Tag: Samba

smbpasswd html GUI

I had a peek about and could not find a web interface for smbpasswd. I have been helping a friend run a school network and after a year they would still rather use something that a text interface.

I had a look at webmin; however although I could add unix users I could not change samba passwords and the swat interface was not helpful. (In addition I did not want people playing with shares or other configuration options in SWAT). There is also smbpasswd.php as an rpm package, which had a load of pear dependencies, which were not a standard part of a distribution and I did not want random items to break on upgrade.

I have three files that require amendments to the sudoers file and server side includes enabled. I should also mention that this has been thrown together and is on a local network and is only accessed using ssl and is behind a password protected page. It is not secure and will allow people to do nasty things to your smbpasswd file.

The files are here: smbpasswd.php; write_data.php; final.shtml.

The changes to sudoers is as follows (using visudo):
apache ALL= NOPASSWD: /usr/bin/smbpasswd -s -a

The changes to the httpd.conf file to enable includes is:
<Directory /var/www/html/sambapath>
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml


Changing Windows' User's password
<strong>Changing a Samba Password</strong>
<form method="post"
<br>Username is <input type="text" Name="username"><br>
<br>Password is <input type="password" Name="pass1">
<br>Password is <input type="password" Name="pass2"> (confirmation)<br>
<br><input type="submit"
	value="Step two">

Change Password - Step two

//create a file with data
$file = @fopen("/full/path/htdocs/pass.dat","w");
$file2 = @fopen("/full/path/htdocs/user.dat","w");
fputs($file,$pass1."\n".$pass2 . "\n");

<form method="post"
<br>You are about to add a new samba user or change the password on an existing user.
<br><strongAre you sure?</strong>
<br>Username is <?php echo "$username" ?>
//<br>Password is <?php echo "$pass" ?>
<br><input type="submit"
        value="Yes, I am Sure">

Changing Passwords Final Step
<!--#exec cmd="sudo smbpasswd -s -a `cat /full/path/htdocs/user.dat` < /full/path/htdocs/pass.dat" -->
<!--#exec cmd=" > /full/path/htdocs/user.dat; > /full/path/htdocs/pass.dat" -->


Comments Off on smbpasswd html GUI more...

Logon scripts

Shell script to produce your windows logon scripts

[Author: Francois-Xavier Le Bail. mailto:fx.LeBail@free.fr]
[Document version: 2.1]
[License: GNU General Public License]

You can use a shell script to produce your windows logon scripts :
_One_ script for _all_ your users, groups, computers if you want …

can be useful for :
– software install or update,
– mount administrative share,
– copy initialization files,
– customize the program menu,
– make cleanup in tmp files,
– help maintain classrooms environment,
– etc.

1) the “/usr/local/samba/lib/netlogon/scripts” directory must exist

2) in your smb.conf :

# Global parameters

   logon script = scripts\%m.bat
   time server = yes

   comment = netlogon share
   path = /usr/local/samba/lib/netlogon
   guest ok = no
   writable = no
   write list = admin
   locking = no
; call the shell script (make_logon_script) with parameters :
; %m (machine netbios name) %U (user) %a (architecture) %g (group) %L (server)
; perhaps you prefer : %u, %G, ...
; quote in case of spaces
   root preexec = /usr/local/samba/bin/make_logon_script '%m' '%U' '%a' '%g' '%L'

3) the shell script (/usr/local/samba/bin/make_logon_script) :

# Generate logon script for windows (or dos)
# parameters :
# %m (machine netbios name) %U (user) %a (architecture) %g (group) %L (server)
# $1                        $2        $3                $4         $5

#--------------------------- ERRORS LOG ---------------------------------------
# for the new files
umask 022


# if you need the errors messages
exec 2>>"$SAMBA_DIR/var/logon_script.err"
# if you prefer the errors messages by machine name, comment the preceding line
# and uncomment :
#exec 2>>"$SAMBA_DIR/var/logon_script.$1.err"

# if you need SHELL DEBUG, in the errors messages file, uncomment :
#set -x

#--------------------------- FUNCTIONS ----------------------------------------
# end of line in windows world : CR+NL
# echo -n "WINDOWS_COMMAND"; echo -e '\r'
# do the trick.
# use "write" to write in the logon script
write () { echo -n "$@"; echo -e '\r'; }

#--------------------------- VARIABLES ----------------------------------------


#--------------------------- HEADER -------------------------------------------

# this redirection mean all the standard output go in the logon script
exec 1>"$SCRIPT"

# to hidden the script, (need "map hidden = yes", see in "man smb.conf")
chmod o+x "$SCRIPT"

#--------------------------- BODY ---------------------------------------------
write "@ECHO off"

write "ECHO."
write "ECHO Type : $SYSTEM_TYPE."
write "ECHO."
write "ECHO Computer : $CLIENT_MACHINE - User : $USER - Group : $GROUP."
write "ECHO."

