[Samba] Samba 3 use of /etc/passwd /etc/shadow

Mark S. Davis mark at renmarksystems.com
Wed May 5 15:16:48 GMT 2004 

We've been running Samba2.2.x and relying on the underlying Solaris user
authentication (/etc/passwd /etc/shadow). For historical reasons, we've
allowed plaintext passwords.

Now as we've upgraded to Samba 3.0.3. we would like to continue this method
of authentication (at least until we can implement ldap). The docs are
sketchy at best (you can use plaintext authentication, etc.), but no
smb.conf information on how to continue doing so in 3.0.3. We're attempting
to run with our 2.2.8a smb.conf  (see below) and the following log info is
produced.

Any guidance you can provide would be appreciated.
Mark


[2004/05/05 09:25:38, 3] auth/auth.c:check_ntlm_password(219)
check_ntlm_password: Checking password for unmapped user
[MARKSNOTEBOOK]\[t0rmsmsd]@[MARKSNOTEBOOK] with the new password interface
[2004/05/05 09:25:38, 3] auth/auth.c:check_ntlm_password(222)
check_ntlm_password: mapped user is: [RMF22]\[t0rmsmsd]@[MARKSNOTEBOOK]
[2004/05/05 09:25:38, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2004/05/05 09:25:38, 3] smbd/uid.c:push_conn_ctx(351)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2004/05/05 09:25:38, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/05/05 09:25:38, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/05/05 09:25:38, 3] auth/auth_sam.c:check_sam_security(202)
check_sam_security: Couldn't find user 't0rmsmsd' in passdb file.
[2004/05/05 09:25:38, 2] auth/auth.c:check_ntlm_password(312)
check_ntlm_password: Authentication for user [t0rmsmsd] -> [t0rmsmsd] FAILED
with error NT_STATUS_NO_SUCH_USER

---------------
smb.conf
---------------
[global]
; necessary to duplicate share methods in pre 2.0 samba
; this is vs. user level security
security = user
workgroup = lab
server string = V480 Solaris running Samba
log file = /usr/local/samba/var/log.%m
log level = 3
max log size = 50

; To support WINS / browsing across network
; Make this a WINS server
wins support = yes
; Make this a domain master browser
domain master = yes
; Make this a local master browser
local master = yes
; Make this a preferred master browser
preferred master = yes
; a bit of harmless voter fraud
os level = 65
; allow usernames to be mapped (ex. t0rmsmbhf -> brendaf)
username map = /usr/local/samba/lib/users.map
; suggested fix to allow win 2000 to participate
;nt smb support = no
;nt pipe support = no

[pcserve]
   path = /home/pcserve
   read only = no

[homes]
   writable = true
   browseable = no

[ljp]
   printing = bsd
   path = /var/spool/samba/ljp
   writable = no
   printable = yes
   print command = /usr/ucb/lpr -P %p %s
   lprm command = /usr/ucb/lprm -P %p %j
   lpq command = /usr/ucb/lpq -P %p

[rmf587]
   printing = bsd
   path = /var/spool/samba/rmf587
   writable = no
   printable = yes
   print command = /usr/ucb/lpr -P %p %s
   lprm command = /usr/ucb/lprm -P %p %j
   lpq command = /usr/ucb/lpq -P %p

More information about the samba mailing list