LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 07-11-2009, 06:55 AM   #1
vathsan
Member
 
Registered: May 2008
Posts: 46

Rep: Reputation: 15
Arrow mapping linux users with widows users using samba


Hello All

I work as an system administrator for AIX and Linux servers. We have an FTP server running in Linux which has shared folders to Windows domain using Samba.
The new requirement is to map users created to Linux machine to Windows users in such a way that, when a user logins into Windows machine with an ID say "X123" in domain "TEST", his access control to the samba shares should reflect based on the same user ID created in Linux machine.(FYI. Both the Windows and LINUX machines are in same network and domain).
Please let me know the step by step procedure to configure Linux machine (smb.conf entries or any new file to be created for user mapping) to identify Windows user Login and provide access restrictions accordingly. Any docs or existing solutions are much appreciated!!.

Please respond for any more details / clarifications needed.

Thanks in Advance!!

- Vathsan.
 
Old 07-12-2009, 10:21 PM   #2
Erik_FL
Member
 
Registered: Sep 2005
Location: Boynton Beach, FL
Distribution: Slackware
Posts: 797

Rep: Reputation: 247Reputation: 247Reputation: 247
Quote:
Originally Posted by vathsan View Post
Hello All

I work as an system administrator for AIX and Linux servers. We have an FTP server running in Linux which has shared folders to Windows domain using Samba.
The new requirement is to map users created to Linux machine to Windows users in such a way that, when a user logins into Windows machine with an ID say "X123" in domain "TEST", his access control to the samba shares should reflect based on the same user ID created in Linux machine.(FYI. Both the Windows and LINUX machines are in same network and domain).
Please let me know the step by step procedure to configure Linux machine (smb.conf entries or any new file to be created for user mapping) to identify Windows user Login and provide access restrictions accordingly. Any docs or existing solutions are much appreciated!!.

Please respond for any more details / clarifications needed.

Thanks in Advance!!

- Vathsan.
SAMBA provides a number of different ways to authenticate users and identify them. If you add each user with "smbpasswd" and make the user name and password identical to the Windows system then users will be logged on automatically (Windows sends the user name and encrypted password).

You can also use "winbindd" to have SAMBA directly authenticate users with the primary domain controller.

You can find out more about either program in the man pages.

man smbpasswd

man winbindd

There are two d's at the end of "winbindd".

Users and groups are identified by a SID (Security ID) and that comes from some computer that authenticates the user. Without a domain controller each computer authenticates users based on its own user database and each computer has a different SID for the same user name even if the passwords are identical. It is only the fact that the password will be sent automatically that avoids the need to explicitly log on to each other computer.

When a domain controller is present, computers agree to trust that domain controller to authenticate users. Users receive an SID for the domain. Computers that trust the domain controller accept the SID and identity of the user from the domain controller.

How a user logs on is important. If a user logs on to the domain then they receive an SID for the domain. If they log on to a single computer then they receive a different SID as a user just on that one computer. Thus the two users are considered different even if they have the same user name and password.

The "winbindd" service communicates with a domain controller to authenticate users for the domain instead of using a local (and separate) database (as with smbpasswd).

Since user names on domain controllers may differ from those on the Linux machine, there is a "username map" option in the "smb.conf" file. The user name map file contains the mapping between Windows user names (including a domain prefix) and a Linux user name for determining access permissions. That is how you can tie Windows domain users to Linux users for SAMBA.

You can find out more by using "man smb.conf" and then searching for "username map". Enter a forward slash to search the man page.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
importing linux users to samba users dolreich_c Linux - General 0 04-15-2009 01:01 AM
Active directory users to Samba users alexpacio Linux - Networking 0 05-19-2006 08:44 AM
Mapping drives to multiple users from XP Cagao Linux - Networking 6 02-02-2005 12:41 PM
Widows partition and usb devices not usable by users! Menokh Linux - General 2 03-11-2004 07:16 PM
SAMBA....mapping users and groups TheTrexx Linux - Networking 0 01-20-2003 01:10 PM


All times are GMT -5. The time now is 04:39 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration