[CentOS] Re: new CentOS5.1, samba help requested

Wed Mar 26 20:44:23 UTC 2008
Ross S. W. Walker <rwalker at medallion.com>

Ray Leventhal wrote:
> 
> Ray Leventhal wrote:
> >
> >> DO the user credentials on the windows boxes match the credentials on 
> >> the samba box?
> >> Did you turn off simple filesharing on the XP machines?
> > in an effort to prove that at least my creds match, I dropped from 
> > root to my regular user status in shell and did
> > smbpasswd
> >
> > this is what happened:
> >
> > Old SMB password:
> > New SMB password:
> > Retype new SMB password:
> > Could not connect to machine 127.0.0.1: NT_STATUS_LOGON_FAILURE
> > Failed to change password for ray
> Partially solved:
> 
> having used webmin to sync, I was trusting it.  I changed my local 
> password, then changed my password on the centos box, then changed my 
> smbpasswd manually and I'm a little father down the path than I was
> 
> Thank you all for the help thus far.  I will continue to work on this 
> and will (I'm certain) have additional questions :)

Ray,

On these type of setups it may just pay having samba auto-create
users on the system upon first-connect.

       add user script (G)
          This  is  the  full pathname to a script that will be run AS ROOT by
          smbd(8) under special circumstances described below.

          Normally, a Samba server requires that UNIX users  are  created  for
          all users accessing files on this server. For sites that use Windows
          NT account databases as their primary user database  creating  these
          users  and  keeping the user list in sync with the Windows NT PDC is
          an onerous task. This option allows smbd to create the required UNIX
          users ON DEMAND when a user accesses the Samba server.

          In  order  to use this option, smbd(8) must NOT be set to security =
          share and add user script must be set  to  a  full  pathname  for  a
          script  that will create a UNIX user given one argument of %u, which
          expands into the UNIX user name to create.

          When the Windows user attempts to access the Samba server, at  login
          (session setup in the SMB protocol) time, smbd(8) contacts the pass-
          word server and attempts to authenticate the  given  user  with  the
          given password. If the authentication succeeds then smbd attempts to
          find a UNIX user in the UNIX password database to  map  the  Windows
          user  into.  If  this  lookup fails, and add user script is set then
          smbd will call the specified script AS ROOT, expanding any %u  argu-
          ment to be the user name to create.

          If this script successfully creates the user then smbd will continue
          on as though the UNIX user already existed. In this way, UNIX  users
          are dynamically created to match existing Windows NT accounts.

          See also security, password server, delete user script.

          Default: add user script =

          Example: add user script = /usr/local/samba/bin/add_user %u

Remember to add 'pam_mkhomedir' (check man page) to system-auth to
have user home directories also auto-created and away you go. It
will set the smbpassword to the password used upon first-connect.
If you want users to have a shell account on the server, set
pam_smb to authenticate against itself.

-Ross


-Ross

______________________________________________________________________
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.