HPE Community
Operating System - HP-UX
1753820 Members
8702 Online
108805 Solutions
New Discussion юеВ

Re: Hp-ux samba file permission on widows

 
Bigbang_1
Frequent Advisor

тАО01-21-2010 12:07 PM

тАО01-21-2010 12:07 PM

Hp-ux samba file permission on widows

Hi everybody!

I have hp-ux 11.23.I share file with windows domain users with samba.but I wanna configured permission according to users.How can I do that?

Regards...
0 Kudos
5 REPLIES 5
Keith Bryson
Honored Contributor

тАО01-22-2010 05:42 AM

тАО01-22-2010 05:42 AM

Re: Hp-ux samba file permission on widows

Hi there

Firstly, how many users are you doing this for?

You can setup Samba security to use authentication against the Unix server itself (your domain users will use another login and password).

You can also setup Samba to authenticate against the Windows ADS or PDC.

You can also create a global share and restrict access to IP addresses or domain names. This is a little harder to maintain however.

Give us a little more info and we can help you further. The answer depends on exactly what you want the solution to do for you.

Keith
Arse-cover at all costs
0 Kudos
Rita C Workman
Honored Contributor

тАО01-22-2010 06:53 AM

тАО01-22-2010 06:53 AM

Re: Hp-ux samba file permission on widows

We set up Samba shares so they could connect for Windows and made it strictly an open door. Then for a few exceptions we had to add security. Here is the quick copy of the instructions we wrote up afterwards, and I hope they help. Ignore anything specifically named for our site.
---------------------------------
For secured shares you have to do a couple other things:

1.Set up a UNIX group (ex xxxLEGAL) just for those who will use this secured share.
Add each user name to /etc/group using vi.
2.Must have a UNIX login account [uid=50's range used - doesn't matter #, this is my preference]
Set their shell = /usr/bin/false if Windows user
Set group = special share group from Step 1.
3.Run: smbpasswd -a
Set the password & confirm

The UNIX 'share' in smb.conf will look like this:

[xxxlegal]
comment =TEST xxxLegal share
path = /tmp/xxxLEGAL
public = no
browseable = no
valid users = bigbang rcworkman
guest ok = no
writeable = no

Secured users should now be ready to map network drive as usual, but instead of 'guest' they will use their secure-HPUX login_id and password.

NOTE: Remember that all batch jobs using data stored in shares must be run through using the 'nnnnnn' account. Generally, since batch jobs are done on HPUX, the 'nnnnnn' account has it's own login and should be made a member of the special secure group (ex xxxLEGAL) to have access to data. --------------------------------

We aded this new share to our existing 'open door policy' smb.conf configuration file, and it works fine. They can connect to the open-door shares, but when they need to connect to the secured (Legal) share they must have account and password.
Hope this helps,
Rita
0 Kudos
Bigbang_1
Frequent Advisor

тАО01-23-2010 11:37 AM

тАО01-23-2010 11:37 AM

Re: Hp-ux samba file permission on widows

I share only one folder with domain users.But all domain user enter that folder.I wanna some domain users use that folder.How can I configure?

Regards....
0 Kudos
Keith Bryson
Honored Contributor

тАО01-23-2010 02:30 PM

тАО01-23-2010 02:30 PM

Re: Hp-ux samba file permission on widows

Hi there

Rita has already given some good advice. Here it is explained again if you wanted a minimal number of users to use this share:

1. Add a Unix user account (on the server containing the shared folder) for each user who needs access to the share (userA, userB, userC in this example). Ensure that their shell is set to /bin/false as suggested by Rita. This allows them to access the share but gives them no ability to login to the Unix server.

Edit the smb.conf file (usually in /etc/opt/samba for HP-UX):

2. Add these lines within the "[global]" section at the top of the file:

security = server

password server = myadcserver1 myadcserver2 # specify names of AD or PDC servers
local master = no

3. At the bottom of the file add a section for the share:

[share_name]
# or something more descriptive
comment = My domain share

path = /my_unix_folder # the name of the folder you are sharing out

public = no
# very important!
writable = yes
browseable = no

valid users = userA, userB, userC


This would be mappable on Windows clients as \\myserver\share_name.

Because you've specified server security and the names of your AD/PDCs, the users shouldn't need to enter their passwords when connecting. If they do (once this is set-up), something is wrong.

Hope that helps. Can you please allocate points for the responses you've already had in this thread and let us know if you need any more help.

Best regards
Keith

Arse-cover at all costs
0 Kudos
Bigbang_1
Frequent Advisor

тАО10-18-2010 12:31 AM

тАО10-18-2010 12:31 AM

Re: Hp-ux samba file permission on widows

My problem was solved
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.