbd
> [2010/12/29 16:03:44,  0] nmbd/nmbd.c:857(main)
>      nmbd version 3.5.4 started.
>      Copyright Andrew Tridgell and the Samba Team 1992-2010
> aarcane at rebirth:/var/log/samba$ cat log.smbd
> [2010/12/29 16:03:41,  0] smbd/server.c:1123(main)
>      smbd version 3.5.4 started.
>      Copyright Andrew Tridgell and the Samba Team 1992-2010
> [2010/12/29 16:03:41.923307,  0]=20
> printing/print_cups.c:108(cups_connect)
>      Unable to connect to CUPS server localhost:631 - Connection=20
> refused
> [2010/12/29 16:03:41.928781,  0]=20
> printing/print_cups.c:108(cups_connect)
>      Unable to connect to CUPS server localhost:631 - Connection=20
> refused
> [2010/12/29 16:03:41.929413,  0] smbd/server.c:1169(main)
>      standard input is not a socket, assuming -D option
> aarcane at rebirth:/var/log/samba$
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba

More information about the samba mailing list