Help Needed configuring Samba on Webserver

Sat Apr 9 05:31:58 UTC 2005

Hi Tim,

On Apr 8, 2005 12:10 PM, Tim Holmes <tholmes at mcaschool.net> wrote:
> Earlier this week, I posted a message asking for help with a number of
> problems / Projects using Fedora Core 2 or 3 within our network.  The
> responses indicated that I should go ahead and post the questions to
> this list, so here is the first one that I am having problems with

We can always provide better answers for specific questions :).

> Our webserver is a Pentium 4 2Ghz server running fully up to date FC2
> with Apache and Samba installed.
> 
> Our domain is a windows 2003 Domain using active directory.  What I want
> to be able to do is to have each student have their own directory on the
> web server that they can post their web design projects into, and then
> we have apache to use ~username addressing for their sites.
> 
> As it stands right now, I use the following procedure to make this work,
> which is not a problem for a class of 5 students, but for a large class
> it turns into a large amount of work
> 
> Procedure to setup student for samba access

Sounds like a good job for a script, but I think you can save yourself
a few steps here.

> 1 Create the user directory on the webserver

This should be done automatically when adding the user.
useradd <name>

> 2. Create the linux user - system/users and groups

Don't know the details here.  Default setup is user is in his own
group.  You can specify all sorts of parameters with "useradd"
man useradd
is a good read.

> 3. Create a public_html directory under their home directory

Anything you place in the /etc/skel/ directory will be placed in the
user's home directory when it is created with useradd.
mkdir /etc/skel/public_html

> 4. chmod home directory 755

I would assume you could set this behavior in some config somewhere. 
Fedora is setup pretty tight (perms 700) by default, but I know other
distros are more loose.  You could do this is one fell swoop after
you've created all your users if you cannot find a config for it:
chmod 755 /home/*

> 5. chmod public_html directory 755

I don't recall how /etc/skel/ works with permissions, but I would
think it would keep permissions the same.  A quick test seems to
indicate that.
chmod 755 /etc/skel/public_html/

> 6. chown home directory -R to user

Again, should be automatic with useradd if you don't manually create it.

> 7. chgrp home directory to apache

I don't get this.  Perms of 755 are world readable and executable, so
why make the home dir group apache?  If you want all your users in one
group, I suggest using a group called "users"  You can set the default
group with useradd as well if you really want to change it.  It will
set the user's group and the perms for the home directory.  By the
way, chown can set the group as well.  Either of these works.
chown user:group
chown user.group

> 8. create samba user -- system-config-samba
> 9. input windows password into samba as samba password

Looks like you gotten some good feedback here already.  If you still
need to add samba users, take a look at smbpasswd which can add users
from the command line (and thus could be used in a script).
man smbpasswd

> everything should then work

You don't mention setting up a default password.  You can do that with
the -p option to useradd.  Note this takes an encrypted password
(again, see "man useradd").

> This procedure works.  It takes 3 - 5 minutes per itineration, which
> gets tedious at best.  The problem comes in the fact that next year we
> want to implement a similar system for storing all of our user files on
> our samba file server, and creating 250 accounts like this is just out
> of the question.

I certainly recommend a script, and use some of the above tips.  Then
you just create a file with the list of names, run the script, and you
should be up and running.
http://www.tldp.org/LDP/abs/html/
Is a great site about bash shell scripting.  Basically, I think for
1-7 all you need is a carefully constructed "useradd $student" line
and perhaps the "chmod 755 /home/$student/" in a for each loop.  Even
without the script, 1-2 commands per user is better then 7 steps :).

> I realize that I am a new linux administrator, and that my understanding
> of Linux and Samba are fairly limited, but it seems that there must be
> an easier way of accomplishing this.  The point that especially wrankles
> me is having to ask the user for their password, and then manually enter
> it into samba to get it to recognize the password, it should be able to
> authenticate against the active directory and work that way.

Looks like you got an answer here.  I've never dealt with anything
like that before.  Probably will someday.

> I could really use some help here -- I have a class of almost 20
> students who will be starting web design projects on Wednesday of next
> week, so I would very much like to get this working before then, cuz
> otherwise Tuesday night is going to be a real pain creating all those
> users
> 
> TIM
> 
> I can be reached on list, off list at tholmes at mcaschool.net, on Yahoo IM
> at W8TAH, and on AOL IM at W8TAHHAM

Cool to see another Ham :).  KF4MME out.

> TIM
> 
> Tim Holmes
> 
> IT Manager / Webmaster
> Medina Christian Academy
> A Higher Standard...
> 
> Jeremiah 33:3
> Jeremiah 29:11
> Esther 4:14
Some great verses.

Jonathan