Re: [suse-linux-uk-schools] Re: SAMBA setup
Which all brings me to the final problem...connecting to the LINUX box from a remote station. (smbclient //localhost/test -U% works fine)
My test samba config file is:
[global] log level=1 max log size = 1000 socket options = TCP_NODELAY IPTOS_LOWDELAY guest ok = no workgroup=BHEADS (my NT Domain name so that it appears in the right browse
[homes] browseable = no map archive = yes [printers] path = /usr/tmp guest ok = yes printable = yes min print space = 2000 [test] browseable = yes read only = no guest ok = yes public = yes path = /test
Entering the share from the brwose list on the NT server brings up a logon/password box (which surprises me - as I thought guest logon was ok).
Using a LINUX username and password The subsequent error message on the NT box reads 'The account is not authorised to login from this station'
Is this a problem with encrypted passwords? I add the line 'encrypt
to my smb/conf file (as per page 73, Reilly) and ....testparm doesn't like it.
Later in Reilly it states 'encrypted passwords = yes' which it also doesn't
Your /etc/smb.conf file contains no information on what type of security is required. If the samba server is to authenticate it's own users in it's own domain, set security = user domain master = yes domain logons = yes encrypt passwords = no This allows Win 95 clients before second release and NT4 clients before service pack 4 to connect to the domain of your linux box. This is because by default, clear text passwords were sent over the network. Since then, Win95SE, Win98, NT service pack 4 onwards and Win2000 all use encrypted passwords by default. In which case you would have to set encrypt passwords = yes This also means you have to have a separate /etc/smbpasswd file to hold the encrypted passwords, whereas using encrypt passwords = no, the normal Linux passwords would be used. If however you wish to authenticate using an existing NT domain, set security = server # The following is just an example, #you put in your own IP address of your own domain server password server = 192.168.7.1 domain master = no encrypt passwords = yes In this case no /etc/smbpasswd file is required however the users of the NT domain still need to be created locally on the Linux box for it to work. As an added thing, I usually edit the /etc/shadow file and place a * where the encrypted password would be. This stops users telnetting to the Linux box. I am assuming you have put on a recent NT service pack 4 to 6a to your server so the need for encrypt passwords to be yes. Regards Bill list) passwords= yes' like.
What should it be? Perhaps I should ask NT to do password authenication..
The hosts.deny file only contains a http-rman: all line.
-- Alan Davies Head of Computing Birkenhead School
On Tue 05 Dec, Bill Antonia wrote:
Your /etc/smb.conf file contains no information on what type of security is required. If the samba server is to authenticate it's own users in it's own domain, set security = user domain master = yes domain logons = yes encrypt passwords = no
I assumed that values were defaulted - although not the ones above. For the moment we have an existing NT domain - and I was allowing users that had a LINUX account to access their 'linux home' (and possibly other common areas on LINUX box) from their NT workstation. What kind of 'security' should I use? Share?
This allows Win 95 clients before second release and NT4 clients before service pack 4 to connect to the domain of your linux box. This is because by default, clear text passwords were sent over the network. Since then, Win95SE, Win98, NT service pack 4 onwards and Win2000 all use encrypted passwords by default. In which case you would have to set encrypt passwords = yes This also means you have to have a separate /etc/smbpasswd file to hold the encrypted passwords, whereas using encrypt passwords = no, the normal Linux passwords would be used. If however you wish to authenticate using an existing NT domain, set security = server # The following is just an example, #you put in your own IP address of your own domain server password server = 192.168.7.1 domain master = no encrypt passwords = yes
In this case no /etc/smbpasswd file is required however the users of the NT domain still need to be created locally on the Linux box for it to work. As an added thing, I usually edit the /etc/shadow file and place a * where the encrypted password would be. This stops users telnetting to the Linux box. I am assuming you have put on a recent NT service pack 4 to 6a to your server so the need for encrypt passwords to be yes.
