Re: Authentication issues with Samba 4.3.8

classic Classic list List threaded Threaded
15 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Authentication issues with Samba 4.3.8

Samba - General mailing list
Hi Rowland/All,

I have tried upgrading our Samba from 3.0.28 to 4.3.8.  I didn't wanted to remove my old working version, so I just stopped my samba service and installed new version.

I have overwritten the new smb.conf with our existing smb.conf and tried restarting with the new startup scripts.

4.3.8 is having three startup scripts smbd, nmbd, winbindd and I tried restarting all of them.

Here comes the issue, when tried to connect it was giving me the login prompt but it's not accepting the valid credentials.  Below are the logs for the steps I followed.

  check_ntlm_password:  Authentication for user [ChunduruK] -> [ChunduruK] FAILED with error NT_STATUS_LOGON_FAILURE
[2017/05/20 05:20:49, 2] smbd/sesssetup.c:setup_new_vc_session(1200)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2017/05/20 05:20:49, 2] auth/auth.c:check_ntlm_password(319)

[2017/06/06 09:12:16, 0] auth/auth_util.c:create_builtin_administrators(792)
  create_builtin_administrators: Failed to create Administrators
[2017/06/06 09:12:16, 2] auth/auth_util.c:create_local_nt_token(914)
  create_local_nt_token: Failed to create BUILTIN\Administrators group!
[2017/06/06 09:12:16, 0] auth/auth_util.c:create_builtin_users(758)
  create_builtin_users: Failed to create Users
[2017/06/06 09:12:16, 2] auth/auth_util.c:create_local_nt_token(941)
  create_local_nt_token: Failed to create BUILTIN\Users group!
[2017/06/06 09:12:16, 2] lib/access.c:check_access(323)

Then I stopped the 4.3.8 samba and then uninstalled it and started samba with the old startup's scripts and same config file. This time it works like a champ.

[2017/06/23 06:12:22, 2] lib/access.c:check_access(323)
  Allowed connection from  (X.X.X.X)
[2017/06/23 06:12:22, 2] lib/access.c:check_access(323)
  Allowed connection from  (X.X.X.X)
[2017/06/23 06:12:22, 1] smbd/service.c:make_connection_snum(1033)
  X.X.X.X (X.X.X.X) connect to service tmp initially as user chundurk (uid=222, gid=1) (pid 22544550)

I'm not sure if I need to install or change any of the settings.

Regards,
Krishna


-----Original Message-----
From: samba [mailto:[hidden email]] On Behalf Of Rowland Penny via samba
Sent: Wednesday, June 07, 2017 9:14 PM
To: [hidden email]
Subject: Re: [Samba] CVE-2017-7494 patches

On Wed, 7 Jun 2017 20:58:18 +0530
"Chunduru, Krishnachaithanya"
<[hidden email]<mailto:[hidden email]>> wrote:

> Thanks Rowland.
>
> I got one of the latest version from IBM 4.3.8, but they don't have
> the patches for CVE 2017-7494. ☺
>
> IBM told be to contact samba for getting the patches, do you or anyone
> have the patches link so that I can test all together.

As far as I am aware, there isn't a patch for the 4.3.x versions.
The only supported versions of Samba are 4.4.x, 4.5.x and 4.6.x and there are patches available for these, see here:

https://www.samba.org/samba/history/

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Authentication issues with Samba 4.3.8

Samba - General mailing list
On Tue, 27 Jun 2017 18:20:52 +0530
"Chunduru, Krishnachaithanya"
<[hidden email]> wrote:

> Hi Rowland/All,
>
> I have tried upgrading our Samba from 3.0.28 to 4.3.8.  I didn't
> wanted to remove my old working version, so I just stopped my samba
> service and installed new version.
>
> I have overwritten the new smb.conf with our existing smb.conf and
> tried restarting with the new startup scripts.

There were a lot of changes between 3.0.28 and 4.3.8, so I am not
really surprised that the old smb.conf isn't working any more.

Can you post your smb.conf and we will try to advise you.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Authentication issues with Samba 4.3.8

Samba - General mailing list
In reply to this post by Samba - General mailing list
Hi All,

Can someone kindly help on my issue. I'm almost stuck and couldn't proceed further on my samba migration project.

