FW: encrypt passwords=no, security=yes, samba 2.2.8, W2K user
aut h fails
don_mccall at hp.com
Tue Apr 1 15:44:46 GMT 2003
yeah, not pretty - should be fixed in the code. Just looking for a
workaround that might be less undesireable than security = share!!!! (which
was one of the options he was looking at in a private message to me).
The point really is that we shouldn't even be LOOKING in the smbpasswd file
when we specify encrypt passwords = no. But until we fix that, moving his
users (from whatever user store he is using, nis, etc/passwd, etc) into the
smbpasswd file, will avoid this particular windowsism. And with encrypt
passwords = no, the smbpasswd is NOT being used for authentication, just
verification of user existence for the 'map to guest=bad user' case...
It's very convoluted code... not pretending to understand it all. (grin)
That's why I cc'ed the list on the original problem and a (possibly poor)
code diff change to fix it... Hopefully someone will look at that and say -
well, HEY, that's dumb - lets fix it THIS way...
> -----Original Message-----
> From: David Collier-Brown -- Customer Engineering
> [mailto:David.Collier-Brown at Sun.COM]
> Sent: Tuesday, April 01, 2003 10:34
> To: MCCALL,DON (HP-USA,ex1); 'samba-technical at samba.org'
> Subject: Re: FW: encrypt passwords=no, security=yes, samba 2.2.8, W2K
> user aut h fails
> That's highly undesirable, as it breaks single-signon
> (unless you're an NT-cenric organization, which Sun isn't (:-))
> |Hi Tony,
> |Another workaround would be to populate an smbpasswd file
> with all the names
> |from your /etc/passwd file.
> |But I realize this can be onerous. Samba has a script to
> help with this,
> |since you won't be needing passwords from this smbpasswd
> file, this would do
> |it for you, I think.... if your distribution doesn't
> install this script,
> |can be found in the source at
> |cat /etc/passwd|./mksmbpasswd.sh
> |Hope this helps
More information about the samba-technical