LISTSERV - HP3000-L Archives

HP3000-L Archives

July 2006, Week 4

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L July 2006, Week 4

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Samba and a 918
From:	Ray Shahan <[log in to unmask]>
Reply To:	Ray Shahan <[log in to unmask]>
Date:	Tue, 25 Jul 2006 08:52:04 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (138 lines)

Nice explanation of what/how to do this, Donna.  Say, can you set some
paver-stones for a patio (10' X 12' rectangle please)...I need to do
this at my house, and if you do it first and put the instructions here,
I'm sure I'll have no problems when I go to do mine.

8-)

Have a great week!

Ray Shahan

-----Original Message-----
From: HP-3000 Systems Discussion [mailto:[log in to unmask]] On
Behalf Of donna garverick
Sent: Tuesday, July 25, 2006 8:22 AM
To: [log in to unmask]
Subject: Re: [HP3000-L] Samba and a 918

--- Robert Mills <[log in to unmask]> wrote:

> The following is from the Samba 2.2.8a (sadly it requires that you to
> be on 6.5 or higher) page on Jazz:

the i&i products (including samba) tended to be pretty os version
independent.  it's not a hard & fast rule...but usually you can get
away with putting i&i products on older releases of the os.

however....

> "Previous versions of Samba on MPE could only perform SMB
> authentication using plaintext passwords which certain versions of 
> Windows could only support via the registry modifications described 
< in the /usr/local/samba/docs/Registry directory.  Because passwords 
> were transmitted over the network in plaintext, this constituted 
> somewhat of a security exposure that some customers were not willing 
> to risk."
> 
> I think that this might be the source of your problem. 

i think so too....but (afaik) it has nothing to do with being on 6.0.

in order to log on as a specific user, you have to define that user to
samba.  additionally, the password you give (when adding the user to
samba) has *nothing* to do with that user's mpe password (kinda spooky
:-) nor does this password have to comply with mpe requirements (like
length or character restrictions (even more weird)).

in the shell -- as manager.sys -- navigate your way to
   /SAMBA/SMB228A/bin

the program you want is smbpasswd.  here's the help text:

/SAMBA/SMB228A/bin: ./smbpasswd -h
When run by root:
    smbpasswd [options] [username] [password]
otherwise:
    smbpasswd [options] [password]

Version: 2.2.8a
options:
  -L                   local mode (must be first option)
  -h                   print this usage message
  -s                   use stdin for password prompt
  -c smb.conf file     Use the given path to the smb.conf file
  -D LEVEL             debug level
  -r MACHINE           remote machine
  -U USER              remote username
extra options when run by root or in local mode:
  -a                   add user
  -d                   disable user
  -e                   enable user
  -m                   machine trust account
  -n                   set no password
  -x                   delete user
  -j DOMAIN            join domain name
  -t DOMAIN            change trust account password on domain
  -S DOMAIN            Retrieve the domain SID for DOMAIN
  -R ORDER             name resolve order
  -W S-1-5-...         Write the SID S-1-5-... to the secrets file
  -X SERVER|DOMAIN     Extract SID for SERVER or DOMAIN from the
secrets file

the option you want is '-a'.  i've always added users in all upper as
USER.ACCOUNT.  i'm not sure that case makes a difference...but otoh,
i've not had any problems.  on the windows side, i can enter
'user.account' and it works.  ymmv...  you can do user mapping so that
'jdunlop' (from windows) becomes 'mgr.acct' for samba.  it is an extra
layer of complexity so give it some thought before proceeding.

once this samba-only password is set for the user, you can't look it up
(it's encrypted) so select the password with care.  oh -- and it's
case-sensitive too!

here's an example of how i typically set-up an account for samba:

[acct]
  comment = config access for MGR.ACCT
# grant access to the ACCT account tree
  path = /ACCT/
# require user validation by password
  guest ok = no
# allow read and write access
  write ok = yes
# create new files with rwxr--r-- permissions
  create mask = 0744
# only accept connections as mgr.acct
  valid users = mgr.acct
# check passwords against mgr.acct only
  user = mgr.acct
  only user = yes
# don't hide this share from network neighbourhood
  browseable = yes

(i only allow guest in the default samba areas)  hth      - d

Donna Garverick, HP-CSA   Sr. System Programmer
dgarverick -at- longs -dot- com
925-210-6631              Longs Drug Stores

Come, my friends, 'Tis not too late to seek a newer world.
Tho' much is taken, much abides; and tho'
We are not now that strength which in old days
Moved earth and heaven, that which we are, we are.
"Ulysses", A. Tennyson

>>>MY opinions, not Longs Drug Stores'<<<

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2

RAVEN.UTC.EDU