Thanks,
Krishna

Sent from my BlackBerry 10 smartphone.
From: Chunduru, Krishnachaithanya
Sent: Tuesday 27 June 2017 18:20
To: Rowland Penny; [hidden email]
Subject: RE: [Samba] Authentication issues with Samba 4.3.8


Hi Rowland/All,

I have tried upgrading our Samba from 3.0.28 to 4.3.8.  I didn't wanted to remove my old working version, so I just stopped my samba service and installed new version.

I have overwritten the new smb.conf with our existing smb.conf and tried restarting with the new startup scripts.

4.3.8 is having three startup scripts smbd, nmbd, winbindd and I tried restarting all of them.

Here comes the issue, when tried to connect it was giving me the login prompt but it's not accepting the valid credentials.  Below are the logs for the steps I followed.

  check_ntlm_password:  Authentication for user [ChunduruK] -> [ChunduruK] FAILED with error NT_STATUS_LOGON_FAILURE
[2017/05/20 05:20:49, 2] smbd/sesssetup.c:setup_new_vc_session(1200)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2017/05/20 05:20:49, 2] auth/auth.c:check_ntlm_password(319)

[2017/06/06 09:12:16, 0] auth/auth_util.c:create_builtin_administrators(792)
  create_builtin_administrators: Failed to create Administrators
[2017/06/06 09:12:16, 2] auth/auth_util.c:create_local_nt_token(914)
  create_local_nt_token: Failed to create BUILTIN\Administrators group!
[2017/06/06 09:12:16, 0] auth/auth_util.c:create_builtin_users(758)
  create_builtin_users: Failed to create Users
[2017/06/06 09:12:16, 2] auth/auth_util.c:create_local_nt_token(941)
  create_local_nt_token: Failed to create BUILTIN\Users group!
[2017/06/06 09:12:16, 2] lib/access.c:check_access(323)

Then I stopped the 4.3.8 samba and then uninstalled it and started samba with the old startup's scripts and same config file. This time it works like a champ.

[2017/06/23 06:12:22, 2] lib/access.c:check_access(323)
  Allowed connection from  (X.X.X.X)
[2017/06/23 06:12:22, 2] lib/access.c:check_access(323)
  Allowed connection from  (X.X.X.X)
[2017/06/23 06:12:22, 1] smbd/service.c:make_connection_snum(1033)
  X.X.X.X (X.X.X.X) connect to service tmp initially as user chundurk (uid=222, gid=1) (pid 22544550)

I'm not sure if I need to install or change any of the settings.

Regards,
Krishna


-----Original Message-----
From: samba [mailto:[hidden email]] On Behalf Of Rowland Penny via samba
Sent: Wednesday, June 07, 2017 9:14 PM
To: [hidden email]
Subject: Re: [Samba] CVE-2017-7494 patches

On Wed, 7 Jun 2017 20:58:18 +0530
"Chunduru, Krishnachaithanya"
<[hidden email]<mailto:[hidden email]>> wrote:

> Thanks Rowland.
>
> I got one of the latest version from IBM 4.3.8, but they don't have
> the patches for CVE 2017-7494. ☺
>
> IBM told be to contact samba for getting the patches, do you or anyone
> have the patches link so that I can test all together.

As far as I am aware, there isn't a patch for the 4.3.x versions.
The only supported versions of Samba are 4.4.x, 4.5.x and 4.6.x and there are patches available for these, see here:

https://www.samba.org/samba/history/

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Authentication issues with Samba 4.3.8

Samba - General mailing list
On Fri, 30 Jun 2017 12:41:13 +0530
"Chunduru, Krishnachaithanya"
<[hidden email]> wrote:

> Hi All,
>
> Can someone kindly help on my issue. I'm almost stuck and couldn't
> proceed further on my samba migration project.
>

OK, way back when you started posting about this issue, you posted his
as your smb.conf:

[global]
        workgroup = XXXX
        server string = XXXXXXX
        encrypt passwords = no
        passdb backend = tdbsam
        log file = /var/log/samba/%m.log
        log level = 2
        max log size = 1000
        preferred master = no
        local master = no
        domain master = no
        domain logons = no
        dns proxy = no
        wins server = X.X.X.X, X.X.X.X
        hosts allow = 10., 149.83., 127.

Andrew advised you to remove 'encrypt passwords = no'

Before we go any further, can you tell us if this Samba machine is a
domain member, if so, what sort of domain, NT4-style or AD

If it isn't a domain member, is LDAP involved in any way, or are your
users/groups just stored in /etc/passwd and /etc/group.

