HPE Community
Operating System - HP-UX
1847129 Members
5822 Online
110263 Solutions
New Discussion

Re: CIFS server

 
SOLVED
Go to solution
j773303
Super Advisor

‎07-13-2004 05:38 PM

‎07-13-2004 05:38 PM

CIFS server

Is it possible no need popup a window for user password authentication while access HP-UX as CIFS server from windows client ? Because I have a Applicaton need access CIFS Server (hp-ux), and I don't want to see the use login prompt.

Hero
0 Kudos
Reply
13 REPLIES 13
Ravi_8
Honored Contributor

‎07-13-2004 06:51 PM

‎07-13-2004 06:51 PM

Re: CIFS server

Hi

It's possible, you need to map the user in samba's username.map file
never give up
0 Kudos
Reply
j773303
Super Advisor

‎07-13-2004 07:02 PM

‎07-13-2004 07:02 PM

Re: CIFS server

Where is the user map file? How to configure it ? Thanks in advanced.
Hero
0 Kudos
Reply
Stefan Schulz
Honored Contributor

‎07-13-2004 08:17 PM

‎07-13-2004 08:17 PM

Re: CIFS server

Hi,

first create a username.map file in the form

unixuser = ntuser1, ntuser2, ...

store this file wherever you want. But the default name an location is: /etc/opt/samba/username.map

then go to the smb.conf and edit the entry

username map = /etc/opt/samba/username.map

This should do the trick.

Hope this helps

Regards Stefan
No Mouse found. System halted. Press Mousebutton to continue.
0 Kudos
Reply
j773303
Super Advisor

‎07-13-2004 08:39 PM

‎07-13-2004 08:39 PM

Re: CIFS server

Sorry, I still not understanding.

I've using "smbpasswd -a root". You mean I need to set root = ??? in the username.map ???
Hero
0 Kudos
Reply
Geoff Wild
Honored Contributor

‎07-14-2004 12:47 AM

‎07-14-2004 12:47 AM

Solution

Re: CIFS server

First - what is security = to in your /etc/opt/samba/smb.conf file?

If you live in a Windows domain, then you can use security = SERVER and point password server = NTDOMAINCONTROLLER

That way, all Windows authentication happens on NT - the users will not get prompted.

If you open up a web browser, go to:

http://yourhpserver:901/

Sign in as root, go to "Globals", click on "Advanced View"....scroll down to "username map", then click on "Help".

A lot of good online documentation to help you setup samba.

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
Reply
j773303
Super Advisor

‎07-14-2004 02:24 PM

‎07-14-2004 02:24 PM

Re: CIFS server

I set the smb.conf as below, but it seems windows still pop-up a window for ask me enter username and password.
Can you tell me what I set wrong? Thanks.

smb.conf
[global]
workgroup = atriecom
security = SERVER
encrypt passwords = yes
password server = NTDOMAINCONTROLLER

[tmp]
comment = Temporayr Directory
path = /tmp/123
browseable = yes
Hero
0 Kudos
Reply
Franky_1
Respected Contributor

‎07-14-2004 07:16 PM

‎07-14-2004 07:16 PM

Re: CIFS server

Hi,

password server=
You should use the real name not the expression "NTDOMAINCONTROLLER"

HTH

Franky
Don't worry be happy
0 Kudos
Reply
Franky_1
Respected Contributor

‎07-14-2004 11:07 PM

‎07-14-2004 11:07 PM

Re: CIFS server

Hi,

just to be curious - did my answer help you in any way ?

Franky
Don't worry be happy
0 Kudos
Reply
sreejith_4
Frequent Advisor

‎07-14-2004 11:31 PM

‎07-14-2004 11:31 PM

Re: CIFS server

Hi,

In smb.conf file,
workgroup = your NT domainname
security = server
password server = Your domain controller

Thanks
Sreejith M
0 Kudos
Reply
Stefan Schulz
Honored Contributor

‎07-14-2004 11:36 PM

‎07-14-2004 11:36 PM

Re: CIFS server

Hi again,

if you have an NT Domain it is reconmendet to set the security level to "DOMAIN" and not to "SERVER".

