Here is the Nagios plugin for checking Samba authentication.
In this case samba is configured with security = domain (which is user-level security).
This means that samba server is member of Windows domain (has machine account in domain) and samba server sends authentication requests to domain controllers (PDC or BDC).
Reminder one: to join samba server to the Windows domain, use the command:
net rpc join -U username
(username is Windows account that has right to add a machine to the domain).
Reminder two: in this configuration you still need Unix account for the user, say NIS one (yes, samba server is NIS client)
#!/bin/sh #set -x # Nagios states STATE_OK=0 STATE_WARNING=1 STATE_CRITICAL=2 STATE_UNKNOWN=3 STATE_DEPENDENT=4 # Variables for end RESULT="" EXIT_STATUS=${STATE_OK} PROGNAME=`/bin/basename $0` SMBCLIENT="/usr/sfw/bin/smbclient" GREP="/usr/bin/grep" AWK="/usr/bin/awk" # - Camelot account USER=smbcheck PASS='my_passwd' DOMAIN=mydomain # -- function: end script with output endscript () { echo ${RESULT} exit ${EXIT_STATUS} } # -- function: usage of script usage () { echo "\ Nagios plugin to check if user 'smbcheck' can authenticate to MYDOMAIN Usage: ${PROGNAME} -H <host> ${PROGNAME} --help " } # -- function: HELP help () { echo; usage; echo } # Check if there is only one argument if [ $# -lt 1 ] || [ $# -gt 2 ]; then usage exit ${STATE_UNKNOWN} fi while [ -n "$1" ] # true if first argument is non-null do case $1 in --help | -h ) help exit ${STATE_OK};; -H ) shift HOST=$1;; * ) usage exit ${STATE_UNKNOWN};; esac shift # if there is no shift, script will continue with host as null done OUTPUT=`${SMBCLIENT} //${HOST}/homes -c "pwd" -U ${USER}%${PASS} -W ${DOMAIN} 2>&1 |${GREP} Domain=` if [ "$?" -eq "0" ] then RESULT="OK Authentication successful on ${OUTPUT}" EXIT_STATUS=${STATE_OK} else RESULT="Authentication failed on ${DOMAIN}: ${OUTPUT}" EXIT_STATUS=${STATE_CRITICAL} fi endscript |