Please reply to the mailing list, not directly to me.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Authentication issues with Samba 4.3.8

Samba - General mailing list
Hi Rowland,

Sorry I missed your previous mail.

Our servers are not having any ldap or AD for authentication. It is using tdbsam option as password database, and yes all the users and groups are stored locally in the /etc/passwd and /etc/group.

I will try removing the "encrypt password = no".

Below is the whole old smb.conf file.

bash-4.2$ cat /usr/local/samba/lib/smb.conf
[global]
        server string = Samba on AIX
        encrypt passwords = No
        passdb backend = tdbsam
        log file = /var/log/samba/%m.log
        log level = 2
        max log size = 1000
        preferred master = No
        local master = No
        domain master = No
        dns proxy = No
        wins server = XXXXXX
        hosts allow = XXXXXX

[printers]
        comment = All Printers
        path = /usr/spool/samba
        printable = Yes
        browseable = No

[tmp]
        comment = Temporary file space
        path = /tmp
        read only = No

Thank you for the help !!

Regards,
Krishna


-----Original Message-----
From: samba [mailto:[hidden email]] On Behalf Of Rowland Penny via samba
Sent: Friday, June 30, 2017 1:52 PM
To: [hidden email]
Subject: Re: [Samba] Authentication issues with Samba 4.3.8

On Fri, 30 Jun 2017 12:41:13 +0530
"Chunduru, Krishnachaithanya"
<[hidden email]> wrote:

> Hi All,
>
> Can someone kindly help on my issue. I'm almost stuck and couldn't
> proceed further on my samba migration project.
>

OK, way back when you started posting about this issue, you posted his as your smb.conf:

[global]
        workgroup = XXXX
        server string = XXXXXXX
        encrypt passwords = no
        passdb backend = tdbsam
        log file = /var/log/samba/%m.log
        log level = 2
        max log size = 1000
        preferred master = no
        local master = no
        domain master = no
        domain logons = no
        dns proxy = no
        wins server = X.X.X.X, X.X.X.X
        hosts allow = 10., 149.83., 127.

Andrew advised you to remove 'encrypt passwords = no'

Before we go any further, can you tell us if this Samba machine is a domain member, if so, what sort of domain, NT4-style or AD

If it isn't a domain member, is LDAP involved in any way, or are your users/groups just stored in /etc/passwd and /etc/group.

Please reply to the mailing list, not directly to me.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Authentication issues with Samba 4.3.8

Samba - General mailing list
On Sun, 2 Jul 2017 19:49:12 +0530
"Chunduru, Krishnachaithanya via samba" <[hidden email]> wrote:

> Hi Rowland,
>
> Sorry I missed your previous mail.
>
> Our servers are not having any ldap or AD for authentication. It is
> using tdbsam option as password database, and yes all the users and
> groups are stored locally in the /etc/passwd and /etc/group.
>

OK, what you seem to be trying to set up is a standalone server with
only passworded user access.

Can I suggest you alter smb.conf to this:

[global]
        # Change 'WORKGROUP' below to whatever
        # you want your workgroup to be called.
        workgroup = WORKGROUP
        server string = Samba on AIX
        log file = /var/log/samba/%m.log
        log level = 2
        max log size = 1000

[printers]
        comment = All Printers
        path = /usr/spool/samba
        printable = Yes
        browseable = No

[tmp]
        comment = Temporary file space
        path = /tmp
        read only = No

Your users will need to exist in /etc/passwd and also be Samba users,
you can do this by running (as root):

smbpasswd -a USERNAME

You will be asked for a password for the user (twice) and then the user
will be added to Samba's database

You will also need to run (again as root):

smbpasswd -e USERNAME

You can find more info on this here:

https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Server

You do not need to run winbind on a standalone server, only 'smbd' &
'nmbd'

Any user that needs to connect to the shares, will need to be both a
Unix and Samba user on the standalone server, they will also have to
use the Samba users password.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Authentication issues with Samba 4.3.8

Samba - General mailing list
Hi  Rowland,

Thanks for the help.

Could you please let me know what would  be the passwd database if I update my smb.conf.

I have created the user locally and in samba using the steps given by you. And it seems it's working fine.

The authentication is successful, but I was wondering why it was working in earlier version without adding user in samba database.

I'm having around 100+ users/share and the authentication is share level, do I need to add all the users again in the samba database ? can you please comment on these as well. Thank you.

