FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 11-17-2011, 04:17 PM
Les Mikesell
 
Default CentOS 6 smb authentication?

I have some services on Centos5 boxes that use smb authentication
against the Windows domain as a low-maintenance way to handle most of
our office users for things that don't need home directories (web/file
shares, etc.). Running authconfig is all it takes to add it to PAM,
then adding mod_auth_pam to apache makes it work with that and local
users. This all works without any particular involvement with the
Windows group or administrative access there.

Is there a better way to do this on C6 that does not involve 'joining'
the windows domain?

And is there a way to make samba (C5 or 6) work with Windows7 other
than configuring every client to to send NTLM authentication when
requested?

--
Les Mikesell
lesmikesell@gmail.com
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 11-17-2011, 04:26 PM
John Hodrien
 
Default CentOS 6 smb authentication?

On Thu, 17 Nov 2011, Les Mikesell wrote:

> I have some services on Centos5 boxes that use smb authentication
> against the Windows domain as a low-maintenance way to handle most of
> our office users for things that don't need home directories (web/file
> shares, etc.). Running authconfig is all it takes to add it to PAM,
> then adding mod_auth_pam to apache makes it work with that and local
> users. This all works without any particular involvement with the
> Windows group or administrative access there.
>
> Is there a better way to do this on C6 that does not involve 'joining'
> the windows domain?

You don't *have* to join it to the domain, you can use pam_krb5 without
joining if you want. There are advantages if you do though, since a joined
machine offering samba shares to windows users on a domain won't prompt for a
password, as it'll use their existing kerberos ticket. Joining *is* just a
case of a correct smb.conf/krb5.conf and "net ads join" with an account with
sufficient privs, so isn't really much pain for servers.

> And is there a way to make samba (C5 or 6) work with Windows7 other
> than configuring every client to to send NTLM authentication when
> requested?

On C5 I thought upgrading to samb3x was sufficient, and that C6 it should just
work. I'm assuming that not the case?

jh
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 11-17-2011, 05:11 PM
Ron Young
 
Default CentOS 6 smb authentication?

I just installed win 7 pro @home in order to be more compatible with
my new @work environment. I am likewise having a problem with samba
shares. The samba shares are on a C5.7 server and were readily
available from the same machine running XP for the last couple of
years.

The new w7pro install is on the same network as the previous XP
install on that machine and in fact has the same IP address as the
former XP os.

Now with the fresh install of w7pro I cannot see any of the samba
shares from the w7pro machine. All of the googled solutions I have
found so far have not worked. I have added a couple of entries to the
smb.conf that were suggested and restarted smb but no joy.

Anyone have pointers that may get me going again?


Regards,

Ron Young
919-621-9015
http://www.linkedin.com/in/ronhyoung

+++++++++++++++++++
Little tiny dreams require little tiny thoughts and little tiny steps.
Great big dreams require great big thoughts and little tiny steps.
+++++++++++++++++++
Kosh: The avalanche has already started. It is too late for the pebbles to vote.




On Thu, Nov 17, 2011 at 12:26 PM, John Hodrien <J.H.Hodrien@leeds.ac.uk> wrote:
> On Thu, 17 Nov 2011, Les Mikesell wrote:
>
>> I have some services on Centos5 boxes that use smb authentication
>> against the Windows domain as a low-maintenance way to handle most of
>> our office users for things that don't need home directories (web/file
>> shares, etc.). *Running authconfig is all it takes to add it to PAM,
>> then adding mod_auth_pam to apache makes it work with that and local
>> users. *This all works without any particular involvement with the
>> Windows group or administrative access there.
>>
>> Is there a better way to do this on C6 that does not involve 'joining'
>> the windows domain?
>
> You don't *have* to join it to the domain, you can use pam_krb5 without
> joining if you want. *There are advantages if you do though, since a joined
> machine offering samba shares to windows users on a domain won't prompt for a
> password, as it'll use their existing kerberos ticket. *Joining *is* just a
> case of a correct smb.conf/krb5.conf and "net ads join" with an account with
> sufficient privs, so isn't really much pain for servers.
>
>> And is there a way to make samba (C5 or 6) work with Windows7 other
>> than configuring every client to to send NTLM authentication when
>> requested?
>
> On C5 I thought upgrading to samb3x was sufficient, and that C6 it should just
> work. *I'm assuming that not the case?
>
> jh
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 11-17-2011, 05:18 PM
Phil Schaffner
 
Default CentOS 6 smb authentication?

