|
Home > Archive > Samba > June 2004 > [Samba] smbpasswd !!?!
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
[Samba] smbpasswd !!?!
|
|
| Alexander Varga 2004-06-28, 7:27 pm |
| please help me.=20
Why I cannot create a user with smbpasswd without having this username in =
/etc/passwd???
###################
bash-2.05# smbpasswd -a testaccount
New SMB password:
Retype new SMB password:
Failed to initialise SAM_ACCOUNT for user testaccount.
Failed to modify password entry for user testaccount
bash-2.05#
##############
my global in smb.conf
[global]
workgroup =3D J9_C
server string =3D %h server (Samba %v)
dns proxy =3D no
log file =3D /usr/local/samba/var/log.%m
passdb backend =3D tdbsam smbpasswd
invalid users =3D root
passwd program =3D /bin/passwd %u
socket options =3D TCP_NODELAY
I compilled my samba using=20
../configure --prefix=3D/usr/local/samba --with-pam --with-pam_smbpass =
--with-acl-support
and made a solaris package.
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
| |
| Robert Adkins 2004-06-29, 8:43 am |
|
Samba utilizes the UNIX File permissions for telling Windows machines
who can do what with a file. Due to this, you have a decent User and
Group set of controls you can place on the files/directories that you
choose to share with Samba.
Without having users in the passwd file, Samba wouldn't be able to
utilize those access rights.
Yeah, it can be a paine, but it does a good job.
If having multiple user account information to track is a pain, may I
suggest converting to NIS or LDAP for user authentication?
-Rob
Alexander Varga wrote:
>please help me.
>Why I cannot create a user with smbpasswd without having this username in /etc/passwd???
>###################
>bash-2.05# smbpasswd -a testaccount
>New SMB password:
>Retype new SMB password:
>
>Failed to initialise SAM_ACCOUNT for user testaccount.
>Failed to modify password entry for user testaccount
>bash-2.05#
>##############
>my global in smb.conf
>[global]
> workgroup = J9_C
> server string = %h server (Samba %v)
> dns proxy = no
> log file = /usr/local/samba/var/log.%m
> passdb backend = tdbsam smbpasswd
> invalid users = root
> passwd program = /bin/passwd %u
> socket options = TCP_NODELAY
>
>I compilled my samba using
>./configure --prefix=/usr/local/samba --with-pam --with-pam_smbpass --with-acl-support
>and made a solaris package.
>
>
>
>
>
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
| |
| Dwight Tovey 2004-06-29, 5:50 pm |
|
Robert Adkins said:
>
> Samba utilizes the UNIX File permissions for telling Windows machines
> who can do what with a file. Due to this, you have a decent User and
> Group set of controls you can place on the files/directories that you
> choose to share with Samba.
>
> Without having users in the passwd file, Samba wouldn't be able to
> utilize those access rights.
>
> Yeah, it can be a paine, but it does a good job.
>
> If having multiple user account information to track is a pain, may I
> suggest converting to NIS or LDAP for user authentication?
>
I am also trying to set up a Samba server without having to define local
Unix users. Using LDAP is fine for what we want to do. From what you are
saying then, will I need to also install nss_ldap in order to get the
proper access control? If we weren't concerned about access control,
could we just use the 'force user/group' parameters and not install
nss_ldap?
/dwight
--
Dwight N. Tovey
email: dwight@dtovey.net
web: http://www.dtovey.net/~dwight
-----------
Eagles may soar, but weasles don't get sucked into jet engines.
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
| |
| Robert Adkins 2004-06-29, 5:50 pm |
| Dwight Tovey wrote:
>Robert Adkins said:
>
>
>
>I am also trying to set up a Samba server without having to define local
>Unix users. Using LDAP is fine for what we want to do. From what you are
>saying then, will I need to also install nss_ldap in order to get the
>proper access control?
>
I am unsure, I have a small installation running and haven't been
sufficiently motivated to move onto LDAP or NIS at this time. Currently,
I stick with seperate passwd/group and smbpasswd files.
>If we weren't concerned about access control,
>could we just use the 'force user/group' parameters and not install
>nss_ldap?
>
>
>
I am unsure, that's something I haven't needed to research or
implement yet.
I am sorry that I was only as helpful as I was previously.
-Rob
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
| |
| Alexander Varga 2004-06-29, 5:50 pm |
| Thanx
....and yes. It is realy a big trouble with lot of users. I tryed ldap, =
but hence my LDAP server is an Novel eDirectory, I am not realy familiar =
with it and couldn't find any advice on google to configurte it right(the =
problem I have is to use the right filters while searchyng the LDAP =
accounts and rights).=20
I read about winbind. ... would it be a solution for me, or better try it =
once again with LDAP?
I need also do manage access to directoryes with restrictions. maybe pam =
could do that.=20
.... some suggestions?
Samba utilizes the UNIX File permissions for telling Windows machines=20
who can do what with a file. Due to this, you have a decent User and=20
Group set of controls you can place on the files/directories that you=20
choose to share with Samba.
Without having users in the passwd file, Samba wouldn't be able to=20
utilize those access rights.
Yeah, it can be a paine, but it does a good job.
If having multiple user account information to track is a pain, may I=20
suggest converting to NIS or LDAP for user authentication?
-Rob
Alexander Varga wrote:
[vbcol=seagreen]
>please help me.=20
>Why I cannot create a user with smbpasswd without having this username in =
/etc/passwd???
>###################
>bash-2.05# smbpasswd -a testaccount
>New SMB password:
>Retype new SMB password:
>
>Failed to initialise SAM_ACCOUNT for user testaccount.
>Failed to modify password entry for user testaccount
>bash-2.05#
>##############
>my global in smb.conf
>[global]
> workgroup =3D J9_C
> server string =3D %h server (Samba %v)
> dns proxy =3D no
> log file =3D /usr/local/samba/var/log.%m
> passdb backend =3D tdbsam smbpasswd
> invalid users =3D root
> passwd program =3D /bin/passwd %u
> socket options =3D TCP_NODELAY
>
>I compilled my samba using=20
>./configure --prefix=3D/usr/local/samba --with-pam --with-pam_smbpass =
--with-acl-support
>and made a solaris package.
>
>
>
> =20
>
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
| |
| Robert Adkins 2004-06-29, 5:50 pm |
| Alexander Varga wrote:
>Thanx
>...and yes. It is realy a big trouble with lot of users. I tryed ldap, but hence my LDAP server is an Novel eDirectory, I am not realy familiar with it and couldn't find any advice on google to configurte it right(the problem I have is to use the right
filters while searchyng the LDAP accounts and rights).
>I read about winbind. ... would it be a solution for me, or better try it once again with LDAP?
>I need also do manage access to directoryes with restrictions. maybe pam could do that.
>... some suggestions?
>
>
>
Unless I am mistaken, PAM is the combination passwd/group file
with a seperate smbpasswd file. From what you are saying, that's not
what you want.
LDAP is what I would focus on and only because you seem to already
have a working LDAP installation running.. If you are still in your
early stages with this server (If it is a Linux Server) you could give
it a reinstall, I know that during the (Expert) installation process of
several different distributions you are asked what kind of
authentication model you wish to use, I know that LDAP is one of the
choices and it might be easier to configure that during the install then
after the initial install of the OS. Believe me when I say this, I am
totally lost when it comes to LDAP Authentication.and the above is just
a guess.
I am very far from an expert here, I am also not very familar with
Winbind.
I am mearly okay with a few areas of setting up Samba, nothing more.
Good luck!
-Rob
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
|
|
|
|
|