LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 11-19-2003, 10:58 PM   #1
sharkcohen
LQ Newbie
 
Registered: Nov 2003
Posts: 8

Rep: Reputation: 0
using 2000 Server to authenticate users for Samba


I'm using Samba version 2.2.1a on Red Hat 7.2. I have a Windows 2000 Server domain with 2000 Pro clients. I added the Linux machine to Users and Computers in Active Directory. I can see the Linux machine and the share I created in Samba in My Network Places. Before configuring smb.conf to set up 2000 Server to authenticate users for access to the Linux share, I could access the Linux share fine. In smb.conf, I set security = server and password server = *. After, when trying to connect to the share, I get the following message on the 2000 Pro machines: Incorrect password or unknown username. Some please help.
 
Old 11-20-2003, 09:13 AM   #2
baz2
Member
 
Registered: Nov 2002
Posts: 73

Rep: Reputation: 15
I'd seriously consider upgrading to a later version of RH/Samba. I'm not up to date on the various versions of samba, but with RH 9, I use security=domain. This requires linux machine to have been joined to the domain (not sure that this is the same, or simply accomplished by, adding the machine through the users and computers console). It also requires linux accounts on the linux machine corresponding to the accounts on the windows machine, but you do not need samba accounts. With security=server, I think you are going to not only have to have a linux account and password for each windows user account, but a samba account and password.

I suggest you read this to understand the various samba security modes.
 
Old 11-20-2003, 01:01 PM   #3
sharkcohen
LQ Newbie
 
Registered: Nov 2003
Posts: 8

Original Poster
Rep: Reputation: 0
I've been considering upgrading Samba, probably am going to do that tomorrow. Thanks for the link.
 
Old 11-20-2003, 06:53 PM   #4
sharkcohen
LQ Newbie
 
Registered: Nov 2003
Posts: 8

Original Poster
Rep: Reputation: 0
Does anyone else have any thoughts on this? Would it help if I posted my smb.conf? Understand, I've done a ton of reading on this subject and came up with nothing but conflicting answers. If anyone has anything to add, please don't be shy.
 
Old 11-21-2003, 08:38 AM   #5
baz2
Member
 
Registered: Nov 2002
Posts: 73

Rep: Reputation: 15
Have you configured samba accounts and passwords? I think you need to do that with security=server. Read here for instructions on configuring samba passwords.

Assuming that you have samba passwords and accounts corresponding to your Windows passwords and accounts, then users logged in on a windows machine should be able to access their home directories on the linux machine (as well as any public shares).

To be clear, on the linux machine, you need both linux accounts and samba accounts/passwords. Assume you have a windows user named "joeblow" with a password of "password." Set up a linux account for "joeblow." Then configure a samba account/password for "joeblow" with a password of "password" using the steps outlined in the link above. (There is a better way, for managing these samba accounts, but I suggest you do it the way described above first so that you understand what is involved.) Now with "joeblow" logged into the windows machine, have him browse the network and find the samba server. When he double clicks on it, his "joeblow/password" credentials get passed to the samba server, and a window opens showing his home directory and public shares on the samba server.
 
Old 11-21-2003, 08:45 AM   #6
baz2
Member
 
Registered: Nov 2002
Posts: 73

Rep: Reputation: 15
Just another comment, prompted by taking another look at the subject header for this thread.

security=server doesn't really constitute "using 2000 Server to authenticate users for Samba." If you read the first link I posted on samba security levels, you'll see where it describes security=server as a form of security=user. That's why you need the samba passwords.

You need security=domain for samba to rely on a Windows server for authentication. And the windows server has to be a domain controller. I suggest you look into how this level of security is configured, and especially the command necessary to get your linux machine trusted by the domain. It is in that first link I posted.
 
Old 11-21-2003, 04:52 PM   #7
sharkcohen
LQ Newbie
 
Registered: Nov 2003
Posts: 8

Original Poster
Rep: Reputation: 0
Thanks for the additional info. I do have a 2000 Server domain controller, in native mode. I had tried setting security = domain and then tried using the command smbpasswd -j [domain controller] -r [domain name] -Uadmin%password (with my acutal names and passwords, not this generic example), and I got two consecutive error messages. I cannot remember offhand the exact content of the messages (which I can post later), but the jist was "failed". That's why I tried adding the Linux machine into Active Directory on the domain controller side. I'm not sure, but I'm wondering if the problem here might be my version of Samba.

In any case, thanks for all the links, I'm going to read them all and try to get this working later tonight.
 
Old 11-24-2003, 12:16 AM   #8
sharkcohen
LQ Newbie
 
Registered: Nov 2003
Posts: 8

Original Poster
Rep: Reputation: 0
I was not able to figure out what the problem was with the version of Samba I was using. However, upgrading to v3.0.0 helped. In v3.0.0 I was able to use the "net rpc join" command (not available in the version I was previously using) to connect the Samba machine to the 2000 domain, and with "security = domain" everything worked well.

I did indeed need a corresponding Linux account on the Linux machine. I did have one set up for testing when I was using the previous version of Samba. Now I'm trying to get winbind to work to eliminate the need for the Linux accounts (it's not going well).

Thank you for the help, baz2.

Last edited by sharkcohen; 11-24-2003 at 12:18 AM.
 
Old 11-24-2003, 06:57 AM   #9
baz2
Member
 
Registered: Nov 2002
Posts: 73

Rep: Reputation: 15
Glad to help. On windbind, why do you think you need it? I'm asking, because I'm still trying to figure out the role of windbind if using a linux machine as a file server as opposed to a workstation. I've installed it a few times, just to play around with it. What it does -- from my perspective -- is allow NT/2K domain users to log in locally on a linux machine. That's fine, if the machine is to be used as a user workstation, but I generally do not want users logging into my servers. (Plus, I haven't figured out yet how to serve up roaming profiles to linux workstations running windbind, and until I do, that limits their usefulness as a NT/2K domain workstation from my point of view.)

So I find that security=domain, with linux accounts on the linux box, adequate for my purposes (as a file server for NT/2K roaming profiles, and as a print server). Especially nice, from my POV, is that the linux accounts need not have a password matching the password of the NT/2K user being authenticated by the DC. This keeps the user from being able to log into the server with their NT/2K account.

Good luck with samba. It has been a lifesaver for me.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Authenticate samba users against PAM yapp Linux - Networking 0 11-24-2005 05:59 AM
authenticate samba users using the NIS manojthakkar Linux - Networking 1 07-25-2005 07:48 PM
authenticate samba users using the NIS manojthakkar Linux - Newbie 1 02-02-2004 11:45 AM
Samba and LDAP in Linux to authenticate on Windows 2000 PDC Linh Linux - Networking 2 05-09-2003 07:24 AM
LINUX RAS authenticate users to Win 2000 severian23 Linux - Networking 1 01-11-2003 01:43 AM


All times are GMT -5. The time now is 05:52 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration