RE: Help Needed configuring Samba on Webserver

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> 
> Hi Tim,
> 
> On Apr 8, 2005 12:10 PM, Tim Holmes <tholmes@xxxxxxxxxxxxx> wrote:
> > Earlier this week, I posted a message asking for help with a number
of
> > problems / Projects using Fedora Core 2 or 3 within our network.
The
> > responses indicated that I should go ahead and post the questions to
> > this list, so here is the first one that I am having problems with
> 
> We can always provide better answers for specific questions :).
> 
> > Our webserver is a Pentium 4 2Ghz server running fully up to date
FC2
> > with Apache and Samba installed.
> >
> > Our domain is a windows 2003 Domain using active directory.  What I
want
> > to be able to do is to have each student have their own directory on
the
> > web server that they can post their web design projects into, and
then
> > we have apache to use ~username addressing for their sites.
> >
> > As it stands right now, I use the following procedure to make this
work,
> > which is not a problem for a class of 5 students, but for a large
class
> > it turns into a large amount of work
> >
> > Procedure to setup student for samba access
> 
> Sounds like a good job for a script, but I think you can save yourself
> a few steps here.
> 
> > 1 Create the user directory on the webserver
> 
> This should be done automatically when adding the user.
> useradd <name>
> 
> > 2. Create the linux user - system/users and groups
> 
> Don't know the details here.  Default setup is user is in his own
> group.  You can specify all sorts of parameters with "useradd"
> man useradd
> is a good read.
> 
> > 3. Create a public_html directory under their home directory
> 
> Anything you place in the /etc/skel/ directory will be placed in the
> user's home directory when it is created with useradd.
> mkdir /etc/skel/public_html
> 
> > 4. chmod home directory 755
> 
> I would assume you could set this behavior in some config somewhere.
> Fedora is setup pretty tight (perms 700) by default, but I know other
> distros are more loose.  You could do this is one fell swoop after
> you've created all your users if you cannot find a config for it:
> chmod 755 /home/*
> 
> > 5. chmod public_html directory 755
> 
> I don't recall how /etc/skel/ works with permissions, but I would
> think it would keep permissions the same.  A quick test seems to
> indicate that.
> chmod 755 /etc/skel/public_html/
> 
> > 6. chown home directory -R to user
> 
> Again, should be automatic with useradd if you don't manually create
it.
> 
> > 7. chgrp home directory to apache
> 
> I don't get this.  Perms of 755 are world readable and executable, so
> why make the home dir group apache?  If you want all your users in one
> group, I suggest using a group called "users"  You can set the default
> group with useradd as well if you really want to change it.  It will
> set the user's group and the perms for the home directory.  By the
> way, chown can set the group as well.  Either of these works.
> chown user:group
> chown user.group
> 
> > 8. create samba user -- system-config-samba
> > 9. input windows password into samba as samba password
> 
> Looks like you gotten some good feedback here already.  If you still
> need to add samba users, take a look at smbpasswd which can add users
> from the command line (and thus could be used in a script).
> man smbpasswd
> 
> > everything should then work
> 
> You don't mention setting up a default password.  You can do that with
> the -p option to useradd.  Note this takes an encrypted password
> (again, see "man useradd").
> 
> > This procedure works.  It takes 3 - 5 minutes per itineration, which
> > gets tedious at best.  The problem comes in the fact that next year
we
> > want to implement a similar system for storing all of our user files
on
> > our samba file server, and creating 250 accounts like this is just
out
> > of the question.
> 
> I certainly recommend a script, and use some of the above tips.  Then
> you just create a file with the list of names, run the script, and you
> should be up and running.
> http://www.tldp.org/LDP/abs/html/
> Is a great site about bash shell scripting.  Basically, I think for
> 1-7 all you need is a carefully constructed "useradd $student" line
> and perhaps the "chmod 755 /home/$student/" in a for each loop.  Even
> without the script, 1-2 commands per user is better then 7 steps :).
> 
> > I realize that I am a new linux administrator, and that my
understanding
> > of Linux and Samba are fairly limited, but it seems that there must
be
> > an easier way of accomplishing this.  The point that especially
wrankles
> > me is having to ask the user for their password, and then manually
enter
> > it into samba to get it to recognize the password, it should be able
to
> > authenticate against the active directory and work that way.
> 
> Looks like you got an answer here.  I've never dealt with anything
> like that before.  Probably will someday.
> 
> > I could really use some help here -- I have a class of almost 20
> > students who will be starting web design projects on Wednesday of
next
> > week, so I would very much like to get this working before then, cuz
> > otherwise Tuesday night is going to be a real pain creating all
those
> > users
> >
> > TIM
> >
> > I can be reached on list, off list at tholmes@xxxxxxxxxxxxx, on
Yahoo IM
> > at W8TAH, and on AOL IM at W8TAHHAM
> 
> Cool to see another Ham :).  KF4MME out.
> 
> > TIM
> >
> > Tim Holmes
> >
> > IT Manager / Webmaster
> > Medina Christian Academy
> > A Higher Standard...
[Tim Holmes wrote] 

I really hate to be daft here, but I am still not understanding
something:

I want samba to accept the password that is supplied as part of the
connection from windows,  when it does this, it should check against my
password server (the domain controller) instead of the smbpasswd file,
can someone point me in the right direction.  I agree with the one
respondent that said that from a security standpoint it is very bad
practice to have each user give me their network password to enter into
the smbpasswd file, but I haven't been able to get samba to authenticate
against the domain, instead of the smbpasswd, so right now that's the
only recourse I have

TIM




[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux