[Samba] mksmbpasswd.sh and passwd sync problems...

Buchan Milne bgmilne at cae.co.za
Mon Jan 6 15:26:00 GMT 2003 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Message: 22
> Date: Sun,  5 Jan 2003 08:21:49 -0800
> From: "Bob" <Bob at yellowbugcomputers.com>
> Reply-To: <Bob at yellowbugcomputers.com>
> To: <samba at lists.samba.org>
> Subject: [Samba] mksmbpasswd.sh and passwd sync problems...
>
> Hello Everyone!
>
> I've spent quite a bit trying to get these shares to work just right.
> I'll  past the output of my smb.conf at the end of this message. If
> anyone has any advice on this, that would be great.
>

> My first problem is that I'm trying to sync up my /etc/passwd with the
> /etc/samba/smbpasswd file. (I'm using Mandrake 9.0 and Samba
> 2.2.6-1.0.pre2.2.mdk.

There have been security updates to 2.2.7, but you may want to wait a
bit for 2.2.7a ...

> Mandrake puts the smbpasswd file in the
> /etc/samba directory. When I do this command
>
> cat /etc/passwd | mksmbpasswd.sh > /etc/samba/smbpasswd
>
> It does create a smbpasswd file. However, then None of the users can
> log in to the shares. I can log into the win98 client, and then see
> the user's home directory, the care directory, and the public
> directory but can't log in to them.

This command only makes an empty smbpassd file, which really serves no
purpose, you may as well just do:

# smbpasswd -a <user>
for each user

Why? The linux and windows password hashes are incompatible, the only
way to derive one from the other is to brute-force them. This is the
whole reason for the smbpasswd file.

>
> I've also tried to create the smbpasswd file with webmin, but that
> doesn't seem to work either, it gives me three options:
> For newly created users, set the password to 1. no password, 2.
> account locked, 3. use this password
>
> What if I want the same password as the linux password? argh!

You could use something like pam_smbpass so that if the linux password
is changed, that the samba password is also changed. Or, set it to a
known value and let the users change the samba password from windows. Or
authenticate all other linux services via pam_smb or pam_winbind ....

>
> The only way I can log into the shares is to actually create an
> individual password using smbpasswd -a username.
>
> What am I missing? I know I have successfully done this in the past?

You might want to tell us how ... unless it was using clear-text
passwords and hacking the registry on all the clients, and not being
able to do domain logons at all.

>
>
> When I do create the password with smbpasswd, I can log in

Log in how. Please be clear. Was this into windows? Which version?

, see the
> shares, and actually log in

Again, log in where?

>, but Ihave to enter in the password again
> to access the shares. Should I have to log in twice?

No, you shouldn't be prompted for a password on connecting to a samba
server using encrypted passwords if the username and password on the
client (what the user logged into windows with) match that of the server

>
> Sorry for the double questions, Any advice would be very much
appreciated.
>
> Thanks,
>
> Bob
>
> # Global parameters
> [global]
>         workgroup = PARADISE
>         netbios name = SERVER
>         server string = Linux Server %v
>         interfaces = 127.0.0.1, 192.168.0.254
>         hosts allow = 192.168.0.
>         security = SHARE
          ^^^^^^^^^^^^^^^^

You really should use 'security=user' here IMHO.

>         encrypt passwords = Yes
>         passwd program = /usr/bin/passwd %u
>         passwd chat = *New*UNIX*password* %n\n
*ReType*new*UNIX*password* %n\n
>         unix password sync = Yes
>         log file = /var/log/samba/log.%m
>         max log size = 50
>         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>         printcap name = lpstat
>         dns proxy = No
>         printing = cups
>         wins support = yes
>         os level = 65
>         local master = yes
>         domain master = yes
>         preferred master = yes
>
> [homes]
>         comment = Home Directory
>         read only = No
>         browseable = No
>
> [printers]
>         comment = All Printers
>         path = /var/spool/samba
>         create mask = 0700
>         guest ok = Yes
>         printable = Yes
>         print command = lpr-cups -P %p %s
>         # using cups own drivers (use generic PostScript on clients).
>         lpq command = lpstat -o %p
>         lprm command = cancel %p-%j
>         browseable = No
>
> [public]
>         comment = Public Directory
>         path = /home/samba/public
>         write list = @staff
>         guest ok = No
>         read only = No
>
> [care]
>         comment = Careware Data
>         path = /home/samba/careware
>         valid users = sara, jim, bob
>         read only = No
>         browseable = Yes




- --
|--------------Another happy Mandrake Club member--------------|
Buchan Milne                Mechanical Engineer, Network Manager
Cellphone * Work            +27 82 472 2231 * +27 21 8828820x121
Stellenbosch Automotive Engineering         http://www.cae.co.za
GPG Key                   http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE+GaEhrJK6UGDSBKcRAunTAJ9TvTfe9961Sl/qERIZnZ8hGw+NWACgv6SQ
LexfbQUKJ+89Bcc2ibZm9bc=
=J3gY
-----END PGP SIGNATURE-----

More information about the samba mailing list