On Tue 05 Dec, Bill Antonia wrote:
Your /etc/smb.conf file contains no information on what type of security is required. If the samba server is to authenticate it's own users in it's own domain, set security = user domain master = yes domain logons = yes encrypt passwords = no
I assumed that values were defaulted - although not the ones above. For the moment we have an existing NT domain - and I was allowing users that had a LINUX account to access their 'linux home' (and possibly other common areas on LINUX box) from their NT workstation. What kind of 'security' should I use? Share?
This allows Win 95 clients before second release and NT4 clients before service pack 4 to connect to the domain of your linux box. This is because by default, clear text passwords were sent over the network. Since then, Win95SE, Win98, NT service pack 4 onwards and Win2000 all use encrypted passwords by default. In which case you would have to set encrypt passwords = yes This also means you have to have a separate /etc/smbpasswd file to hold the encrypted passwords, whereas using encrypt passwords = no, the normal Linux passwords would be used. If however you wish to authenticate using an existing NT domain, set security = server # The following is just an example, #you put in your own IP address of your own domain server password server = 192.168.7.1 domain master = no encrypt passwords = yes
In this case no /etc/smbpasswd file is required however the users of the NT domain still need to be created locally on the Linux box for it to work. As an added thing, I usually edit the /etc/shadow file and place a * where the encrypted password would be. This stops users telnetting to the Linux box. I am assuming you have put on a recent NT service pack 4 to 6a to your server so the need for encrypt passwords to be yes.
Creating the smbpasswd file - can it be done automatically for all LINUX users? (I note that there appears to be mechanisms for synchronising passwd and smbpasswd files once the entries are there) I want users to telnet to the LINUX box- or at least users that have a LINUX account to be able to telnet....and run kde on their local X server. Can this authorisation be completely controlled from an NT Domain server? But I still need a list of users in the passwd file? -- Alan Davies Head of Computing Birkenhead School