Samba instead of NT

Michael Stockman pgmtekn at algonet.se
Tue Apr 20 16:35:06 GMT 1999 

Hello,

>Ok, I'm new to Samba and investigating its usefulness for school systems
>across the state of Georgia.  I have read numerous articles and docs on
>Samba and the book Samba by John Blair.
>
>Comments on the following please:
>
>Scenario: School with Samba server as only SMB server.  Wishes to use
>encrypted logins.
>
>To create accounts:
>    1. Create unix accounts (linuxconf)
>    2. Convert unix account to smbpasswd file using mksmbpasswd.sh
>    3. Use smbpasswd utility to create an encrypted password for each user.
>
>Ok so far?
>
>Now the school wants to add 50 additional student accounts.
>    1. Create unix accounts (linuxconf)
>    2. Can't convert because existing smbpasswd file will be overwritten
>(thus existing encrypted passwords are lost.
>    3. So, enter account information manually into the smbpasswd file
>    4. Use smbpasswd utility to enter an encrypted password for each user.
>
>Am I way off, or is this the way it is done?  (I hope I'm way off!)


I should imagine that you would rather put the new users, their passwords etc in a file and make a script/program that would add the unix users as well as the samba entries automagically. This, as you're in a school system, should also provide lists that can be used when the students leave school to remove their accounts.

Such a program might iterate the lines in a line based file like below:

username<tab>password<tab>anything...<new line>
...

To write a program that iterates such a file is quite easy (assuming that all necessary options can be privided on the command line to your adduser/linuxconf program). The program could then call adduser (options based on your policy) and the smbpasswd program (smbpasswd -a <username> <password>).

You would of course need to run the program as root and should be careful about other users with a shell account on the samba server at the time the program is run. The passwords could be visible, through the ps command, to them while the program is running.

Finally I should point out that I don't have such a program today, but that this is how I would do it if I administered a school and that it should not be more than 4+ hours of work depending on how many extra features you'd like.

Best regards
  Michael Stockman
  pgmtekn-micke at algonet.se

More information about the samba-ntdom mailing list