> > Hi Tim, > > On Apr 8, 2005 12:10 PM, Tim Holmes <tholmes@xxxxxxxxxxxxx> wrote: > > Earlier this week, I posted a message asking for help with a number of > > problems / Projects using Fedora Core 2 or 3 within our network. The > > responses indicated that I should go ahead and post the questions to > > this list, so here is the first one that I am having problems with > > We can always provide better answers for specific questions :). > > > Our webserver is a Pentium 4 2Ghz server running fully up to date FC2 > > with Apache and Samba installed. > > > > Our domain is a windows 2003 Domain using active directory. What I want > > to be able to do is to have each student have their own directory on the > > web server that they can post their web design projects into, and then > > we have apache to use ~username addressing for their sites. > > > > As it stands right now, I use the following procedure to make this work, > > which is not a problem for a class of 5 students, but for a large class > > it turns into a large amount of work > > > > Procedure to setup student for samba access > > Sounds like a good job for a script, but I think you can save yourself > a few steps here. > > > 1 Create the user directory on the webserver > > This should be done automatically when adding the user. > useradd <name> > > > 2. Create the linux user - system/users and groups > > Don't know the details here. Default setup is user is in his own > group. You can specify all sorts of parameters with "useradd" > man useradd > is a good read. > > > 3. Create a public_html directory under their home directory > > Anything you place in the /etc/skel/ directory will be placed in the > user's home directory when it is created with useradd. > mkdir /etc/skel/public_html > > > 4. chmod home directory 755 > > I would assume you could set this behavior in some config somewhere. > Fedora is setup pretty tight (perms 700) by default, but I know other > distros are more loose. You could do this is one fell swoop after > you've created all your users if you cannot find a config for it: > chmod 755 /home/* > > > 5. chmod public_html directory 755 > > I don't recall how /etc/skel/ works with permissions, but I would > think it would keep permissions the same. A quick test seems to > indicate that. > chmod 755 /etc/skel/public_html/ > > > 6. chown home directory -R to user > > Again, should be automatic with useradd if you don't manually create it. > > > 7. chgrp home directory to apache > > I don't get this. Perms of 755 are world readable and executable, so > why make the home dir group apache? If you want all your users in one > group, I suggest using a group called "users" You can set the default > group with useradd as well if you really want to change it. It will > set the user's group and the perms for the home directory. By the > way, chown can set the group as well. Either of these works. > chown user:group > chown user.group > > > 8. create samba user -- system-config-samba > > 9. input windows password into samba as samba password > > Looks like you gotten some good feedback here already. If you still > need to add samba users, take a look at smbpasswd which can add users > from the command line (and thus could be used in a script). > man smbpasswd > > > everything should then work > > You don't mention setting up a default password. You can do that with > the -p option to useradd. Note this takes an encrypted password > (again, see "man useradd"). > > > This procedure works. It takes 3 - 5 minutes per itineration, which > > gets tedious at best. The problem comes in the fact that next year we > > want to implement a similar system for storing all of our user files on > > our samba file server, and creating 250 accounts like this is just out > > of the question. > > I certainly recommend a script, and use some of the above tips. Then > you just create a file with the list of names, run the script, and you > should be up and running. > http://www.tldp.org/LDP/abs/html/ > Is a great site about bash shell scripting. Basically, I think for > 1-7 all you need is a carefully constructed "useradd $student" line > and perhaps the "chmod 755 /home/$student/" in a for each loop. Even > without the script, 1-2 commands per user is better then 7 steps :). > > > I realize that I am a new linux administrator, and that my understanding > > of Linux and Samba are fairly limited, but it seems that there must be > > an easier way of accomplishing this. The point that especially wrankles > > me is having to ask the user for their password, and then manually enter > > it into samba to get it to recognize the password, it should be able to > > authenticate against the active directory and work that way. > > Looks like you got an answer here. I've never dealt with anything > like that before. Probably will someday. > > > I could really use some help here -- I have a class of almost 20 > > students who will be starting web design projects on Wednesday of next > > week, so I would very much like to get this working before then, cuz > > otherwise Tuesday night is going to be a real pain creating all those > > users > > > > TIM > > > > I can be reached on list, off list at tholmes@xxxxxxxxxxxxx, on Yahoo IM > > at W8TAH, and on AOL IM at W8TAHHAM > > Cool to see another Ham :). KF4MME out. > > > TIM > > > > Tim Holmes > > > > IT Manager / Webmaster > > Medina Christian Academy > > A Higher Standard... [Tim Holmes wrote] I really hate to be daft here, but I am still not understanding something: I want samba to accept the password that is supplied as part of the connection from windows, when it does this, it should check against my password server (the domain controller) instead of the smbpasswd file, can someone point me in the right direction. I agree with the one respondent that said that from a security standpoint it is very bad practice to have each user give me their network password to enter into the smbpasswd file, but I haven't been able to get samba to authenticate against the domain, instead of the smbpasswd, so right now that's the only recourse I have TIM