Regards,
Krishna


-----Original Message-----
From: samba [mailto:[hidden email]] On Behalf Of Rowland Penny via samba
Sent: Sunday, July 02, 2017 8:33 PM
To: [hidden email]
Subject: Re: [Samba] Authentication issues with Samba 4.3.8

On Sun, 2 Jul 2017 19:49:12 +0530
"Chunduru, Krishnachaithanya via samba" <[hidden email]> wrote:

> Hi Rowland,
>
> Sorry I missed your previous mail.
>
> Our servers are not having any ldap or AD for authentication. It is
> using tdbsam option as password database, and yes all the users and
> groups are stored locally in the /etc/passwd and /etc/group.
>

OK, what you seem to be trying to set up is a standalone server with only passworded user access.

Can I suggest you alter smb.conf to this:

[global]
        # Change 'WORKGROUP' below to whatever
        # you want your workgroup to be called.
        workgroup = WORKGROUP
        server string = Samba on AIX
        log file = /var/log/samba/%m.log
        log level = 2
        max log size = 1000

[printers]
        comment = All Printers
        path = /usr/spool/samba
        printable = Yes
        browseable = No

[tmp]
        comment = Temporary file space
        path = /tmp
        read only = No

Your users will need to exist in /etc/passwd and also be Samba users, you can do this by running (as root):

smbpasswd -a USERNAME

You will be asked for a password for the user (twice) and then the user will be added to Samba's database

You will also need to run (again as root):

smbpasswd -e USERNAME

You can find more info on this here:

https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Server

You do not need to run winbind on a standalone server, only 'smbd' & 'nmbd'

Any user that needs to connect to the shares, will need to be both a Unix and Samba user on the standalone server, they will also have to use the Samba users password.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Authentication issues with Samba 4.3.8

Samba - General mailing list
On Mon, 3 Jul 2017 21:57:12 +0530
"Chunduru, Krishnachaithanya"
<[hidden email]> wrote:

> Hi  Rowland,
>
> Thanks for the help.
>
> Could you please let me know what would  be the passwd database if I
> update my smb.conf.

You will be using tdbsam

>
> I have created the user locally and in samba using the steps given by
> you. And it seems it's working fine.

Good

>
> The authentication is successful, but I was wondering why it was
> working in earlier version without adding user in samba database.

Not really sure, possibly all your users were being treated as guest
users, but I don't really know, mostly because you were using such
an old version.
   
>
> I'm having around 100+ users/share and the authentication is share
> level, do I need to add all the users again in the samba database ?
> can you please comment on these as well. Thank you.

Yes, you will probably have to add your users, but where are they
authenticating from ?

Rowland


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Authentication issues with Samba 4.3.8

Samba - General mailing list
On Mon, 3 Jul 2017 22:38:49 +0530
"Chunduru, Krishnachaithanya"
<[hidden email]> wrote:

> Hi,
>
> All the users are created locally.

Do you mean just on the Samba standalone server or on the windows
machines as well ?
>
> Samba share users are not having a shell to modify anything. They can
> just login via the windows machines.
>

Are the windows machines part of a workgroup or a domain ?

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Authentication issues with Samba 4.3.8

Samba - General mailing list
Hi,

The users are created locally, each user have their own workstation. The workstation id and the unix id are different.

Users will try to access the share with the unix local account only.

All the VM's are part of domain, so users will first login to their stations using domain id and then will access the share using unix local id. Thank you.

Regards,
Krishna


-----Original Message-----
From: samba [mailto:[hidden email]] On Behalf Of Rowland Penny via samba
Sent: Monday, July 03, 2017 10:49 PM
To: [hidden email]
Subject: Re: [Samba] Authentication issues with Samba 4.3.8

On Mon, 3 Jul 2017 22:38:49 +0530
"Chunduru, Krishnachaithanya"
<[hidden email]> wrote:

> Hi,
>
> All the users are created locally.

Do you mean just on the Samba standalone server or on the windows machines as well ?
>
> Samba share users are not having a shell to modify anything. They can
> just login via the windows machines.
>

Are the windows machines part of a workgroup or a domain ?

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Authentication issues with Samba 4.3.8

Samba - General mailing list
On Tue, 4 Jul 2017 14:25:48 +0530
"Chunduru, Krishnachaithanya"
<[hidden email]> wrote:

> Hi,
>
> The users are created locally, each user have their own workstation.
> The workstation id and the unix id are different.
>
> Users will try to access the share with the unix local account only.
>
> All the VM's are part of domain, so users will first login to their
> stations using domain id and then will access the share using unix
> local id. Thank you.
>

OK, that isn't easy to understand, but I think you mean your users log
into a Windows domain computer then connect to your Samba standalone
server, is this correct ?

