J'aimerais que lors du login sous windows 98, les utilisateurs ne puissent être que des utilisateurs déclarés sur le serveur Samba. A l'heure actuelle, il vérifie les mots de passe des utilisateurs enregistrés, mais il accepte n'importe qui d'autre
.
Pour info :
Config de mon client :
Validation de l'ouverture de session > Domaine Windows NT > MonDomaine (ouvrir la session sur un domaine activé)
Groupe de travail : MonDomaine
Contrôle d'accès au niveau utilisateur > Groupes obtenus depuis : MonDomaine
J'ai appliqué la modif de registre pour faire passer HK_L_M>Network>Logon>MustBeValidated à 1 et LMLogon à 1
Et voici mon fichier smb.conf (désolé, c'est plein de parasites - j'ai utilisé le WebMin sur la fin, et ça m'a tout pourri).
# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
#
# Any line which starts with a ; (semi-colon) or a # (hash)
# is a comment and is ignored. In this example we will use a #
# for commentry and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command "testparm"
# to check that you have not made any basic syntactic errors.
#
#======================= Global Settings =====================================
[global]
log file = /var/log/samba/log.%m
load printers = yes
smb passwd file = /etc/samba/smbpasswd
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
domain master = yes
map to guest = bad user
encrypt passwords = yes
printer admin = @adm
wins support = true
dns proxy = no
netbios name = MonServeur
server string = Serveur Samba
printing = cups
local master = yes
workgroup = MonDomaine
os level = 64
printcap name = cups
security = domain
max log size = 50
domain logons = yes
[homes]
comment = Home Directories
browseable = no
writable = yes
# You can enable VFS recycle bin on a per share basis:
# Uncomment the next 2 lines (make sure you create a
# .recycle folder in the base of the share and ensure
# all users will have write access to it. See
# examples/VFS/recycle/REAME in samba-doc for details
; vfs object = /usr/lib/samba/vfs/recycle.so
; vfs options= /etc/samba/recycle.conf
# You may want to prevent abuse of your server disk space, and spread of virii
; veto files = /*.eml/*.nws/*.dll/*.mp3/*.MP3/*.mpg/*.MPG/*.vbs/*.VBS/
# Un-comment the following and create the netlogon directory for Domain Logons
; [netlogon]
; comment = Network Logon Service
; path = /var/lib/samba/netlogon
; guest ok = yes
; writable = no
#Uncomment the following 2 lines if you would like your login scripts to
#be created dynamically by ntlogon (check that you have it in the correct
#location (the default of the ntlogon rpm available in contribs)
;root preexec = /usr/bin/ntlogon -u %U -g %G -o %a -d /var/lib/samba/netlogon/
;root postexec = rm -f /var/lib/samba/netlogon/%U.bat
# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
;[Profiles]
; path = /var/lib/samba/profiles
; browseable = no
; guest ok = yes
; writable = yes
# This script can be enabled to create profile directories on the fly
# You may want to turn off guest acces if you enable this, as it
# hasn't been thoroughly tested.
; root preexec = PROFILE=/var/lib/samba/profiles/%u; if [ ! -e $PROFILE ]; \
; then mkdir -pm700 $PROFILE; chown %u.%g $PROFILE;fi
# NOTE: If you have a CUPS print system there is no need to
# specifically define each individual printer.
# You must configure the samba printers with the appropriate Windows
# drivers on your Windows clients. On the Samba server no filtering is
# done. If you wish that the server provides the driver and the clients
# send PostScript ("Generic PostScript Printer" under Windows), you have
# to swap the 'print command' line below with the commented one.
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
# to allow user 'guest account' to print.
guest ok = yes
writable = no
printable = yes
create mode = 0700
# =====================================
# print command: see above for details.
# =====================================
print command = lpr-cups -P %p -o raw %s -r # using client side printer drivers.
; print command = lpr-cups -P %p %s -r # using cups own drivers (use generic PostScript on clients).
# The following two commands are the samba defaults for printing=cups
# change them only if you need different options:
; lpq command = lpq -P %p
; lprm command = cancel %p-%j
# This share is used for Windows NT-style point-and-print support.
# To be able to install drivers, you need to be either root, or listed
# in the printer admin parameter above. Note that you also need write access
# to the directory and share definition to be able to upload the drivers.
# For more information on this, please see the Printing Support Section of
# /usr/share/doc/samba-<version>/docs/Samba-HOWTO-Collection.pdf
[print$]
path = /var/lib/samba/printers
browseable = yes
read only = yes
write list = @adm root
guest ok = yes
# A useful application of samba is to make a PDF-generation service
# To streamline this, install windows postscript drivers (preferably colour)
# on the samba server, so that clients can automatically install them.
[pdf-generator]
path = /var/tmp
guest ok = No
printable = Yes
comment = PDF Generator (only valid users)
#print command = /usr/share/samba/scripts/print-pdf file path win_path recipient IP doc_name &
print command = /usr/share/samba/scripts/print-pdf %s ~%u //%L/%u %m %I "%J" &
# This one is useful for people to share files
;[tmp]
; comment = Temporary file space
; path = /tmp
; read only = no
; public = yes
# A publicly accessible directory, but read only, except for people in
# the "staff" group
;[public]
; comment = Public Stuff
; path = /home/samba/public
; public = yes
; writable = no
; write list = @staff
# Audited directory through experimental VFS audit.so module:
# Uncomment next line.
; vfs object = /usr/lib/samba/vfs/audit.so
# Other examples.
#
# A private printer, usable only by Fred. Spool data will be placed in Fred's
# home directory. Note that fred must have write access to the spool directory,
# wherever it is.
;[fredsprn]
; comment = Fred's Printer
; valid users = fred
; path = /homes/fred
; printer = freds_printer
; public = no
; writable = no
; printable = yes
# A private directory, usable only by Fred. Note that Fred requires write
# access to the directory.
;[fredsdir]
; comment = Fred's Service
; path = /usr/somewhere/private
; valid users = fred
; public = no
; writable = yes
; printable = no
# a service which has a different directory for each machine that connects
# this allows you to tailor configurations to incoming machines. You could
# also use the %u option to tailor it by user name.
# The %m gets replaced with the machine name that is connecting.
;[pchome]
; comment = PC Directories
; path = /usr/pc/%m
; public = no
; writable = yes
# A publicly accessible directory, read/write to all users. Note that all files
# created in the directory by users will be owned by the default user, so
# any user with access can delete any other user's files. Obviously this
# directory must be writable by the default user. Another user could of course
# be specified, in which case all files would be owned by that user instead.
;[public]
; path = /usr/somewhere/else/public
; public = yes
; only guest = yes
; writable = yes
; printable = no
# The following two entries demonstrate how to share a directory so that two
# users can place files there that will be owned by the specific users. In this
# setup, the directory should be writable by both users and should have the
# sticky bit set on it to prevent abuse. Obviously this could be extended to
# as many users as required.
;[myshare]
; comment = Mary's and Fred's stuff
; path = /usr/somewhere/shared
; valid users = mary fred
; public = no
; writable = yes
; printable = no
; create mask = 0765
[formateurs]
comment = Espace de travail formateurs Genie Civil
invalid users = @etudiants
path = /samba/formateurs
write list = @formateurs
[documents]
comment = Documents en libre service
read list = @etudiants
path = /samba/documents
write list = @formateurs
le bon vieux temps)