[Samba] X flag in smbpasswd?

Ow Mun Heng ow.mun.heng at wdc.com
Mon May 26 08:06:14 GMT 2003 

Thanks for the tip.

Hence in that case, Since I have a lot of XXXX in my smbpasswd file for
users such as apache, gdm, nfsnobody etc.. does it mean I should remove
that? (so that someone can't use a login such as ftp/apache with NO password
and get into samba shares?)

BTW, i'm trying to set up anonymous access to the samba shares. (I have 1
share which I would like to share out to the 'world')

I have 

# If you want users samba doesn't recognize to be mapped to a guest user
map to guest = bad user

but that does not work. I already have :

# A publicly accessible directory, but read only, except for people in
# the "headmedia" group
[H-Media]
   comment = Head Media (Readable) Share
   path = /usr/HeadMedia
   public = yes     <--------This should be the one right?
   read only = yes
   write list = @headmedia
   create mask = 0665
   directory mode = 0775

unfortunately, it still prompts users for a password. (security = user)

Cheers,
Mun Heng, Ow
H/M Engineering
Western Digital M'sia 
DID : 03-7870 5168


-----Original Message-----
From: John H Terpstra [mailto:jht at samba.org]
Sent: Monday, May 26, 2003 12:58 PM
To: Ow Mun Heng
Cc: Samba Mailing List
Subject: RE: [Samba] X flag in smbpasswd?


On Mon, 26 May 2003, Ow Mun Heng wrote:

> Well, doing a fresh install of Redhat 8 samba 2.2.7a, it states that I
need
> to create the smbpasswd file and thus need to use mksmbpasswd.sh on
> /etc/passwd and redirect the output into smbpasswd.

The script mksmbpasswd.sh has the following in it:

#!/bin/sh
awk 'BEGIN {FS=":"
        printf("#\n# SMB password file.\n#\n")
        }
{ printf(
"%s:%s:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U
]:LCT-00000000:%s\n", $1, $3, $5) }
'

This script simply puts  account entries into the smbpasswd file but does
NOT set a password for any of them.

You will still need to set a password for each user by way of:

	smbpasswd 'username'


Now to add a user account _AND_ set the password in the first place you
would run (as you point out):

	smbpasswd -a 'username'

Both uses of smbpasswd are fully portable from samba-2.2.x to samba-3 when
it ships. It will work with Samba-3 regardless of the password backend you
choose to use. If you choose to use the 'tdbsam' or 'ldapsam' options then
the mksmbpasswd.sh shell script is useless to you anyhow - it will put
entries (without passwords) into a file that you will not be using.

>
> That's just to create the initial smbpasswd database. To add any
> new/additional users I use smbpasswd -a newuser.
>
> So, if mksmbpasswd.sh use is discouraged, does that mean I'll have to add
> the users 1 by one?

Yes, or else change the mksmbpasswd.sh script to call smbpasswd for you.
That is a pretty easy change to make, isn't it?

Let's see:

#!/bin/bash

list=`cat -f1 -d: < /etc/passwd`

for i in $list
do
	echo Adding user: $i
	smbpasswd -a $i
done

exit 0

Now you will need to type the password for each user.

Cheers,
- John T.

>
> Cheers,
> Mun Heng, Ow
> H/M Engineering
> Western Digital M'sia
> DID : 03-7870 5168
>
>
> -----Original Message-----
> From: John H Terpstra [mailto:jht at samba.org]
> Sent: Monday, May 26, 2003 11:43 AM
> To: Ow Mun Heng
> Cc: Ryan Novosielski; Samba Mailing List
> Subject: RE: [Samba] X flag in smbpasswd?
>
>
> On Mon, 26 May 2003, Ow Mun Heng wrote:
>
> > If that is the case, then what should be used to migrate current
passwords
> > into smbpasswd?
>
> What current passwords are you trying to migrate? What form are they in
> now?
>
> - John T.
>
> >
> > Cheers,
> > Mun Heng, Ow
> > H/M Engineering
> > Western Digital M'sia
> > DID : 03-7870 5168
> >
> >
> > -----Original Message-----
> > From: John H Terpstra [mailto:jht at samba.org]
> > Sent: Friday, May 23, 2003 11:39 PM
> > To: Ryan Novosielski
> > Cc: Samba Mailing List
> > Subject: Re: [Samba] X flag in smbpasswd?
> >
> >
> > On Thu, 22 May 2003, Ryan Novosielski wrote:
> >
> > > mksmbpasswd.sh does not create accounts with the X flag in the
password
> > > flags field. Does this X matter, and if so, what does it mean? It's
not
> in
> > > the man page.
> >
> > The 'X' flag is not used at this time, but please note that with Samba-3
> > there can be many passwd back ends - only smbpasswd (a legacy database)
is
> > plain text based. Use of mksmbpasswd.sh should be discouraged.
> >
> > - John T.
> >
>
>

-- 
John H Terpstra
Email: jht at samba.org

More information about the samba mailing list