Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Samba and win2k domain controller ?! Winbind.......
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
pZYchO
n00b
n00b


Joined: 28 Apr 2003
Posts: 61
PostPosted: Wed May 21, 2003 10:08 pm    Post subject: Samba and win2k domain controller ?! Winbind....... Reply with quote
Hi there,

I set up a win2k domain controller, I want samba to act as fileserver in the domain... Joining the samba server into the domain wasn't a problem, but authentication against the win2k server failed...

Here is a part of my smb.conf:
Code:

[global]
   workgroup = pzychonet
   netbios name = fileserver
   server string = FileServer
   log file = /var/log/samba/log.%m
   max log size = 50
   hosts allow = 192.168.199. 127.
   security = domain

   password server = pzycho-dc-w2k
   encrypt passwords = yes

   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

   interfaces = eth0 192.168.199.0/24
   bind interfaces only = yes
   hide local users = yes

   domain master = no
   preferred master = no
   domain logons = no

   dns proxy = no

   winbind enum users = yes
   winbind enum groups = yes

   winbind uid = 30000-40000
   winbind gid = 30000-40000

   template homedir = /var/lib
   template shell = /bin/false

   winbind cache time = 60
   winbind use default domain = yes

[teamdrive]
   comment = teamdrive
   path = /data/teamdrive
   writable = yes
   create mode = 0600
   directory mask = 0700
   force user = smb
   write list = @home, mighty


As you can see, I added the user smb, this user has full access to my share(s) (I only added an example, whole smb.conf is too large). I added the user with smbpasswd (-n to avoid the user/password box).
That's enough security for my home network... =)

When I try to connect (from the domain controller) the user / password box appears. Even if I put in smb as user i cannot connect.
Because of that problem I changed the password. After trying to connect again, I get the box again and can connect as smb / <password>

But there is another hing which makes it really interessting. When I try to connect as a user the domain controller don't know, in the log file appears a message that the user can not be found... When I use a known user no message appears in the log..........

I tried a lot of things, read all documentations I found but I wasn't able to solve the problem.

Hope somebody can help me...

Thx...

P.S.: Sorry about my english, I'm german...... =)
Back to top
View user's profile Send private message
SirJoltalot
n00b
n00b


Joined: 11 Aug 2002
Posts: 30
Location: Toronto, Canada
PostPosted: Sat May 24, 2003 4:49 am    Post subject: smbpasswd Reply with quote
The user smb - which password did you change? When you use samba, there are sort of "two" users. One UNIX user and one Samba user. There is a way to link them together, so that changes to the UNIX user affect the Samba user, but I can't remember precisely what it is.

So you'll need to use smbpasswd to add a Samba user 'smb', and give that user the password you want.

In general, what I do for Samba-only users is setup a UNIX user with no password, no homedir (maybe you want them to have a homedir for Samba, up to you) and no shell (or /bin/false as shell). Then they can't login on the console, so the lack of password doesn't matter too much. I also make sure they're not in any important groups, like wheel or anything. Then just use smbpasswd to add a Samba user with the same username, and set the password there.

I think that might be your problem, but maybe you knew that already...
_________________
"The degree to which life sucks is directly proportional to your blood/caffeine ratio"
Back to top
View user's profile Send private message
pZYchO
n00b
n00b


Joined: 28 Apr 2003
Posts: 61
PostPosted: Sat May 24, 2003 5:19 pm    Post subject: Reply with quote
Hi

unfortunately that's not the problem. I know what you are talking about. But I have another Problem.

Winbind creates the link between unix and windows users (domain users). That works for me, I can even login to unix with a windows user (DOMAIN+USER), the password is the same (like from win client).

With wbinfo -u I can see all users, with winbind -g all goups (on domain controller), but winbind doesn't add the users to unix (getent passwd, getent group doesn't show the domain users / groups).

That the problem.

What I really can't understand is, that wbinfo can resolve domain users to unix uids... They are in the range I gave winbind in smb.conf.........
If somebody had the problem, or have an idea please advise me.........
Back to top
View user's profile Send private message
pZYchO
n00b
n00b


Joined: 28 Apr 2003
Posts: 61
PostPosted: Mon May 26, 2003 10:11 am    Post subject: Reply with quote
Ok, now it works... I don't know why and how, but it works... =) I remerged the package, because of acl support.......

That's my next Problem, anyone expirience on setting up acl support. If possible I want to use reiserfs.......
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy