[wplug] Re: nis authentication via samba

Jeffry D. Woods jdwoods at attbi.com
Mon Jan 28 20:24:50 EST 2002 

For setting up Samba on Linux to work you don't really need NIS, that's another
added service that you have to secure. Setting up samba is pretty easy for windows
client connections,  and all you really need is samba running with a few little
system tweaks. Current setup I use is as follows, and it is working with around 35
windows workstations (I did change some of this to not give up my network, it's
firewalled and nat'd, but why take unnecessary chances) but this is enough info to
get up and running:

1.)
First I set samba up with the following in /etc/samba/smb.conf
[global]
        printing = bsd
        workgroup = WORKGROUP
        load printers = yes
        log file = /var/log/samba/samba-log.%m
        lock directory = /var/lock/samba
        interfaces = 10.10.10.1/24                 //class c block.
        allow hosts = 10.10.10. 127.             // need both of these - local is
needed.
        preferred master = yes
        encrypt passwords = no
        name resolve order = lmhosts bcast wins   // needed in this order
        max log size = 50
        debug level = 1

The rest can be set as you see fit for the type of connections you are going to
use, this is a sample one:

[photos]
        comment = Photo Storage Area
        path = /local/photos
        preserve case = yes
        read only = yes
        write list = @photos
        force group = photos
        force create mode = 764
        force directory mode = 775
        short preserve case = yes
        create mode = 0765
        valid users = @photos

2.)
Next in /etc/samba/lmhosts, list the IP, name (fully qualified), and netbios name
of all your workstations as follows:

10.10.10.10    crazy.some.dom    crazy

3.)
Next unshadow your password file with pwunconv, and copy /etc/passwd to
/etc/passwd.save (for safty).  Add a line for each workstation as follows:

crazy:x:631:99:Jeff's Workstation:/dev/null:/bin/false

Explanation, "crazy" is the workstation name, "x" is where the shadowed password
is going to be,  "631" is a user number I gave to it or you can start that as the
next user or make your own number up, "99" is the group 'nobody',  "Jeff's
Workstation" is just a description sort of like a real users name for the account,
"/dev/null" is just in case a real person tries to log into this account (they go
nowhere), and "/bin/false" would be the log in shell such as bash. You will get a
handle on this when you see the password file. Also, make sure that "false" is in
the /bin directory, most distro's do have it there (ie this is RH 7.1). After you
edit /etc/passwd make sure you re-shadow it, pwconv. The give that account a
password, ie "passwd crazy", I picked one password for all workstations.

4.)
Next in /etc/group, make the group and give it an unused group number as follows:

photos:x:511:crazy

You are pretty much done with the server now.  In the directory you choose, this
case /local, make the directory you named, this case again "/local/photos".  Then
restart samba, /etc/rc.d/init.d/smb restart.

Next is the windows clients. Use Client for Microsoft Networks. The user name in
this case will be "crazy", and the password will be whatever you made it on the
server end. I set windows up with plain text passwords to do this login, much
easier and smoother to do this way. On the Linux box, you will find registry
entries that will help you with this as follows:

/usr/share/doc/samba-2.0.10/docs/NT4_PlainPassword.reg
/usr/share/doc/samba-2.0.10/docs/Win2000_PlainPassword.reg
/usr/share/doc/samba-2.0.10/docs/Win95_PlainPassword.reg
/usr/share/doc/samba-2.0.10/docs/Win98_PlainPassword.reg

Use which ever on fits, it's self explanatory here. I also think there's one
called Win9x_PlainPassword.reg, this is for ME in case you are using it. The one
for 2000 also works for XP. Get the file you need, double click it, reboot the
windoz box, and you're in.

Mapping the drive, right click My Computer, Map network drive, make it any letter
you want and in the path "\\servername\photos", and you have a connection. There's
some work involved here, it's a workstation connection, every time you start the
win box your automatically connected, and there's no extra services to secure on
the server.

Hope this helps,
Jeff



>
> currently i have it set up using the smbpasswd file, the default i believe.
> i'm not quite sure what i would have to change to get it to use either nis or
> the unix passwd file. i dont even know if this is possible. does the unix
> crypt return the same thing nt does when it encrypts the password for
> validation?
>
> --
> john
> "have algorithm-will travel"
>
> --__--__--
>
> _______________________________________________
> wplug mailing list
> wplug at wplug.org
> http://www.wplug.org/mailman/listinfo/wplug
>
> End of wplug Digest

More information about the wplug mailing list