HPE Community
Operating System - HP-UX
1834122 Members
2529 Online
110064 Solutions
New Discussion

Secure Samba share

 
SOLVED
Go to solution
Aji Thomas
Regular Advisor

‎05-09-2006 07:20 PM

‎05-09-2006 07:20 PM

Secure Samba share

Hi Guys,

I have samba share configured with security=server on HP-UX box. And we have configured the password servers which are windows machines for login authentication.

---------------------------------------
# Global parameters
[global]
workgroup = DOMAIN_NAME
server string = Samba Server
security = SERVER
password server = kddserver1
syslog = 0
log file = /var/opt/samba/log.%m
max log size = 1000
local master = No
read only = No
short preserve case = No
dos filetime resolution = Yes

[hht]
comment = HHT Share
path = /ksis/hht
guest ok = Yes

[maximo]
path = /appcon4/
valid users = oracl
----------------------------------------


The issue is that maximo share is secured by specifying oracl is the valid user. But htt is a open share by setting guest ok to yes.

But the issue is when we try to access the resource //hpmachine or //hpmachine./hht it prompts for ussername/password. But we just require authentication only while accessing //hpmachine/maximo


Please advice since we are in production. When we put back security=share it starts working, but then we are unable to secure with password //hpmachine/maximo.


Thanks and regards,
AJi
0 Kudos
6 REPLIES 6
Steven E. Protter
Exalted Contributor

‎05-09-2006 07:29 PM

‎05-09-2006 07:29 PM

Re: Secure Samba share

Shalom,

You need to run a
net join

command on this server. This will require authentication credentials for an admin user on the windows machine.

Also check the WINS server information.

You may need a machine account for the hp machine on the domain as well.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Aji Thomas
Regular Advisor

‎05-09-2006 08:07 PM

‎05-09-2006 08:07 PM

Re: Secure Samba share

Hi,

We dont have this hp-ux machine joined to our windows domain. So we dont prefer to do a net join. we havent specified wins server. Is it required. We have no issues if the security is set to share. But then we cannot secure that maximo folder.

Please advice,
AJi
0 Kudos
Aji Thomas
Regular Advisor

‎05-09-2006 09:19 PM

‎05-09-2006 09:19 PM

Re: Secure Samba share

Hi Guys,

Once security=server is set, is there a way for accessing resouces on the same box which is a open share. It should'nt prompt for username/password in any case.

On one server we noticed that once security=server is set, accessing the resource within our domain was fine, but while accessing from other domain/remote site, which works normal with share mode, requests for username/password.

Please advice at the earliest since we are live.
AJi
0 Kudos
Ivan Ferreira
Honored Contributor

‎05-10-2006 01:37 AM

‎05-10-2006 01:37 AM

Solution

Re: Secure Samba share

Try using these configuration parameters:

guest account = nobody
map to guest = Bad User
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
0 Kudos
Aji Thomas
Regular Advisor

‎05-10-2006 01:41 AM

‎05-10-2006 01:41 AM

Re: Secure Samba share

Hi,

Thanks for the update,
It works with
map to guest = Bad User
and not when
guest account = nobody
is set.

Thanks for the support,
AJI
0 Kudos
Geoff Wild
Honored Contributor

‎05-10-2006 02:03 AM

‎05-10-2006 02:03 AM

Re: Secure Samba share

Add the following share:

[IPC$]
path = /tmp
valid users = list users here
# or allow all
hosts allow = 192.168.1.0/21, 127.0.0.1
hosts deny = 0.0.0.0/0


Just modify the ip address/class for your environment.

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.