HPE Community
Operating System - HP-UX
1833467 Members
2828 Online
110052 Solutions
New Discussion

Samba to prevent multiple logins?

 
SOLVED
Go to solution
Fred Martin_1
Valued Contributor

‎04-06-2005 02:07 AM

‎04-06-2005 02:07 AM

Samba to prevent multiple logins?

Every time I set up a user, I create a unix account for them, and create an NT account for them. NT for Windows file and print sharing, Unix for email and a unix database.

So users log in to the Windows network, which gives them access to NT file shares, an NT home directory, and Windows shared printers.

They use Eudora etc. to POP in to the Unix box for email.

Then, to access our primary database, they open a terminal emulator, and log in to unix to run the DB.

Can I use Samba to prevent having to maintain two sets of accounts, and so they don't need to login twice?

i.e. set them up in Unix but not NT?

And, once authenticated there, can the Unix box be in the same domain such that the NT shares are available to them without logging in again?

The O'Reilly Samba book says I can avoid NT CALs, is that true, or do I avoid CALs by sharing everything from unix disks?

If someone could touch on these points I'd appreciate it.
fmartin@applicatorssales.com
0 Kudos
Reply
8 REPLIES 8
Andrew Cowan
Honored Contributor

‎04-07-2005 12:11 AM

‎04-07-2005 12:11 AM

Solution

Re: Samba to prevent multiple logins?

The latest versions of Samba can authenticate users from both a Microsoft domain or Active Directory. See:

http://bob.rasey.net/archives/000137.html

http://www.go-getters.com/index.php?p=26

http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html

These sites should be enough to get you started.
Reply
RAC_1
Honored Contributor

‎04-07-2005 12:23 AM

‎04-07-2005 12:23 AM

Re: Samba to prevent multiple logins?

Depending upon, how you have configured the smb.conf, you can authenticate users from wiondow$ PDC. Check the setting for security in global section.

For details on this setting, read sabba book.
http://www.oreilly.com/openbook
There is no substitute to HARDWORK
Reply
Geoff Wild
Honored Contributor

‎04-07-2005 01:35 AM

‎04-07-2005 01:35 AM

Re: Samba to prevent multiple logins?

Best to authenticate on Windows...

Here's the samba how to collection:

http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/

Use HP's cif server though:

http://www.software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B8725AA

You need winbind running as well (add to /etc/nsswitch.conf:

passwd: files winbind
group: files winbind
hosts: files [NOTFOUND=CONTINUE] dns

You can make the samba server join the NT domain - you need someone with admin priviliges and password:

/opt/samba/bin/net rpc join -U administrator

Main things to put in smb.conf:

workgroup = YOURNTDOMAIN
security = DOMAIN
password server = YOURNTDC1, YOURNTDC2

winbind separator = +
winbind enum users = No
winbind enum groups = No
valid users = $YOURNTDOMAIN+AGROUP, bb, oracle, YOURNTDOMAIN+somentuserid


An example share:

[homes]
comment = Home Directories
path = /home/%U
valid users = YOURNTDOMAIN+somentuserid, YOURNTDOMAIN+somentuserid2, bb, oracle
browseable = No

NOTE: as of Samba 3 something...browsing is OFF by default - if you want browsing - then you have to add the IPC$ share:

[IPC$]
hosts allow = 192.168.2.0/24 127.0.0.1
hosts deny = 0.0.0.0/0
valid users = bb, YOURNTDOMAIN+somentuserid, YOURNTDOMAIN+somentuserid2

Hope this helps.

Rgds...Geoff



Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
Reply
Fred Martin_1
Valued Contributor

‎04-08-2005 01:07 AM

‎04-08-2005 01:07 AM

Re: Samba to prevent multiple logins?

Thanks folks, I'm reading more of the O'Reilly text and getting some answers there. I'll also review your links.

I was hoping though that I could use the unix box as the 'master' i.e. set up accounts there, then have the unix box act as the PDC for windows, letting Windows users authenticate from the unix box.

This because they need to have a unix account for email anyway.

Is it just harder to configure with unix as the PDC, or is it somewhat broken when done that way?
fmartin@applicatorssales.com
0 Kudos
Reply
Geoff Wild
Honored Contributor

‎04-08-2005 01:32 AM

‎04-08-2005 01:32 AM

Re: Samba to prevent multiple logins?

You can use Unix as PDC - I do that @ home with my Linux box.

As far as I remember - you need Unix account for each as well as setting up the smbpasswd for NT id's.

There are a lot of How to's - heres one:

http://www.hughesjr.com/content/view/24/2/Site_News

Rgds...Goeff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
Reply
Fred Martin_1
Valued Contributor

‎04-08-2005 01:35 AM

‎04-08-2005 01:35 AM

Re: Samba to prevent multiple logins?

Accckk. So I have to set up the account twice anyway? I was hoping to avoid that.
fmartin@applicatorssales.com
0 Kudos
Reply
Geoff Wild
Honored Contributor

‎04-08-2005 01:51 AM

‎04-08-2005 01:51 AM

Re: Samba to prevent multiple logins?

Yes - 2 accounts - the unix one can be nologin - or false...but you need an Unix uid for each NT user.

Rgds...Geoff

Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
Reply
Fred Martin_1
Valued Contributor

‎04-08-2005 02:04 AM

‎04-08-2005 02:04 AM

Re: Samba to prevent multiple logins?

But the Windows account is set up on the unix box in an smbpasswd file, is it not? Could it be automated, in that every time I add or remove a user in SAM for unix, a script fires off to create the smb account for windows?
fmartin@applicatorssales.com
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.