LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 10-19-2000, 11:02 AM   #1
Larry James
Member
 
Registered: Jun 2000
Location: Buffalo, New York
Distribution: Ubuntu, Raspbian
Posts: 381

Rep: Reputation: 40

If anyone sees (or know of) any upgrade of samba supporting User Level Access Control for Windows 9x authentication provider, please post a note here.

At present when networking under Windows 9x, if you have a Windows NT or Novel Server in your network you can use this resource to provide users level access for any resource on your Windows 9x machine. Without one of these servers, you can only give blanket passwords to folders, but not to users. Giving passwords to your Windows 9x folders isn't an ideal situation, because everyone uses the same password. If you modify it, you can't modify a resource for one person, you have to modify it for everybody. If you have a temporary person come in to work with your resources, you have to give them the password that everybody uses. When that person's job is done, you're stuck with someone offsite, or anywhere else, having access, unless you make a new password and redistribute it.

There are many reasons for prefering User Level access controls over passwords for resources.

I'm surprised it's taking the Samba developers so long. The have done most of it. With the recent version, you can make Samba your access control provider, but it will not present a list of users when you do the query for assignment.

I don't have WindowsNT in our network. I'd be glad to replace my Novel server with a Linux server, but have to retain the Novel server for one purpose, to provide a list for the User Level Access. I haven't updated the Novel in a number of years. Am holding off for the Linux support that I'm hoping will happen soon.

Thanks for anyone who reads the thread and see some progress in this area.

My current post is removing the doubt from many people who are trying to have Linux the Microsoft Netowrk controller, that it's not available at this time. I'm also hoping to have given some definition to what's involved and what to look for when the support arrive. During your observations of the alpha and beta releases of Samba, you might catch some of the advances quicker than I. If I see an advance with Samba in this area, I'll indeed post it here.

-- L. James
 
Old 10-19-2000, 11:22 AM   #2
jeremy
root
 
Registered: Jun 2000
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 13,020

Rep: Reputation: 3749Reputation: 3749Reputation: 3749Reputation: 3749Reputation: 3749Reputation: 3749Reputation: 3749Reputation: 3749Reputation: 3749Reputation: 3749Reputation: 3749
You have 2 options.
If all of you windows users have unix shell accounts - http://samba.linuxbe.org/en/samba/config/user-1.html

Or you can set Samba up as a PDC - http://samba.linuxbe.org/en/samba/config/pdc-1.html

 
Old 10-19-2000, 12:56 PM   #3
Larry James
Member
 
Registered: Jun 2000
Location: Buffalo, New York
Distribution: Ubuntu, Raspbian
Posts: 381

Original Poster
Rep: Reputation: 40
Thanks for the input, Jeremy. Not sure if you understand the objective. From a review of the links you gave, it seems that these are procedures to allow Windows users to access Linux resources. The objective is to allow Samba to control which users can access which Windows resources.

Yes, all the users have Unix accounts. Just as they currently have Novell accounts.

Setting up the access so that the Windows users can use the Linux resources is already done and has been included as long as I can remember from Samba, most likely from the beginning. It's also easy to have the users access the Linux resources per Username/Password level as desired for Windows.

The key to having Linux be the access controller for the Windows resources is to answer a query to provide a list of users to the Windows Network Administrator. I don't see any reference in either of the links to this, most likely because at this time it's not a feature that's available.

Please take a look at:

http://us4.samba.org/samba/docs/FAQ/#26 (Don't forget the "#26" in the link which the message page might not transfer)

The desired objective is not to actually give access to a resource, but to give authentication to or to validate a username/password for a Windows Workstation. This is to work in a peer-to-peer environment. I don't see a big problem with all the resources being on the server, the Linux machine. But some clients would like to have resources on each of the Windows stations in the network.

If you're understanding the desired objective and believe I'm missing the answer, and it's already provided, I'm anxious for advice.

-- L. James
 
Old 10-19-2000, 08:26 PM   #4
jeremy
root
 
Registered: Jun 2000
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 13,020

Rep: Reputation: 3749Reputation: 3749Reputation: 3749Reputation: 3749Reputation: 3749Reputation: 3749Reputation: 3749Reputation: 3749Reputation: 3749Reputation: 3749Reputation: 3749
Larry,
Here is the response I got from one of the Samba-TNG guys.
Quote:
To have Samba do what he was asking, you need to set up Samba as a PDC and tell Windows to join the domain. If you are not using NT, use Samba 2.0.x, if you are, you will need to use Samba TNG or Samba 2.2. You should then have your User list for Windows. You may have some problems
though. I have successfully set this up in a Windows 2000 and NT environment with Samba TNG 2.6.
 