Ron Young wrote on 11/17/2011 01:11 PM:
> I just installed win 7 pro @home in order to be more compatible with
> my new @work environment. I am likewise having a problem with samba
> shares. The samba shares are on a C5.7 server and were readily
> available from the same machine running XP for the last couple of
> years.
>
> The new w7pro install is on the same network as the previous XP
> install on that machine and in fact has the same IP address as the
> former XP os.
>
> Now with the fresh install of w7pro I cannot see any of the samba
> shares from the w7pro machine. All of the googled solutions I have
> found so far have not worked. I have added a couple of entries to the
> smb.conf that were suggested and restarted smb but no joy.
>
> Anyone have pointers that may get me going again?
Have you replaced samba packages with samba3x packages?

Phil
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 11-17-2011, 05:20 PM
Phil Schaffner
 
Default CentOS 6 smb authentication?

Phil Schaffner wrote on 11/17/2011 01:18 PM:
> Have you replaced samba packages with samba3x packages?
P.S.
Just noticed I am an accessory to a thread hijacking. This thread is
about CentOS-6. Sorry.

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 11-17-2011, 05:30 PM
 
Default CentOS 6 smb authentication?

On Thu, 17 Nov 2011, Ron Young wrote:

> I just installed win 7 pro @home in order to be more compatible with
> my new @work environment. I am likewise having a problem with samba
> shares. The samba shares are on a C5.7 server and were readily
> available from the same machine running XP for the last couple of
> years.
>
> The new w7pro install is on the same network as the previous XP
> install on that machine and in fact has the same IP address as the
> former XP os.
>
> Now with the fresh install of w7pro I cannot see any of the samba
> shares from the w7pro machine. All of the googled solutions I have
> found so far have not worked. I have added a couple of entries to the
> smb.conf that were suggested and restarted smb but no joy.
>
> Anyone have pointers that may get me going again?

Have you seen this: http://wiki.samba.org/index.php/Windows7

In particular the registry on w7 needs modification in order to join.

I have numerous w7 machines in a couple of smb domains working as advertised.

Hope this helps.

--
Tom me@tdiehl.org Spamtrap address me123@tdiehl.org

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 11-17-2011, 05:41 PM
Les Mikesell
 
Default CentOS 6 smb authentication?

On Thu, Nov 17, 2011 at 12:30 PM, <me@tdiehl.org> wrote:
>
>> I just installed win 7 pro @home in order to be more compatible with
>> my new @work environment. *I am likewise having a problem with samba
>> shares. *The samba shares are on a C5.7 server and were readily
>> available from the same machine running XP for the last couple of
>> years.
>>
>> The new w7pro install is on the same network as the previous XP
>> install on that machine and in fact has the same IP address as the
>> former XP os.
>>
>> Now with the fresh install of w7pro I cannot see any of the samba
>> shares from the w7pro machine. *All of the googled solutions I have
>> found so far have not worked. *I have added a couple of entries to the
>> smb.conf that were suggested and restarted smb but no joy.
>>
>> Anyone have pointers that may get me going again?
>
> Have you seen this: http://wiki.samba.org/index.php/Windows7
>
> In particular the registry on w7 needs modification in order to join.
>
> I have numerous w7 machines in a couple of smb domains working as advertised.
>

I don't think you need that unless you are using samba as a domain
controller. If you just want a windows7 (pro...) client to send it's
NTLM credentials to samba like XP would, run 'secpol.msc' and under
Under Local Policies, Security Options, Network security, change
option from ‘not defined’ to ‘Send LM & NTLM use NTLMv2 session
security if negotiated.

Otherwise you can only connect to shares with
security = share and guests allowed.

--
Les Mikesell
lesmikesell@gmail.com
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 11-17-2011, 06:10 PM
Les Mikesell
 
Default CentOS 6 smb authentication?

