Samba help required
I'm trying to set up access to a server running Linux and Samba. Very new to Linux.
We have a Windows 2003 domain, but the Samba server is not a member of
the domain. I have created a user account (user1) on the Samba server
which I want to use to gain access to it.
When I try to browse to the Samba server I get prompted for a username
and password, this is what I want. But no matter what username I put
in, user1 or root, it continues to prompt.
I am using user level security in the smb.conf file, is this corect?
And have allowed access from my subnet in the hosts allow section.
Is there anything else I should look at?
Here is my smb.conf file:
log file = /var/log/samba/%m.log
guest account = pcguest
idmap gid = 16777216-33554431
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
hosts allow = 192.168.1. 192.168.100. 127.
winbind use default domain = no
template shell = /bin/false
wins support = yes
dns proxy = no
server string = Server
idmap uid = 16777216-33554431
local master = no
workgroup = MYGROUP
os level = 33
security = user
max log size = 50
Yes, user level security is optimal. Now, to gain access from your domain.
In addition to adding user1 as a Unix user you also have to add this account to Samba. At the command prompt type: smbpasswd -a user1 and once completed, add a password for this account: smbpasswd user1.
Finally, when trying to connect from Windows workstations, your user(s) will be prompted for a username and password and here you will have to supply the aforementioned credentials - just be sure to check the "remember password."
As for the hosts.allow modification, it wasn't necessary to modify this conf file in order to gain access. Hope this helps.
You probably want to add 'encrypt passwords = yes' to that, it'll simplify the connections (the alternative is to enable plain text passwords on every windows machine. I'd rather configure one machine than lots... or even two.)
I thought there was a way to tell samba to hand-off it's authentication to the domain controller? Maybe I'm wrong here.
You can have ADS authentication but it is not as easy to setup.