HPE Community
Operating System - HP-UX
1833262 Members
2920 Online
110051 Solutions
New Discussion

Re: samba share domain security access by program

 
kzhang_1
Occasional Advisor

‎01-08-2007 01:05 AM

‎01-08-2007 01:05 AM

samba share domain security access by program

I recently setup a Samba server on my HP-UX 11!2v.
I use security = domain
and normal windows domain user has no problem to access those shares.

But now i also have some program running on windows server ( like SQL procedure or web ASP scripts) will transfer file from windows to UNIX server.

Without a valid domain login, How can those program access these SAMBA shares?

Thanks in advance for any help.
Kevin
----------- smb.conf -----

[global]
workgroup = SSSUD
server string =
security = DOMAIN
auth methods = guest, sam, winbind
null passwords = Yes
password server = pdc1, bdc1, *
username map = /etc/opt/samba/smbusers.map
client NTLMv2 auth = Yes
client lanman auth = No
client plaintext auth = No
log level = 3
log file = /var/adm/syslog/samba.log
max log size = 1000
domain master = Yes
wins server = cs-pdc1
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
winbind cache time = 10
read only = No
short preserve case = No
dos filetime resolution = Yes

0 Kudos
4 REPLIES 4
Coolmar
Esteemed Contributor

‎01-08-2007 01:12 AM

‎01-08-2007 01:12 AM

Re: samba share domain security access by program

You can add hosts allow = x.x.x.x (ip addr of windows system) under the share definition that it will write to.
0 Kudos
Steven E. Protter
Exalted Contributor

‎01-08-2007 01:18 AM

‎01-08-2007 01:18 AM

Re: samba share domain security access by program

Shalom,

To permit windows users on the HP-UX box, a sama command called net join must be run.

net join userid

You are then prompted for a password and must give it.

The user id must have admin right.

Now your HP-UX system is part of the domain and resources on it are available to valid domain users authenticated by the Windows Domain controller.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
kzhang_1
Occasional Advisor

‎01-09-2007 12:28 AM

‎01-09-2007 12:28 AM

Re: samba share domain security access by program

Thanks Coolmar and SEP,
My question is, when when set SAMBA security = domain,
access to the samba share will depend on authentication token issued by domain controller.

Now, if a web server (web1)- a member of this domain - started by local account (CSAdmin) - when server boot IIS started, no domain user login is needed. then a program called by IIS need access a SAMBA share. how the program get authentication to those samba shares.
I know ftp is an option, but for samba is there a way like group mapming or user mapping can do this?

Thanks
0 Kudos
kzhang_1
Occasional Advisor

‎02-09-2007 01:53 PM

‎02-09-2007 01:53 PM

Re: samba share domain security access by program

Finally, we made the decision to use a domain user account to run the program, so it can access samba shares.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.