AIX

AIX

Connect with fellow AIX users and experts to gain knowledge, share insights, and solve problems.

 View Only
Back to discussions
Expand all | Collapse all

SAMBA and winbindd -- issue over NON domain users

  • 1.  SAMBA and winbindd -- issue over NON domain users

    Posted Thu December 10, 2009 06:30 AM

    Originally posted by: peejayeff


    Hi all
    I have a challenge in our setup. We are admittedly downlevel for SAMBA (3.0.24) but that was the only pre-compiled version I could get that was IBM (I am excluding pware binaries for now).

    We want our server (AIX 5.3) to be a domain member and have managed this OK by setting up security = DOMAIN etc. However we have a challenge in that we also need to allow a (pre-existing) share to be available to non-domain users like some arbritary PC. With a security = SHARE model and using guest ok, this works ok with the understanding that permissions and security is somewhat lax.

    With the new smb.conf (security = DOMAIN) the usual shares work ok (guest ok access allowed) but only from users part of the actual DOMAIN, my_domain. A user authenticating/accessing as say foreign_domain\phil is prompted for a username/password to access the share and such a user typically does not have a username/password for the server (and in our model, should not).

    I have tried setting various guest related options to no avail; the behaviour remains the same. An extract of the smb.conf file (anonymised) is below.

    
[global] workgroup = my_domain netbios name = mydom netbios aliases = mydom1 server string = Central File Server interfaces = 10.50.78.90, 127.0.0.1 bind interfaces only = Yes security = DOMAIN idmap uid = 20000-25000 idmap gid = 20000-25000 winbind use 

default domain = No map to guest = Bad Uid password server = adc01.my_domain adc02.my_domain username map = /usr/local/etc/username.map log level = 3 log file = /var/adm/log/samba/samba.log local master = No   [

private] comment = Share needing domain validation before access - only user -svc-

private allowed path = /samba_shares/

private valid users = -svc-

private 

public = no guest ok = No   [OK] comment = Share accessed ok anonymously path = /billing/OK read only = No guest ok = Yes   [SASfiles] comment = Share needing 
"anonymous" as in non-domain access path = /samba_shares/SASfiles read only = No guest ok = Yes


    I am not keen on running any higher than 3.0.24 Samba at this time unless there is NO other solution. For production reasons, we are unable to compile our own set of binaries (real pain that).

    Samba is started as: # nmbd -D; smbd -D; winbindd -D
    Using 
    
wbinfo -t
    or 
    
wbinfo -u
    returns correct or expected results (some time is needed to get user info as expected). I have tried various map to guest options with no apparent difference in behaviour or log file output.

    If further information is needed, please ask.


  • 2.  Re: SAMBA and winbindd -- issue over NON domain users

    Posted Thu December 10, 2009 09:45 PM

    Originally posted by: SystemAdmin


    Hi,

    I assume that the clause "allow trusted domains = yes" is set.

    You may wish to test the use of: "hosts equiv = /etc/smbd_hosts.equiv" and see whether adding the host and/or user to this will have the desired effect.

    We are using security = SERVER and users need to have both a UNIX login, and a domain login, in order to access the Samba server.


  • 3.  Re: SAMBA and winbindd -- issue over NON domain users

    Posted Fri December 11, 2009 08:01 AM

    Originally posted by: peejayeff


    Thanks .Spook. Will look at the options suggested. it may be that it is not a possible set up in Samba 3 :-( as we are unable to guarantee all possible users will have a UNIX login.

    --
    Phil.
    A little knowledge is a dangerous thing. Drink deep or taste not the Pierian spring.


Related Content