Creating the smbpasswd file - can it be done automatically for all LINUX users? (I note that there appears to be mechanisms for synchronising passwd and smbpasswd files once the entries are there) I want users to telnet to the LINUX box- or at least users that have a LINUX account to be able to telnet....and run kde on their local X server. Can this authorisation be completely controlled from an NT Domain server? But I still need a list of users in the passwd file? -- Alan Davies Head of Computing Birkenhead School
On Tue 05 Dec, Bill Antonia wrote:
Your /etc/smb.conf file contains no information on what type of security is required. If the samba server is to authenticate it's own users in it's own domain, set security = user domain master = yes domain logons = yes encrypt passwords = no
I assumed that values were defaulted - although not the ones above.
For the moment we have an existing NT domain - and I was allowing users
had a LINUX account to access their 'linux home' (and possibly other common areas on LINUX box) from their NT workstation.
What kind of 'security' should I use? Share?
This allows Win 95 clients before second release and NT4 clients before service pack 4 to connect to the domain of your linux box. This is
because
by default, clear text passwords were sent over the network. Since then, Win95SE, Win98, NT service pack 4 onwards and Win2000 all use encrypted passwords by default. In which case you would have to set encrypt passwords = yes This also means you have to have a separate /etc/smbpasswd file to hold
encrypted passwords, whereas using encrypt passwords = no, the normal Linux passwords would be used. If however you wish to authenticate using an existing NT domain, set security = server # The following is just an example, #you put in your own IP address of your own domain server password server = 192.168.7.1 domain master = no encrypt passwords = yes
In this case no /etc/smbpasswd file is required however the users of the NT domain still need to be created locally on the Linux box for it to work. As an added thing, I usually edit the /etc/shadow file and place a * where
I suggest using the second method where Samba authenticates using another
PDC, security = server. This allows users to use their existing NT password
to access Samba shares without the need of a /etc/smbpasswd file. Login .bat
files on the PDC can automatically connect to the Samba shares without the
user being asked for another password during login. Again I would suggest
that you may want to edit the /etc/shadow file so that telnet cannot be
used. This means you do not have to be concerned with Linux passwords at all
unless you wish certain users to have that facility, in which case they
would have a separate password. This is the method I use at Beacon CC on our
admin network. By using root preexec and root postexec I make connections
for our admin users to two Win2000 servers through a Linux gateway without
them having to login for each share even though they have a different
password on the other network. Samba acts as a stepping stone through the
gateway.
As of synchronising the passwd file, I've never used it but it seems to be
simple Using Samba (O'Reilly), page 177. However I do suspect it requires
Samba to be set up as a PDC as it has a /etc/smbpasswd file which when a
password is changed automatically updates the password in /etc/shadow. This
will mean you would still have two sets of passwords one NT the other Samba,
now both in different domains. The alternative is to go the whole hog and
make Samba your PDC for your domain and make the NT servers authenticate
with it! I could be wrong here as I have not gone down this route.
Regards
Bill
PS Checked my copy of Using Samba (O'Reilly), encrypted passwords are used
from NT service pack 3 onwards by default not from service pack 4 as stated
earlier.
----- Original Message -----
From: Alan Davies
encrypted password would be. This stops users telnetting to the Linux box. I am assuming you have put on a recent NT service pack 4 to 6a to your server so the need for encrypt passwords to be yes.
Creating the smbpasswd file - can it be done automatically for all LINUX users?
(I note that there appears to be mechanisms for synchronising passwd and smbpasswd files once the entries are there)
I want users to telnet to the LINUX box- or at least users that have a LINUX account to be able to telnet....and run kde on their local X server.
Can this authorisation be completely controlled from an NT Domain server?
But I still need a list of users in the passwd file?
-- Alan Davies Head of Computing Birkenhead School
participants (3)
-
Alan Davies
-
Bill Antonia
-
Bill Antonia