Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I would like users that are authenticated through the Windows 2000 Domain Controller here at work to connect to my gentoo samba box. I've set the 'security = server' and 'password server = WIN2000SERVER', but authenticated users still cannot connect to my samba box. Is there something I've missed? Do I need to do something to the smbpasswd file?
I've also tried the 'security = domain' 'password server = *' with the same results.
To do the latter try this. The text comes from another post. Modify the script to fit the commands of your distro.
security = domain
password server = xxxxxx
These settings tell Samba to let the domain controller do the authentication. It will ignore the smbpasswd file and accept the password that has been authenticated by the domain conroller (password server).
The only catch here is that the user still needs to exist in the (Linux) passwd file.
There is also a way to automatically add the user to the passwd file if he doesn't exist on the Linux machine but is authenticated by the domain controller. The command needs to be entered under the global section of the smb.conf file.
add user script = useradd %u -c "Account from PDC" -s /bin/false -d /home/%u -m -n -g finance
This says to Samba:
add the user and use the username sent by the domain controller
useradd %u
the user comment is "Account from PDC"
- c "Account from PDC"
don't allow the user to log on locally (i.e. from the samba machine)
-s /bin/false
create a home directory under /home and call it the name of the user
-d /home/%u -m
add the user to the group finance
-n -g finance.
I got the script from the November 2002 edition of SysAdmin magazine in an article written by Arnie Miles. I haven't worked through all the security implications of letting Samba automatically adding users to the Linux machine.
I did as you suggested, but I still cannot access my Samba box with users that have not been added with the 'smbpasswd -a' command line. How do I execute that script? Can I write a script to add all users that are in the domain to the passwd file? I very likely can obtain a text file containing all users and their passwords. Is this a possible plan?
If you place the above mentioned script into your smb.conf file and restart the daemon, Samba will add the users as they attempt to connect to the server.
Last edited by biggiefatts; 02-18-2003 at 08:32 AM.
I did do that, but nogo. As I connected from Win98 machines (eventually I will be connecting with Win2k/XP boxes, also), I still got a prompt asking for the $IPC password. Entering the user's password form the domain did not go through. Would doing 'security = server' 'server = xxxxx' work instead of domain?
got it, whoot! I changed the security to server, and found that the '-n' option was bad (in my distro - Slackware). Once I corrected those two things, we're up and running! This is terrific! Thanks guys!!!!
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.