Samba, 20.000 users and concurrent logons: part 2

Wed Apr 26 17:09:17 GMT 2000

***
*** HTML mail not accepted here.
*** multipart/alternative strongly discouraged.
***

[werner maes]
> I suppose it's in the Samba-code that it will look in /etc/passwd
> first when you have set security = server. Can anyone confirm this?
> So even if you tell Linux to use the database files, Samba won't
> necessarily do so.

Samba uses the standard C library functions getpwnam(), getpwuid(),
etc, which on Linux should honor nsswitch.conf.

You might try a short test:

  #include <sys/types.h>
  #include <pwd.h>
  int main(int argc, char *argv[])
  {
    struct pwd *p = getpwnam(argv[1]);
    if(p) {
      printf("user    : %s\n"
             "passwd  : %s\n"
             "uid     : %ld\n"
             "gid     : %ld\n"
             "comment : %s\n"
             "homedir : %s\n"
             "shell   : %s\n",
        p->pw_name, p->pw_passwd, (long)p->pw_uid, (long)p->pw_gid,
        p->pw_gecos, p->pw_home, p->pw_shell);
      return 0;
    } else {
      printf("`%s': user not found\n");
      return 1;
    }
  }

Completely untested at this end.  But something like this should allow
you to determine whether getpwnam() is using nsswitch or not.  It will
also tell you whether shadow passwords are in effect (if a non-root
user can retrieve the "passwd" field, they aren't).

> If you have set security = server, for what processes exactly is
> /etc/passwd used?  I know that you NEED to have a account on the
> Samba server. This is because the Unix operating system needs a
> username to perform various I/O operations.

Well, technically Unix needs a numeric userid (not a username) to
perform these operations; getpwnam() translates between name and
numeric ID.  I assume you knew this and that this is what you meant.

Unix user permissions also depend on what groups the user is a member
of, so /etc/group is also consulted (via getgrent() or whatever, of
course).

Finally, the [homes] share, if you use that, depends on knowing a
user's home directory.

> * When I deleted the entry 'smbpasswd file = /etc/smbpasswd'  (which I
>   don't need since I have encrypt passwords = no) and tried to
>   restart the daemons, I got the following error (on the server with
>   the shares, server2):
> 
>   [2000/04/20 13:04:11, 0] passdb/passdb.c:pdb_generate_sam_sid(843)
>   can't create private directory  : No such file or directory
>   [2000/04/20 13:04:11, 0] smbd/server.c:main(658)
>    ERROR: Samba cannot create a SAM SID.

Probably it is trying to create /etc/samba/private or
/usr/local/samba/private or something.  Consult Red Hat documentation
or run `strings /usr/sbin/smbd' (or wherever), to determine the default
location for private files.

> * When a user succesfully logged on, I got these strange errors on the
> authentication server..
> 
> [2000/04/25 09:28:48, 0] smbd/password.c:password_ok(551)
>   Error: challenge not done for user=u19331

Dunno.