Please remember to reply to the list, not to the individual. I
will reply on-list so that everyone can (hopefully) benefit
from our exchange.
On Tue, 2005-07-12 at 08:42 -0500, Josh Battles wrote:
> David Clymer said:
>
> > When you say that you can't log on, do you mean that your
> > username/password is rejected, or that you just dont see any shared
> > folders? What error messages are you getting on the clients when they
> > attempt to "log on"?
>
> My username and password is rejected. My Debian desktop picked up almost
> instantly a folder called "shared on beer" (beer is the server hostname) and
> popped it on the desktop when I booted. I'm able to see that same folder in
> Win2k but not access it from either OS.
For each computer (NT,2k,XP) that logs on to your domain, you will need to have set up a trust account:
$ adduser --home /dev/null --shell /bin/false --ingroup machine --force-badname --no-create-home --disabled-login --gecos "Machine Trust Account" MYCOMPUTER$
$ smbpasswd -m -a MYCOMPUTER
for each user that logs on or accesses shares, you need to have a unix and samba account:
$ adduser --shell /bin/false --disabled-login userbob
$ gpasswd -a userbob samba
$ smbpasswd -a userbob
The only password that matters to the user is the samba password.
The unix account provides a way to map users to unix permissions.
In order for a user to access a samba share, they must have
appropriate unix permissions on the folder, and also
meet any additional requirements set up in the share's
configuration in smb.conf
>
> > What version of windows are you refering to? Win XP, 98?
>
> Win2k and WinXP
>
> > This option conflicts with the "encrypt passwords = true" that you have
> > set above. You may as well comment this out, since pam is ignored when
> > passwords are encrypted (see man smb.conf).
>
> I must have missed that, I read that man page several times. I'll comment it
> out.
>
There's a lot to read. It's easy to miss stuff.
>
> > Your samba config does not have this directory shared.
>
> Using swat, I was able to create this share but am still unable to log into it.
>
> >> I'm new to this, I've only used linux as a desktop before, but since my old
> >> NT4 server died I thought I'd give it a try and see what it's got to offer
> >> there as well. I'm fairly familiar with configuration for desktop stuff
> >> but
> >> as all this server stuff is new to me I'm lost. Thanks in advance.
> >
> > Was your NT server acting as a PDC? In other words, are you hoping to
> > have samba work as a domain controller or just a win 95/98 type file
> > server?
>
> Yes, the NT server was actind as a domain controller. I was hoping to setup
> this server as the same but I've not gotten that far yet. Should I be
> setting it up as a domain controller before I setup samba?
>
You probably want to set it all up at once. Here are the main portions
of my config to get you started.
#======================= Global Settings =======================
[global]
# Do something sensible when Samba crashes: mail the admin a backtrace
panic action = /usr/share/samba/panic-action %d
# Change this for the workgroup/NT-domain name your Samba server will part of
workgroup = MAINST
# server string is the equivalent of the NT Description field
server string = File server
netbios name = VADER
# allow connections from all localnets except mail server and firewall
hosts allow = 192.168. 10.0.1.2 EXCEPT 192.168.10.2
# If you want to automatically load your printer list rather
# than setting them up individually then you'll need this
load printers = yes
# You may wish to override the location of the printcap file
; printcap name = /etc/printcap
# 'printing = cups' works nicely
printing = bsd
print command = lpr -P %p -h %s ; rm %s
lpq command = lpq -P %p
lprm command = lprm -P %p %j
# lppause command =
# lpresume command =
#
; guest account = nobody
; invalid users = root
# user maps
username map = /etc/samba/usermap.conf
# This tells Samba to use a separate log file for each machine
# that connects
log file = /var/log/samba/log.%m
# Put a capping on the size of the log files (in Kb).
max log size = 2000
# Set level of logging
log level = 2
# If you want Samba to log though syslog only then set the following
# parameter to 'yes'. Please note that logging through syslog in
# Samba is still experimental.
; syslog only = no
# We want Samba to log a minimum amount of information to syslog. Everything
# should go to /var/log/samba/log.{smb,nmb} instead. If you want to log
# through syslog you should set the following parameter to something higher.
syslog = 0
# "security = user" is always a good idea. This will require a Unix account
# in this server for every user accessing the server. See
# security_level.txt for details.
security = user
# You may wish to use password encryption. Please read ENCRYPTION.txt,
# Win95.txt and WinNT.txt in the Samba documentation. Do not enable this
# option unless you have read those documents
encrypt passwords = true
passdb backend = tdbsam guest
# passdb backend = smbpasswd
# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting
; include = /samba/etc/smb.conf.%m
# Most people will find that this option gives better performance.
# See speed.txt and the manual pages for details
# You may want to add the following on a Linux system:
# SO_RCVBUF=8192 SO_SNDBUF=8192
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
# --- Browser Control Options ---
# Please _read_ BROWSING.txt and set the next four parameters according
# to your network setup. The defaults are specified below (commented
# out.) It's important that you read BROWSING.txt so you don't break
# browsing in your network!
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
local master = yes
# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
os level = 65
# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
domain master = yes
domain logons = yes
# user logon/config directories
logon script = logon-scripts\%m.bat
logon home = \\%L\%U\
logon path = \\%L\%U\NTProfile
logon drive = H:
# Preferred Master causes Samba to force a local browser election on startup
# and gives it a slightly higher chance of winning the election
preferred master = yes
# --- End of Browser Control Options ---
# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
wins support = no
# WINS Server - Tells the NMBD components of Samba to be a WINS Client
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
wins server = 192.168.10.1
# This will prevent nmbd to search for NetBIOS names through DNS.
dns proxy = no
# What naming service and in what order should we use to resolve host names
# to IP addresses
name resolve order = lmhosts wins hosts bcast
# remote annouce
remote announce = harris.mainst.hrcsb.org/SERVERS
# Name mangling options
; preserve case = yes
; short preserve case = yes
# This boolean parameter controlls whether Samba attempts to sync. the Unix
# password with the SMB password when the encrypted SMB password in the
# /etc/samba/smbpasswd file is changed.
; unix password sync = false
# For Unix password sync. to work on a Debian GNU/Linux system, the following
# parameters must be set (thanks to Augustin Luton <aluton@hybrigenics.fr> for
# sending the correct chat script for the passwd program in Debian Potato).
; passwd program = /usr/bin/passwd %u
; passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n .
# This boolean controls whether PAM will be used for password changes
# when requested by an SMB client instead of the program listed in
# 'passwd program'. The default is 'no'.
; pam password change = no
# The following parameter is useful only if you have the linpopup package
# installed. The samba maintainer and the linpopup maintainer are
# working to ease installation and configuration of linpopup and samba.
; message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm %s' &
# obey pam restrictions = yes
obey pam restrictions = no
# Some defaults for winbind (make sure you're not using the ranges
# for something else.)
; winbind uid = 10000-20000
; winbind gid = 10000-20000
; template shell = /bin/bash
#======================= Share Definitions =======================
[homes]
comment = Home Directories
writeable = Yes
create mask = 0660
directory mask = 0770
browseable = No
csc policy = disable
admin users = @mis
[netlogon]
comment = Samba Network Logon Service
path = /samba/netlogon
admin users = @mis
write list = @mis
browseable = No
root preexec = /samba/netlogon/make-logon-script %m %L %H %u
create mask = 0640
directory mask = 2750
force group = samba
hope that helps.
-davidc
--
gpg-key: http://www.zettazebra.com/files/key.gpg
Attachment:
signature.asc
Description: This is a digitally signed message part