HPE Community
Operating System - HP-UX
1834127 Members
2195 Online
110064 Solutions
New Discussion

Re: Samba configuration help

 
Jon Camp
Occasional Advisor

‎07-19-2002 01:00 PM

‎07-19-2002 01:00 PM

Samba configuration help

I want to use Samba as a replacement for windows NFS clients but I don't want to maintain seperate logins (smbpasswd) for the shares. Is it possible to setup authentication against the /etc/passwd file only? I don't care who sees the shares as long as the Unix permissions restrict their access. I'm trying to use share level security with publicly viewable shares but it is forcing the guest user instead of prompting for the Unix login/password. I'd like users to be able to browse to a share and then map a drive with the "connect as a different user" option.
Thanks for any help.
Jon.
0 Kudos
Reply
7 REPLIES 7
Uday_S_Ankolekar
Honored Contributor

‎07-19-2002 01:15 PM

‎07-19-2002 01:15 PM

Re: Samba configuration help

Hello,

Your best bet would CIFS , It is the Samba for HP-UX. You can downlod this free software from
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProducts.pl?group_name=CIFS%2F9000&group_image=cat_featured.gif&group_type=family

You'll get very nice documentation and support for this product from HP
You can configure CIFS to use only /etc/passwd for user authentication

Goodluck.

-USA..
Good Luck..
0 Kudos
Reply
Jon Camp
Occasional Advisor

‎07-19-2002 01:22 PM

‎07-19-2002 01:22 PM

Re: Samba configuration help

In this case I am setting up Samba on an HPUX 10.20 machine. I've downloaded the HP depot for this, there seem to be a few differences from the CIFS distribution that I'm using on our 11.x machines. It's my understanding that I can't use the newer versions since 10.20 doesn't support PAM integration.
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎07-19-2002 01:38 PM

‎07-19-2002 01:38 PM

Re: Samba configuration help

Jon,

Though I am not doing it, I think it's the otherway you can setup.

You can use unix password sync = true parameter along with password program = /usr/bin/passwd in your smb.conf file.

When users change their samba password, it calls the "password program" that you specified to change the unix password.

Configuring this option is risky as this program will be run AS root.

Look at the man page of smb.conf.

You can also make use of mksmbpasswd.sh script to convert the /etc/passwd file into smbpasswd file. However, it will not synchronize the passwords.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Jon Camp
Occasional Advisor

‎07-19-2002 01:58 PM

‎07-19-2002 01:58 PM

Re: Samba configuration help

I looked into the password sync option but that doesn't really help me. I'm currently using netgroups for the Unix users and don't want them to be introduced into the windows domain. Eventually when we rollout active directory I'll setup password syncronization or NIS for windows, but in the mean time I need to allow "unix only" accounts to be able to access the shared directories in the same way that NFS is able to map an exported directory. Maybe it's not possible to have the window client access the share with "no permissions" while allowing the Unix permissions to handle the directory/file access. . .
0 Kudos
Reply
Sander van Dinten
Advisor

‎07-25-2002 04:49 AM

‎07-25-2002 04:49 AM

Re: Samba configuration help

Hi,

If you have a windows domain you can try adding the following to [global] in your smb.conf file:

workgroup = $YOURDOMAIN
security = SERVER
password server = (one or more domain controllers).
username map = /some/dir/usermap.txt (where you can translate unix user names to nt-domain user names, refer to the smb.conf manual for more info.)
0 Kudos
Reply
Jon Camp
Occasional Advisor

‎07-25-2002 08:08 AM

‎07-25-2002 08:08 AM

Re: Samba configuration help

OK, So far the best solution I've found is using the winbind package in conjunction with PAM and nsswitch. This looks like it will allow auto creation of Windows logins (grabbing the next UID/GID sequence available) on the Unix side and password modification of the windows login from the Unix side. The only problems being that systems that don't use PAM or nsswitch (10.20) aren't applicable. Plus, I haven't figured out if I can tie it into the NIS database for passwd on the Unix side. If it doesn't tie into NIS then I end up with users having different UID's and GID's for their windows logins on each Unix server.

The other option I'm looking into is LDAP integration but that's going to take more research.
0 Kudos
Reply
Jon Camp
Occasional Advisor

‎07-31-2002 11:13 AM

‎07-31-2002 11:13 AM

Re: Samba configuration help

OK, I found a solution.

I'm using
Security=Server with Encryption=No. This allows the server to authenticate against my domain PDC but allows it to use plaintext passwords without hacking the registry on all of the clients. The way I understand it, the PDC sees the user/password combo coming in unencrypted and treats the client as a Windows 95 client. It then passes the user/password to the unix system _unencrypted_ and allows access as long as an /etc/passwd entry exists. No smbpasswd to maintain and no PC registry changes.

I also discovered the same effect occurs if you use Security=Domain and Encryption=Yes, but only if the user doesn't exist on the PDC (autheticate using a PDC in another domain). Here I'm guessing the PDC fails authentication and just passes the user/password, again unencrypted, to the unix server to check /etc/passwd. This seemed more like a bug though.

Hopefully this helps the next person who's trying what I did.

Thanks for everyone's input!

Jon.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.