# perhaps some tools used in the logon script are on the server
write "PATH %path%;\\\\$SERVER_NAME\parameters\bin"

# set the workstation time at the server time
write "NET TIME \\\\$SERVER_NAME /set /yes"

# perhaps you need non persistent connexion
write "NET USE /persistent:no"

# mount the home share
write "NET USE f: \\\\$SERVER_NAME\homes /yes"

# command depend on client machine
	write "....."
	write "....."
	write "....."
# other PCs
	write "....."

# mount depend on user
if [ "$USER" = u1 ]; then
	write "NET USE l: \\\\$SERVER_NAME\share1 /yes"
elif [ "$USER" = u2 ]; then
# other users
	write "....."

# mount depend on group
write "NET USE x: \\\\$SERVER_NAME\\$GROUP /yes"

# command depend on system type
if [ "$SYSTEM_TYPE" = Win95 ]; then

if [ "$SYSTEM_TYPE" = WinNT ]; then

#--------------------------- IN OUR CLASSROOMS --------------------------------
# example : clients are named xxYYcZZ and printers xxYYpZZ
# xx: building prefix, YY: classroom number, ZZ: identifier numbers
# xxYY est the classroom
CLASSROOM=`expr "$CLIENT_MACHINE" : '\(....\)'`

# common share by classroom
write "NET USE f: \\\\$SERVER_NAME\\${CLASSROOM}common /yes"

# 2 networked laser printers in some classrom ? I need :
# computer 1 to half : printer_1, half+1 to max : printer_2
MACHINE_NUMBER=`expr "$CLIENT_MACHINE" : '.....\(..\)'`

# for the room with only one printer

case "$CLASSROOM" in
# 14 computers
# 12 computers

if [ "$MACHINE_NUMBER" -le "$LIMIT" ]; then


write "NET USE lpt1: \\\\$SERVER_NAME\\$PRINTER /yes"
write "ECHO The printer number $PRINTER_NUMBER is connected."
write "ECHO."

# perhaps you need to apply some registry keys
write "REGEDIT /s \\\\$SERVER_NAME\parameters\registry\my_entries.registry"

# admin has special commands
if [ "$USER" = admin ]; then
	# perhaps you want to change the password the next time, uncomment :
	#if [ "$SYSTEM_TYPE" = WinNT ]; then
	#	write "NET USER admin my_new_passwd"
Comments Off on Logon scripts more...

Samba Domain

Creating a Windows Domain with Samba

Linux can use Samba to authenticate against other Samba servers, or against NT4 or even against Windows 2000 in degraded NT4 mode. It is also possible to create authentication chains where a Samba Server is one of many machines in a NIS domain and the Samba server authenticates Win98 computers across to a NIS server.

For a network where the client desktop machines using Windows 95 through to Windows XP it is probably easier to run NIS as the joint authentication scheme throughout the Linux / Unix servers and authenticate the Windows computers against the Samba Server. The Samba Server may also act as the fileserver and provide mapped drives for the Desktop computers.

IBM created a good document on how to create a Primary Domain Controller using Samba on Linux, which I have mirrored here

Scripts may also be used to map drives and printers, a useful page is here, mirrored here.

Ensure that samba-common, samba-client and samba-server packages are installed. During the installation of Red Hat Linux it is called Windows File Server. Please have a good read through the example smb.conf file, the items listed below are the items that are relevant to running a PDC. You should be able to use this smb.conf file almost as is.

There are a number of items that you should specify, I have attached an example file here. The items that you should ensure that you have are as follows:

  • security = user
    This ensures that the clients only use permissions of the domain.
  • encrypt passwords = yes
    Windows clients now use a basic form of encryption for passwords, earlier versions did not.
  • os level = 70
    We have a high OS level to ensure that no other computer (or guest laptop) interrupts our domain.
  • domain master = yes
  • domain logons = yes
    Yes we want domain logons :-)
  • logon script = logon.bat
    There is a sample batch file that has comments to explain what it does.
  • domain admin group = root administrator @root
    These are the accounts that can join computers to the domain.
  • [homes]
    This is useful in that it allows each user to have their own private files on the server. It should also be noted that Windows policy files allow you to use this storage for My Documents.
  • [netlogon]
    This is a hidden share whereall the windows policy files are located.
  • [Profiles]
    Profiles are enabled in the control panel in either passwords or users. This allows bookmarks and other settings to follow the users if they frequently use different computers.
Comments Off on Samba Domain more...

Copyright © 1996-2013 Xander Harkness. All rights reserved.
iDream theme by Templates Next | Powered by WordPress