[Samba] Clarifying different password systems
John H Terpstra
jht at samba.org
Fri Oct 14 06:49:13 GMT 2005
On Thursday 13 October 2005 12:36, Ross Boylan wrote:
> I'm running samba 3.0.14a-6 on Debian GNU/Linux 2.4. I believe that I
> should be using pdbedit to add or modify users and their passwords,
> but I want to double-check that. I'd also like to suggest the
> documentation could be clearer.
Please direct me to the specific sections of the documentation that you
referred to to help me to understand where I have messed up. Humble apologies
if I have written bad documentation. Please help me to find my errors so I
can fix them.
> I had earlier versions installed, and the upgraded seems to have
> migrated me to the new password scheme. smb.conf has "passdb backend =
> tdbsam guest"; there is no smbpasswd file in the location designated
> in smb.conf or anywhere else according to locate; and there are
> various tdb files.
> First uncertainty: is the smbpasswd program a general front end, like
> pdbedit, or does it only work with the smbpasswd back end and file?
> The man page and other documentation (e.g., 10.3 of the How To) seem
> to provide evidence for both interpretations.
The smbpasswd program uses the first argument (reading from left to right)
that has been specified to the passdb backend parameter in the smb.conf file.
> Second uncertainty: the smb.conf man page, in the section "Note About
> Username/Password Validation" discusses authentication mechanisms. It
> doesn't look to me as if the samba backend figure in this discussion.
> The first item refers to "the UNIX system's password programs"; to me
> this means this means the usual Unix mechanisms for password
> verification and not SAMBA's special facilities. However, those may
> be programs, and they are on a UNIX system, so maybe that is
> intended. This is the only password matching mechanism discussed
> explicitly in the whole section. This section contains no hint of the
> issues with encrypted vs clear-text passwords.
> The simple fact that one needs to set up users and passwords, at least
> in some configurations (namely, the recommended ones for NT clients),
> was not something that was obvious to me from the man pages, the How
> To, and the cookbook. It was so unobvious that I began to doubt it
> was necessary, even though I had done it a few years ago (and since
> kind of forgotten).
> To summarize the question and the comment:
> Given "passdb backend = tdbsam guest", " encrypt passwords = true",
> and NT clients, does the smbpasswd command work on my system?
Yes. If you execute "smbpasswd -a 'username'" it will add the SambaSAM account
enttry to the tdbsam backend. This data will be written to the passdb.tdb
file in the /etc/samba directory (Linux).
> Comment: the documentation on the use and setup of passwords was
> obscure to me. A few strategically placed sentences could help a lot
> to clarify things
Once you figure this out please email me your corrections/clarifications to
the documentation. When will you contribute this vital information?
- John T.
More information about the samba