Old 10-19-2000, 09:16 PM   #5
Larry James
Member
 
Registered: Jun 2000
Location: Buffalo, New York
Distribution: Ubuntu, Raspbian
Posts: 381

Original Poster
Rep: Reputation: 40
Thank you Jeremy. I believe this may be the key. This is why I mentioned any Aphla or Beta's. I seen reference to samba-tng, but didn't know if there were working models yet.
I'm going to look for the package and will let you know how I fair.

-- L. James
 
Old 10-20-2000, 11:23 AM   #6
Larry James
Member
 
Registered: Jun 2000
Location: Buffalo, New York
Distribution: Ubuntu, Raspbian
Posts: 381

Original Poster
Rep: Reputation: 40
Jeremy. The program logs and looks great. I see the "RPC" and all the neccessary support. However, at present I can't get it to show the list of users. At one time it would show the popup with world as the only resource to add. It would show the group and user icons but no one under group.

I did some changes trying to get it to work and now I'm getting the error can't view the list again.

Would you know a quick recipe to get it to working and presenting the list (amba-2.2.0-alpha0).
Thanks in advance for any suggestions.

-- L. James
 
Old 11-01-2000, 08:17 AM   #7
Larry James
Member
 
Registered: Jun 2000
Location: Buffalo, New York
Distribution: Ubuntu, Raspbian
Posts: 381

Original Poster
Rep: Reputation: 40
For anyone trying to get samba to provide security control for Windows 98 networking, and following this thread, the major problem is resolved. As always it was something very simple. The prerequisite is the TNG version. I made a mistake by thinking the latest alpha was TNG, not noticing the TNG wasn't included in the name. The latest alpha on the site was samba-2.2.0.alpha0 which was released in October. Samba-tng-alpha-2.6 was released a few months earlier. I grabed what I thought was the latest and would have all the features.

Installing the TNG version and using a sample pdc.smb.conf provided the users list.

There are other new problems. One is, I used the default workgroup from the sample file LARS, and now the passwords will only be validated when using that workgroup/domain. I prefer a differnt name to be consistent with my current network scheme which has nearly 20 computers. Even removing samba and staring over would not fix the problem. The passwords are only validated when using LARS as the workgroup/domain. No other workgroup name will work.

The error in the log.smb is:

LSA_OPENSECRET: NT_STATUS_OBJECT_NAME_NOT_FOUND
SMB LM/NT Password did not match!
Rejecting user 'ljames': authentication failed

-- L. James
 
Old 11-08-2000, 11:13 AM   #8
Larry James
Member
 
Registered: Jun 2000
Location: Buffalo, New York
Distribution: Ubuntu, Raspbian
Posts: 381

Original Poster
Rep: Reputation: 40
Hi, All. Anyone watching or interested in this thread may know that I finally got the samba-tng working as a PDC for Windows 98. The problems, as always were simple one. However there were a number of simple problems combined.

The first problem was the I had mis-interpreted the most recent dated alpha samba-2.2.0.alpha0 to as a tng package. It was sorted away from the samba-2.0.x distros in the mist of the samba-tng-alpha-2.x packages. I know I should have noticed the tng wasn't included in the name.

I'm surprised that none of the support newsgroups and news list that I posted to noticed this, as I included the full version number with every post.

Then after installing samba-tng-alpha-2.6 there were problems with the smb.conf file. I downloaded a samble and ran it totally as it's default and configurated most of my network accordingly. It worked. Now I changed the workgroup/domain name to a name consistent with my network nameing scheme which caused it to fail again.

The DOS speak of the workgroup as the domain. However, it's tricky for Windows 98 to log into the domain, because currently the only way is to have the domainname configured under the network properties / client for Microsoft Networks set. Having the network isn't enough.

I'm sure the details I'm mentioning might be taking away from the point, as I'm skipping a lot to try to keep from writing a book.

At present, it working and I've learned a lot of which I'll gladly share with anyone else having problems with the same.

Currently it has only one drawback that I can see for my purpose. The only way Windows 98 can use the resources is to have a password protected logon access. This isn't ideal for my machines which I prefer to boot all the way up without pause, and allow the user to run login utilities to log in to needed resources later. Some of the machines do task such as run demos for clients, answer the phone, does faxing processing and more. At present, to have access to the network the machines can't fully boot up without a valid samba password entered.

Thanks goes out to all who had input on the problem.

-- L. James
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
control user access ust Linux - General 1 06-07-2005 08:05 AM
Slow User Level Security in Samba drumltd Linux - Networking 0 01-10-2005 04:23 PM
Samba - Combination of user and share level security? kleptophobiac Linux - Software 0 07-20-2004 02:15 PM
higher access level for a user? herc Linux - General 2 12-29-2003 10:50 AM
samba PDC - user level access ilumin8d Linux - Networking 0 08-19-2001 03:09 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 03:37 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration