HPE Community
Operating System - HP-UX
1822231 Members
3791 Online
109642 Solutions
New Discussion юеВ

Samba/CIFS issue

 
SOLVED
Go to solution
Marc Baker
Occasional Contributor

тАО02-01-2007 07:37 AM

тАО02-01-2007 07:37 AM

Samba/CIFS issue

We are testing converting to a trusted system. I ran into an issue with SAMBA/CIFS that I would like some advise on. The NT logins are all numeric. Trusted systems will not allow this, thus the domain-level security will not work. Does anyone have a best case scenario where Windows users can seemlessly connect to a samba share on the hp without having to enter any additional authentication?

Thanks,
0 Kudos
Reply
3 REPLIES 3
Wim Rombauts
Honored Contributor

тАО02-01-2007 06:41 PM

тАО02-01-2007 06:41 PM

Re: Samba/CIFS issue

I am not familiar with trusted systems, and you don't specify this in your entry, but have you tried to configure your system to use pam_ldap or pam_kerberos (if that is possible with a trusted system) with samba using AD-kerberos integration ?
0 Kudos
Reply
Michael Allmer
Frequent Advisor

тАО02-02-2007 01:11 AM

тАО02-02-2007 01:11 AM

Solution

Re: Samba/CIFS issue

You could try using username map.
Here is the info:
username map (G)
This option allows you to specify a file containing a mapping of usernames from the clients to the server. This can be used for several purposes. The most common is to map usernames that users use on DOS or Windows machines to those that the UNIX box uses. The other is to map multiple users to a single username so that they can more easily share files.

The map file is parsed line by line. Each line should contain a single UNIX username on the left then a '=' followed by a list of usernames on the right. The list of usernames on the right may contain names of the form @group in which case they will match any UNIX username in that group. The special client name '*' is a wildcard and matches any name. Each line of the map file may be up to 1023 characters long.

The file is processed on each line by taking the supplied username and comparing it with each username on the right hand side of the '=' signs. If the supplied name matches any of the names on the right hand side then it is replaced with the name on the left. Processing then continues with the next line.

If any line begins with a '#' or a ';' then it is ignored

If any line begins with an '!' then the processing will stop after that line if a mapping was done by the line. Otherwise mapping continues with every line being processed. Using '!' is most useful when you have a wildcard mapping line later in the file.

For example to map from the name admin or administrator to the UNIX name root you would use:

root = admin administrator

Or to map anyone in the UNIX group system to the UNIX name sys you would use:

sys = @system

You can have as many mappings as you like in a username map file.

If your system supports the NIS NETGROUP option then the netgroup database is checked before the /etc/group database for matching groups.

You can map Windows usernames that have spaces in them by using double quotes around the name. For example:

tridge = "Andrew Tridgell"

would map the windows username "Andrew Tridgell" to the unix username "tridge".

The following example would map mary and fred to the unix user sys, and map the rest to guest. Note the use of the '!' to tell Samba to stop processing if it gets a match on that line.

!sys = mary fred
guest = *

Note that the remapping is applied to all occurrences of usernames. Thus if you connect to \\server\fred and fred is remapped to mary then you will actually be connecting to \\server\mary and will need to supply a password suitable for mary not fred. The only exception to this is the username passed to the password server (if you have one). The password server will receive whatever username the client supplies without modification.

Also note that no reverse mapping is done. The main effect this has is with printing. Users who have been mapped may have trouble deleting print jobs as PrintManager under WfWg will think they don't own the print job.

Default: username map = /etc/opt/samba/username.map

Example: username map = /usr/local/samba/lib/users.map
Reply
Geoff Wild
Honored Contributor

тАО02-02-2007 02:03 AM

тАО02-02-2007 02:03 AM

Re: Samba/CIFS issue

Best is to let Windows do the authenticating...I don't have trusted systems (as we use 3rd party product for security) - but you could try ADS mode.

See my thread on setup here:

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=949365

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.