Using system users/passwords to authenticate

[Jeff Vincent]

I am doing this using Samba on a Solaris 8 box from Win2000 sp1/NT4.0 sp6a workstations.

I don't understand why it isn't possible to use the Unix user/password database (/etc/passwd or /etc/shadow) instead of required another password file.  

I don't know what windows does, but I assume that it sends over the password in some form (encrypted) that the samba server then uses.  I am also assuming that the encryption method is different between Samba/windows and the Unix passwords.  Does Samba do any decrypting when verifying the password?  If so, then why does it not just run the decrypted password through the unix encryption algorithm to validate the password using the standard Unix accounts?

This is probably not how it is done, I don't know.  My point being, isn't there an easier way to handle Samba authentication directly to the Unix box without requiring both a unix user/password and a samba user/password?


>>> David Rankin <drankin at cox-internet.com> 03/09/01 09:45PM >>>
Jeff -- it all will work as you suspect.

First I, and anyone else that may want to help, need to know what you
are trying to connect to what. What operating systems are involved. This
is crucial. This will determine your password issues. Win95 rel. 1 sends
plain text passwords, Win95 OSR2 and later send encrypted passwords. MS
has patches to allow Win95 rel. 1 to send encrypted passwords and there
are registry entries that can be set if your want Win95 OSR2, Win98 and
WinME to send clear passwords. (forget the shadow password issue for
now)

Why does this matter?

Well the smb.conf option "encrypted passwords = yes/no" is pretty
important. If you are sending plain/clear passwords, then your users
simply need user accounts on the Linux box, i.e. adduser and password.
If you are using encrypted passwords each user must have a Linux user
account as stated, and in addition, each user must have an entry in the
smbpasswd file. In other words, after you add the user to the system
with adduser, if you are using encrypted passwords, you then must create
an encrypted password for each user with "smbpasswd -a whoever"

I hope this helps.  See the Using Samba html doc that comes with the
2.07 samba distribution, it should answer all of your questions

Jeff Vincent wrote:

>  Hey all, I am somewhat new to Samba, but the documentation that came
> with the Samba 2.0 hints that authenticating Samba users using the
> system user/password files is possible.  The following is a quote from
> the smb.conf web page as viewed using the SWAT configuration server:
> "Step 1: If the client has passed a username/password pair and that
> username/password pair is validated by the UNIX system's password
> programs then the connection is made as that username. Note that this
> includes the \\server\service%username method of passing a
> username." However, I am unable to get it to use the system user
> name.  I've tried setting the security to user and server, encrypted
> and unencrypted passwords, etc, but to no avail.  Has someone done
> this and if so, would you be so kind as to detail what you did? It
> doesn't seem prudent to allow user-level access and yet maintain two
> different sets of users/passwords since I am attempting to allow users
> to map network drives to the systems and expect them to have access to
> any files/directories that they currently have access
> to. Additionally, other documentation seems to suggest that
> non-encrypted passwords work with the system level users/passwords,
> but the passwords the system uses are encrypted also, at least in the
> /etc/shadow file, they are mangled and not human readable.  I'm into
> new territory here. Thanks for any info, Jeff
-------------- next part --------------
HTML attachment scrubbed and removed