If it is correct, WHY?

Doing it this way, means you have to create the users three times!
If the user changes their password, it also needs to be changed on the
standalone server.

Have you considered using a Unix domain member instead, this
way you only create the user once.

See here for more info:

https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member

I would suggest using the 'rid' backend if you do go this way.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Authentication issues with Samba 4.3.8

Samba - General mailing list
Hi Rowland/All,

I want to sync the local /etc/passwd to smbpasswd database in Aix. Can someone please help with any tools or scripts available to proceed further.

Setting up a domain level user for all the samba users is tough for us right now.

Regards,
Krishna

-----Original Message-----
From: samba [mailto:[hidden email]] On Behalf Of Rowland Penny via samba
Sent: Tuesday, July 04, 2017 2:42 PM
To: [hidden email]
Subject: Re: [Samba] Authentication issues with Samba 4.3.8

On Tue, 4 Jul 2017 14:25:48 +0530
"Chunduru, Krishnachaithanya"
<[hidden email]> wrote:

> Hi,
>
> The users are created locally, each user have their own workstation.
> The workstation id and the unix id are different.
>
> Users will try to access the share with the unix local account only.
>
> All the VM's are part of domain, so users will first login to their
> stations using domain id and then will access the share using unix
> local id. Thank you.
>

OK, that isn't easy to understand, but I think you mean your users log into a Windows domain computer then connect to your Samba standalone server, is this correct ?

If it is correct, WHY?

Doing it this way, means you have to create the users three times!
If the user changes their password, it also needs to be changed on the standalone server.

Have you considered using a Unix domain member instead, this way you only create the user once.

See here for more info:

https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member

I would suggest using the 'rid' backend if you do go this way.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Authentication issues with Samba 4.3.8

Samba - General mailing list
On Fri, 4 Aug 2017 18:23:23 +0530
"Chunduru, Krishnachaithanya via samba" <[hidden email]> wrote:

> Hi Rowland/All,
>
> I want to sync the local /etc/passwd to smbpasswd database in Aix.
> Can someone please help with any tools or scripts available to
> proceed further.
>
> Setting up a domain level user for all the samba users is tough for
> us right now.

What is tough about adding a few lines to smb.conf, then joining the
machine to the domain and all your users being available without
touching /etc/passwd ???

Rowland


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Authentication issues with Samba 4.3.8

Samba - General mailing list
Hi,

Changing the configuration file is not a problem, but each share have around 100+ users using it.

So if I need to use AD authentication then I need to add all these users to a single domain, whereas we have 2 or 3 domains.


Regards,
Krishna


-----Original Message-----
From: samba [mailto:[hidden email]] On Behalf Of Rowland Penny via samba
Sent: Friday, August 04, 2017 7:43 PM
To: [hidden email]
Subject: Re: [Samba] Authentication issues with Samba 4.3.8

On Fri, 4 Aug 2017 18:23:23 +0530
"Chunduru, Krishnachaithanya via samba" <[hidden email]> wrote:

> Hi Rowland/All,
>
> I want to sync the local /etc/passwd to smbpasswd database in Aix.
> Can someone please help with any tools or scripts available to proceed
> further.
>
> Setting up a domain level user for all the samba users is tough for us
> right now.

What is tough about adding a few lines to smb.conf, then joining the machine to the domain and all your users being available without touching /etc/passwd ???

Rowland


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Authentication issues with Samba 4.3.8

Samba - General mailing list
In reply to this post by Samba - General mailing list
On Fri, 2017-08-04 at 18:23 +0530, Chunduru, Krishnachaithanya via
samba wrote:
> Hi Rowland/All,
>
> I want to sync the local /etc/passwd to smbpasswd database in Aix. Can someone please help with any tools or scripts available to proceed further.
>
> Setting up a domain level user for all the samba users is tough for us right now.

The best I can suggest is that you ask your users to change their
passwords via Samba, and have 'passwd program' and 'unix password sync'
via 'passwd chat'.  See the smb.conf manpage.

It wouldn't help on AIX, but for others: pam_smbpass did this, but has
been removed as it loaded substantial fractions of Samba into arbitrary
processes as a plugin, which didn't go well for many reasons, but as an
example when we reset global variables like the syslog name...

Andrew Bartlett
--
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Loading...