smbpasswd doubt
James B Curry
jbcurry at hline.localhealth.net
Wed Aug 23 21:32:29 GMT 2000
Gabriel Zicarelli wrote:
>
> Hi all,
>
> Even though I read all the documentation in the samba-tarball I still have
> doubts about having to create the smbpasswd file.
> I´m using 'security = domain' so if I´m not wrong all authentication goes
> through the 'passwd server', and then a user´s permission is either granted
> or rejected .
(Disclaimer: I may or may not know what the *&!@ I'm talking about, but
here goes...)
Yes, authentication goes through the domain server(s), which either
provide-a-token-for or are-queuried-by other network resources when a
user requests access to those resources. But I'm 99% certain that the
smbpasswd file is still necessary on your Samba server if you are using
encrypted passwords (which most people do.)
> So, as far as I can see the smbpasswd file just sits there to provide a
> mechanism of mapping SMB user account into regular UNIX ones, which could be
> fixed by means of 'users map' or 'valid users' directives.
Do you mean 'username map'? 'username map' will map client login
accounts to unix accounts. If you do not use smbpasswd (which also
means you are not using encrypted passwords), Samba will attempt to
authenticate the client login against the unix accounts, and may need
help to do so if they don't match precisely.
And 'valid users' simply restricts access to the users listed.
Otherwise, all users would be granted access.
I don't know that these replace smbpasswd. I don't think I'd classify
the smbpasswd file as a mapping mechanism to unix accounts. They seem
to be two different animals, although they can be synchronized.
>
> Well, here comes the question, is it correct what I´ve just written??? I
> would like to be 100% sure, because reading the documentation has confused
> me a bit more about this issue (I´m not complaining, honest).
Hope I didn't add to the confusion. The best resources I've had for
Samba are "SAMS Teach Yourself Samba in 24 Hours" and O'Reilly's "Using
Samba", and they help considerably.
>
> So if someone could give me a hand on this I´ll be thankful.
>
> Thanks, Gabriel.
More information about the samba-ntdom
mailing list