[Techtalk] samba problem
Chantal Rosmuller
chantal at antenna.nl
Mon Dec 1 17:19:12 EST 2003
Hi Rudy
the password server=dc01
I added it to /etc/hosts so I'm sure it can find it.
and yes you are right I am running redhat 9.0
On Mon, 2003-12-01 at 16:13, Rudy L. Zijlstra wrote:
> I am missing the password server setting.
>
> From the documentation of samba 2.2.8a:
>
> password server (G)
>
> By specifying the name of another SMB server (such as a WinNT box)
> with this option, and using *security = domain * or *security =
> server* you can get Samba to do all its username/password validation
> via a remote server.
>
> This option sets the name of the password server to use. It must be
> a NetBIOS name, so if the machine's NetBIOS name is different from
> its Internet name then you may have to add its NetBIOS name to the
> lmhosts file which is stored in the same directory as the smb.conf file.
>
> The name of the password server is looked up using the parameter
> /name resolve order/ <cid:part1.03010302.05050106 at edsons.demon.nl>
> and so may resolved by any method and order described in that parameter.
>
> The password server much be a machine capable of using the
> "LM1.2X002" or the "NT LM 0.12" protocol, and it must be in user
> level security mode.
>
> /NOTE:/ Using a password server means your UNIX box (running Samba)
> is only as secure as your password server. /DO NOT CHOOSE A PASSWORD
> SERVER THAT YOU DON'T COMPLETELY TRUST/.
>
> Never point a Samba server at itself for password serving. This will
> cause a loop and could lock up your Samba server!
>
> The name of the password server takes the standard substitutions,
> but probably the only useful one is /%m /, which means the Samba
> server will use the incoming client as the password server. If you
> use this then you better trust your clients, and you had better
> restrict them with hosts allow!
>
> If the /security/ parameter is set to domain, then the list of
> machines in this option must be a list of Primary or Backup Domain
> controllers for the Domain or the character '*', as the Samba server
> is effectively in that domain, and will use cryptographically
> authenticated RPC calls to authenticate the user logging on. The
> advantage of using * security = domain* is that if you list several
> hosts in the /password server/ option then *smbd * will try each in
> turn till it finds one that responds. This is useful in case your
> primary server goes down.
>
> If the /password server/ option is set to the character '*', then
> Samba will attempt to auto-locate the Primary or Backup Domain
> controllers to authenticate against by doing a query for the name
> WORKGROUP<1C> and then contacting each server returned in the list
> of IP addresses from the name resolution source.
>
> If the /security/ parameter is set to server, then there are
> different restrictions that *security = domain* doesn't suffer from:
>
> *
>
> You may list several password servers in the /password server/
> parameter, however if an *smbd* makes a connection to a
> password server, and then the password server fails, no more
> users will be able to be authenticated from this *smbd*. This
> is a restriction of the SMB/CIFS protocol when in *security =
> server * mode and cannot be fixed in Samba.
>
> *
>
> If you are using a Windows NT server as your password server
> then you will have to ensure that your users are able to login
> from the Samba server, as when in * security = server* mode
> the network logon will appear to come from there rather than
> from the users workstation.
>
> See also the /security /
> <cid:part2.01070406.01020903 at edsons.demon.nl> parameter.
>
> Default: *password server = <empty string>*
>
> Example: *password server = NT-PDC, NT-BDC1, NT-BDC2 *
>
> Example: *password server = **
>
>
> From the version numbers you are quoting i guess you are running either
> RedHat or Suse?
>
> Cheers,
>
> Rudy
>
>
> Chantal Rosmuller wrote:
>
> >Hi,
> >here's the rest of the info:
> >
> >encrypt passwords=yes
> >security=server
> >domain admin group empty
> >logon script empty
> >logon path \\%N\%U\profile
> >logon drive empty
> >domain logons=no
> >os level=20
> >preferred master=auto
> >domain master=auto
> >local master=yes
> >wins support=no
> >
> >
> >On Mon, 2003-12-01 at 14:37, Rudy L. Zijlstra wrote:
> >
> >
> >>We'd need a bit more information. The authentication section of the
> >>config files that is.
> >>What are the settings of:
> >>
> >> encrypt passwords
> >> security
> >> domain admin group
> >> logon script
> >> logon path
> >> logon drive
> >> domain logons
> >> os level
> >> preferred master
> >> domain master
> >> local master
> >> wins support
> >>
> >>as far as you are using them and possibly some others. Considering the
> >>win2k domain controller i do not expect the logon related settings to be
> >>present.
> >>
> >>Rudy
> >>
> >>
> >>
> >>>Hi everyone, is there anyone out there who can help me with the
> >>>following problem?
> >>>I want to make shares on two of our linuxservers with samba, but it is
> >>>not working on one of them, the configuration is exactly the same for
> >>>both, except for the path
> >>>
> >>>[backup]
> >>> comment = backup share
> >>> path = /home/databases
> >>> valid users = crosmuller
> >>> public = no
> >>> writable = no
> >>> printable = no
> >>>
> >>>we have a windows 2000 domain controller, both linuxservers can ping it.
> >>>when I try to access the "not-working" share it asks for a password,
> >>>after typing the correct password it asks for the password again.
> >>>
> >>>On the working samba server I use version 2.2.7-3.7.3, on the not workin
> >>>one 2.2.7a-8.9.0, but I dont think it has anything to do with the
> >>>problem.
> >>>
> >>>
> >>>Chantal
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>_______________________________________________
> >>>Techtalk mailing list
> >>>Techtalk at linuxchix.org
> >>>http://mailman.linuxchix.org/mailman/listinfo/techtalk
> >>>
> >>>
> >>>
> >>>
> >>
> >>
> >
> >
> >_______________________________________________
> >Techtalk mailing list
> >Techtalk at linuxchix.org
> >http://mailman.linuxchix.org/mailman/listinfo/techtalk
> >
> >
>
>
More information about the Techtalk
mailing list