[Samba] users/passwds

Frank Matthieß Frank.Matthiess at Microdata-POS.de
Fri Sep 20 07:37:00 GMT 2002


Donnerstag den 19.09.2002 um 18:16 CEST  +0200, schrieb P. Jourdan:
> At 04:40 PM 9/19/2002 +0200, you wrote:
> >> How is the Windows username/passord related to samba access? Must the 
> >same
> >> username/password be created with smbpasswd?
> >
> >You have to make sure that you create unix user and groups, that should
> >be used by samba/windows client.
> 
> Right. But before installing samba there are already users and groups on 
> the machine. Does one need to create new users/groups for samba? Which ones?

samba and the windows access based on the unix permissions. You can use your
already avalilable users/groups. 

> 
> 
> >For the first time it's easier to generate from your actual passwd the
> >corresponding smbpasswd:
> >
> >cat  /etc/passwd  |  /usr/sbin/mksmbpasswd  > /etc/samba/smbpasswd
> 
> on my machine (FreeBSD 4.6.2) there is no "mksmbpasswd" , at least, I could 
> not find it.

if you are a little bit familar with shellscripting, you are able to generate
from your /etc/passwd a valid smbpasswd.

[start]
#!/bin/bash
cat /etc/passwd | while read UNAME PW UID GID GECOS HOME SHELL; 
	do 
		# if not root account 
		[ $UID -ne 0 ] && smbpasswd $UNAME $UNAME
	done;
[stop]

This should generate all users from passwd with the password=username.
This is not testet yet.

But - wait. mksmbpasswd should also be a shellscript. Found and attached.
mksmbpasswd set _no_ password.

> 
> 
> >> What users/groups need to exist or be created on the Unix machine? Are 
> >any
> >> created automatically by samba installation?
> >
> >samba itself runs as root, but switch to the assigned windows/unix user,
> >to make sure to access with the correct rights.
> 
> Who is the "assigned windows/unix user"?


man smb.conf: 

       guest account (S)
              This is a username which will be used for access to
              services  which  are  specified  as   guest ok (see
              below). Whatever privileges this user has  will  be
              available  to  any  client  connecting to the guest
              service.  Typically this user  will  exist  in  the
              password file, but will not have a valid login. The
              user account "ftp" is often a good choice for  this
              parameter.  If  a  username is specified in a given
              service, the specified username overrides this one.

              One some systems the default guest account "nobody"
              may not be able to print. Use  another  account  in
              this case. You should test this by trying to log in
              as your guest user (perhaps by using the su -  com­
              mand)  and  trying  to print using the system print
              command such as lpr(1) or  lp(1).

              Default:  specified  at   compile   time,   usually
              "nobody"

              Example: guest account = ftp

       guest ok (S)
              If  this  parameter  is  yes for a service, then no
              password is required to  connect  to  the  service.
              Privileges will be those of the  guest account.

              See  the section below on  security for more infor­
              mation about this option.

              Default: guest ok = no


> 
> >> What users/groups need to be set up for "guest" access?
> >
> >It's up to you, which unix user would be the "guest". But hopefully not
> >"root".
> 
> How do I determine or set up the guest?
> 
> 
> >> What is the difference between smb.conf entries "public = yes (or no)" 
> >and
> >> "guest ok = yes (or no)"?


       public (S)
              Synonym for guest ok.



> >
> >man smb.conf
> >
> >and last but not least:
> >
> >http://www.samba.org/samba/docs/Samba-HOWTO-Collection.html
> 
> I've been through all that... tedious & confusing - I could not find clear 
> answers.

You a fighting on two areas. It isn't really easy. 
In the beginning with samba, i read the while man smb.conf, to get an idea of
the conf posibilities.

After that, i prefer to "decode" the actual smb.conf with the testparm tool. 
testparm check the smb.conf as smbd should do, and much more important at this
stage, it print out the _whole_ config. Also the default and buildin vars.


Frank.

PS: One note: Please let all samba listmember participate from this
              thread, so i forward that to the list.
-- 
Frank Matthieß                                          fm at Microdata-pos.de
Am Wellbach 4                                        Tel +49 521 97 22 6 0
D 33609 Bielefeld                                    Fax +49 521 97 22 6 30

-------------- next part --------------
#!/usr/bin/awk -f
BEGIN {FS=":"
	printf("#\n# SMB password file.\n#\n")
	}
{ printf( "%s:%s:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U          ]:LCT-00000000:%s\n", $1, $3, $5) }


More information about the samba mailing list