On Thu, Nov 17, 2011 at 11:26 AM, John Hodrien <J.H.Hodrien@leeds.ac.uk> wrote:
>
>> I have some services on Centos5 boxes that use smb authentication
>> against the Windows domain as a low-maintenance way to handle most of
>> our office users for things that don't need home directories (web/file
>> shares, etc.). *Running authconfig is all it takes to add it to PAM,
>> then adding mod_auth_pam to apache makes it work with that and local
>> users. *This all works without any particular involvement with the
>> Windows group or administrative access there.
>>
>> Is there a better way to do this on C6 that does not involve 'joining'
>> the windows domain?
>
> You don't *have* to join it to the domain, you can use pam_krb5 without
> joining if you want.

I don't see that as an option in authconfig (or smb either now). Are
there examples of how to set that up? And does apache have to be
configured separately?

>*There are advantages if you do though, since a joined
> machine offering samba shares to windows users on a domain won't prompt for a
> password, as it'll use their existing kerberos ticket. *Joining *is* just a
> case of a correct smb.conf/krb5.conf and "net ads join" with an account with
> sufficient privs, so isn't really much pain for servers.

I thought 'sufficient privs' was an admin account in AD. I don't
have/want that, and I'd prefer for the people running the AD servers
to continue to not know which linux servers are bouncing password
checks their way.

>> And is there a way to make samba (C5 or 6) work with Windows7 other
>> than configuring every client to to send NTLM authentication when
>> requested?
>
> On C5 I thought upgrading to samb3x was sufficient, and that C6 it should just
> work. *I'm assuming that not the case?

Maybe, if you have krb stuff passed through to a joined AD. I was
hoping NTLM would still work. And I want it to also work
transparently with local linux accounts that don't exist in AD.

--
Les Mikesell
lesmikesell@gmail.com
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 11-17-2011, 06:37 PM
John Hodrien
 
Default CentOS 6 smb authentication?

On Thu, 17 Nov 2011, Les Mikesell wrote:

>> You don't *have* to join it to the domain, you can use pam_krb5 without
>> joining if you want.
>
> I don't see that as an option in authconfig (or smb either now). Are
> there examples of how to set that up? And does apache have to be
> configured separately?

With authconfig it's --enablekrb5 and the related ones for setting the
details. Since you're not worried about group membership krb5's all you need.
If pam_smb type stuff was enough then you don't need to worry about
validation, although it's definitely better if you do.

> I thought 'sufficient privs' was an admin account in AD. I don't
> have/want that, and I'd prefer for the people running the AD servers
> to continue to not know which linux servers are bouncing password
> checks their way.

No, you don't need that much. You just need permissions to create a machine
object within a specific OU, which is much lower grade. The password checks
would end up with the AD controllers, but I doubt it's anything they're likely
to notice.

> Maybe, if you have krb stuff passed through to a joined AD. I was
> hoping NTLM would still work. And I want it to also work
> transparently with local linux accounts that don't exist in AD.

On that side, I pass.

jh
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 11-17-2011, 06:53 PM
Ron Young
 
Default CentOS 6 smb authentication?

Oops! My apologies for the thread hijacking. Thanks for the reminder Phil.

I was mentally keyed to the samba issues and ignored the C6 and AD
issues. In my case there is no AD domain involved and samba is
already at the 3x level.


Regards,

Ron Young
919-621-9015
http://www.linkedin.com/in/ronhyoung

+++++++++++++++++++
Little tiny dreams require little tiny thoughts and little tiny steps.
Great big dreams require great big thoughts and little tiny steps.
+++++++++++++++++++
Kosh: The avalanche has already started. It is too late for the pebbles to vote.




On Thu, Nov 17, 2011 at 1:20 PM, Phil Schaffner
<Philip.R.Schaffner@nasa.gov> wrote:
> Phil Schaffner wrote on 11/17/2011 01:18 PM:
>> Have you replaced samba packages with samba3x packages?
> P.S.
> Just noticed I am an accessory to a thread hijacking. *This thread is
> about CentOS-6. *Sorry.
>
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 07:15 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org