Samba Help

Scott Prive scottprive at earthlink.net
Sun Mar 9 10:11:08 EST 2003


----- Original Message -----
From: <trlists at clayst.com>
To: <discuss at blu.org>
Sent: Saturday, March 08, 2003 9:21 PM
Subject: Re: Samba Help


> On 8 Mar 2003 Scott Prive wrote:
>
> > I suggest user, unless you have a high number of Windows accounts.
>
> No, it is only a few accounts.  I'll switch it to user, I was beginning
> to think that would be the right route.
>
> > > - When a Windows machine connects where does it get the username and
> > > password passed to the server?
>
> > It's part of network negotiation. You won't see it unless you turn
Samba's
> > loglevel up to Debug, or you run a sniffer such as etherreal.
>
> Understood, thanks.  But what value does Windows use for the user name?
> The machine's network name?  The logged on user's name (if there is one
> -- not always true on Win98)?  Something else?
>
> > You mean making a samba password? Yes.
>
> So what I need to do is identify the Windows user names, set up a share
> in smb.conf for each (if I want each to have a private area), or use
> [homes] to do the same thing automatically.  But regardless, [homes] or
> no, I need to create a Linux user, Linux password, and samba password
> for each of them (unless I want to use 'force user').
>
> Any public shares can be set up separately.
>
> Also, my understanding is that if the Windows usernames are not the
> same as the ones I use on the Linux box I can fix that with a username
> map.
>
> Does all that sound right?  If so, one more question -- if I use a
> username map do I use the Windows or Linux user names (i.e. before the
> mapping or after) when setting up user names for individual shares in
> smb.conf.  In other words, if the username map looks like this:
>
> tom = Thomas
> bill = William
>
> Then do my user directives for the shares use "tom" or Thomas", etc.?
>
> > > - What should the owner and group be for the private directories?  For
> > > the public ones?
>
> > Assuming authentication is successful, file access is still restricted
by
> > permissions on the files. There is an exception to this where Samba can
> > bypass standard security, but don't worry about this.
>
> OK, so the private directories can be owned by the individual users and
> I can presumably create a "samba" group to put them in.  I guess I
> could also create a "samba" area

Right. The details you have depend on what you do, but you have the big
picture.
Suggest "sambausers" a good group name ("samba" is not a reserved group/user
on my system, but I'm running Red Hat which isn't always standard ;-)


>
> > Why don't you want to use guest? Just curious.
>
> No reason, just wondering if there were drawbacks to it.  With security
> = user I don't think I'll be using guest anyway, will I?

Nope, no need to if the accounts connecting are recognized by Linux/Samba
when you set "allowed users".

If you have any problems, let us know. I'm in the middle of configuring
Samba to authenticate against my Win2K domain controller, so I am neck-deep
in the stuff :-)

>
> Thanks for all the help!  Also thanks to Vince for the link to the
> Oreilly online book.
>
>  ----------
>  Tom Rawson
>
>
>
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://www.blu.org/mailman/listinfo/discuss




More information about the Discuss mailing list