Using system users/passwords to authenticate

David Rankin drankin at cox-internet.com
Sat Mar 10 04:45:17 GMT 2001


Jeff -- it all will work as you suspect.

First I, and anyone else that may want to help, need to know what you
are trying to connect to what. What operating systems are involved. This
is crucial. This will determine your password issues. Win95 rel. 1 sends
plain text passwords, Win95 OSR2 and later send encrypted passwords. MS
has patches to allow Win95 rel. 1 to send encrypted passwords and there
are registry entries that can be set if your want Win95 OSR2, Win98 and
WinME to send clear passwords. (forget the shadow password issue for
now)

Why does this matter?

Well the smb.conf option "encrypted passwords = yes/no" is pretty
important. If you are sending plain/clear passwords, then your users
simply need user accounts on the Linux box, i.e. adduser and password.
If you are using encrypted passwords each user must have a Linux user
account as stated, and in addition, each user must have an entry in the
smbpasswd file. In other words, after you add the user to the system
with adduser, if you are using encrypted passwords, you then must create
an encrypted password for each user with "smbpasswd -a whoever"

I hope this helps.  See the Using Samba html doc that comes with the
2.07 samba distribution, it should answer all of your questions

Jeff Vincent wrote:

>  Hey all, I am somewhat new to Samba, but the documentation that came
> with the Samba 2.0 hints that authenticating Samba users using the
> system user/password files is possible.  The following is a quote from
> the smb.conf web page as viewed using the SWAT configuration server:
> "Step 1: If the client has passed a username/password pair and that
> username/password pair is validated by the UNIX system's password
> programs then the connection is made as that username. Note that this
> includes the \\server\service%username method of passing a
> username." However, I am unable to get it to use the system user
> name.  I've tried setting the security to user and server, encrypted
> and unencrypted passwords, etc, but to no avail.  Has someone done
> this and if so, would you be so kind as to detail what you did? It
> doesn't seem prudent to allow user-level access and yet maintain two
> different sets of users/passwords since I am attempting to allow users
> to map network drives to the systems and expect them to have access to
> any files/directories that they currently have access
> to. Additionally, other documentation seems to suggest that
> non-encrypted passwords work with the system level users/passwords,
> but the passwords the system uses are encrypted also, at least in the
> /etc/shadow file, they are mangled and not human readable.  I'm into
> new territory here. Thanks for any info, Jeff





More information about the samba mailing list