This is more reliable and produces less load on the network.

Also you can have more than one entry in the server field. So if one server is unavailable the authentfication can still be processed.

Hope this helps

Regards Stefan
No Mouse found. System halted. Press Mousebutton to continue.
0 Kudos
Reply
Geoff Wild
Honored Contributor

‎07-15-2004 12:33 AM

‎07-15-2004 12:33 AM

Re: CIFS server

I disagree - SECURITY=DOMAIN has been plagued with troubles since it's inception - the only safe way is to have Samba be the domain controller....from Samba Help:

SECURITY = DOMAIN

This mode will only work correctly if smbpasswd(8) has been used to add this machine into a Windows NT Domain. It expects the encrypted passwords parameter to be set to yes. In this mode Samba will try to validate the username/password by passing it to a Windows NT Primary or Backup Domain Controller, in exactly the same way that a Windows NT Server would do.


SECURITY = SERVER

This is the best in a "mixed mode" environment

SECURITY = SERVER

In this mode Samba will try to validate the username/password by passing it to another SMB server, such as an NT box. If this fails it will revert to security = user, but note that if encrypted passwords have been negotiated then Samba cannot revert back to checking the UNIX password file, it must have a valid smbpasswd file to check users against. See the documentation file in the docs/ directory ENCRYPTION.txt for details on how to set this up.


As far as pop up, here's my smb.conf:

# Global parameters
[global]
workgroup = $PCA
netbios name = IPRCI
netbios aliases = IPRDB
interfaces = 192.168.176.30 192.168.176.31 127.0.0.1
bind interfaces only = Yes
security = SERVER
encrypt passwords = Yes
password server = PCBDC01, PCBDC02, PCBDC03, PCBDC04
username map = /etc/opt/samba/username.map
log level = 2
syslog = 0
log file = /var/opt/samba/log.%m
max log size = 10000
keepalive = 0
load printers = No
show add printer wizard = No
preferred master = No
domain master = No
wins server = PCANS01
valid users = gwild, user1, user2, myadmin, sapservice1, smbnull, doc-link, ardschq, pm_doclink_sap
read only = No
create mask = 0664
force create mode = 0664
directory mask = 0775
short preserve case = No
dos filetime resolution = Yes


Did you restart samba after making changes to your smb.conf?

I have also found that sometimes, you have to add the Unix Server to the Windows Domain as a Workstation in the Domain.

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
Stefan Schulz
Honored Contributor

‎07-15-2004 12:43 AM

‎07-15-2004 12:43 AM

Re: CIFS server

Hi,

this is starting to become an interesting discussion. I have to agree and disagree with Goeff.

I have to disagree that security = DOMAIN is a plague. Our experience is that is much more relieable than security = SERVER.

But i have to agree:

IF you set security = DOMAIN you HAVE to add the samba server to the Domain using smbpassd. If you are NOT willing to do this DONT use security = DOMAIN.

Hope this makes my previous posting clearer.

Regards Stefan
No Mouse found. System halted. Press Mousebutton to continue.
0 Kudos
Reply
Geoff Wild
Honored Contributor

‎07-15-2004 12:59 AM

‎07-15-2004 12:59 AM

Re: CIFS server

Also, with SECURITY=DOMAIN, if your Windows is now using Active Directory (or will be soon) - it will break Samba - unless you are running Samba 3.X - which has limited support for Active Directory.

Don't get me wrong, I run SECURITY=DOMAIN on my home Network, and it works quite well - but I have no NT Servers - just my Linux server acting as a Domain controller for my 3 Windows clients.

At work, the Windows Guys don't want us in their sandbox - if you catch my drift - that's why we use SECURITY=SERVER.

Remember - you still need to have Unix accounts = to the Windows accounts and/or map multiple Windows id's to a single Unix id.

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.