Samba Qiuestion

treloskostas · 09-11-2007, 07:34 AM

Hi!

I am having difficult times with my Samba server and I would like your help for some issues I am facing.

I am running a Windows PDC for password serving only for my windows users.

I am also running a SAMBA/NIS/NFS server on a linux box for my unix users.

I have created a folder on the NIS/SAMBA/NFS server so unix users can see it via NFS.

The thing I am not able to do is how to add this folder into my SAMBA configuration file in order my Windows users can also access the same folder.

Both WINDOWS AND UNIX users have the same usernames but the authenticate to a different server with different passwords depending where the wish to logon (windows pcs or linux pcs).

My problem now is with the authentication of a user....

The folder that is created by the "ZZZ" user for example (ZZZ user has unix password) on the linux box cannot be accessed via samba.

"ZZZ" user also exists on the windows password server, but with another password.

As a result when I am trying to access my unix folder on the linux box from samba shares (\\linuxbox\sharedfolder) I can not be authenticated because when I provide my windows password, Samba server cannot grant me access telling me that "chdir (/sharedfolder) failed". If I try to login with as a windows ZZZ user with my windows password a windows pop ups indicating that my Access is Denied....

Here is my smb.conf file from my samba server.

Code:

# Samba config file created using SWAT
# from 127.0.0.1 (127.0.0.1)
# Date: 2007/09/11 13:28:32

[global]
        workgroup = WORKGROUP
        realm = TEST.COM
        server string = Samba Server (%h)
        security = ADS
        password server = xxx.xxx.xxx.xxx
        log level = 2
        log file = /var/log/samba/%m.log
        max log size = 50
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        printcap name = cups
        dns proxy = No
        idmap uid = 10000-11000
        idmap gid = 10000-11000
        template shell = /bin/bash

[msdata]
        comment = Microsoft Data
        path = /msdata
        read only = No
        create mask = 0777
        inherit permissions = Yes

[sharedfolder]
        comment = Projects
        path = /sharedfolder
        create mask = 0777
        inherit permissions = Yes

[profiles$]
        comment = User Profiles
        path = /msdata/profiles
        read only = No
        create mask = 0700
        inherit permissions = Yes

[printers]
        comment = All Printers
        path = /var/tmp
        read only = No
        create mask = 0600
        guest ok = Yes
        printable = Yes
        use client driver = Yes
        browseable = No

Does anyone have a solution, suggestion on this?

Thank you very much.

Kostas

kstan · 09-11-2007, 09:17 AM

due to samba and unix use two separate account, u can accomplish this task via samba script.
Whenever a user is created from samba, an Unix user will be created first (Samba user need to map to existing unix users).

To make your job become easier, using centralize database like openldap is a good ideal.

treloskostas · 09-11-2007, 01:42 PM

I have never done such think and I don't think that this will solve my current problem. It will surely create more problems storing all my passwords in one centralized database... Is there any other work around with my current setup? I don't want to mess with openldap because I am sure that other issues will come up as I have never tried that before.

kstan · 09-18-2007, 11:25 PM

Hi treloskostas,

You condition is little bit tricky, lets sort out your questions first.
1. You have NIS server to keep the user account
2. You have Windows Server to keep all user account
3. You want to allow both Windows/Linux user able to access the share folder
4. You want to have let Linux open share folder with NFS.
5. You want to let Windows user open share folder via samba
6. Windows and Linux use same username but difference password(Or you want to make it same?).

Unfortunately I don't have this kind of environment but lets try to propose some ideal first.

Step 1, Make sure your file server join into NIS environment, the you can login via nis user/password and able to asign the permission on nfs via nis user account.
Step 2, Ask samba to use windows PDC as password server.
Step 3, map unix (nis) user to windows (windows pdc) users via /etc/samba/smbusers
Step 4, Assign a folder (assume /var/share) with NIS user permission.
Step 5, Share the folder via NFS, Linux user test it whether have read/write permission.
Step 6, Share the folder via samba, Windows user test it whether have read/write permission.

I believe above is too brief, however you can try it and feed back which potion you having a problem.
This is a bit challenge because it need more skill.

Good luck,
Regards,
Ks