[Samba] Samba and Linux Passwords Backend

John H Terpstra jht at samba.org
Tue Sep 6 17:39:55 GMT 2005

On Tuesday 06 September 2005 11:20, Lonnie Cumberland wrote:
> Hello All,
> I am sure that this has been asked probably a million times on this
> list, but for our particular setup, I need to see if there is a way to
> have Samba authenticate its users based upon the Linux accounts password
> file?

Yes, there is a way. 

That way means that you need to enable the use of plain-text passwords in the 
registry of all Windows clients. The problem with this is that Microsoft have 
NOT maintained plain-text password handling since it was disabled as far back 
as Windows 98 OSR2 and Windows NT4 SP2. As a result plain-text password use 
is completely incompatible with NT4, ADS and Samba domains.

The decision to delpoy plain-text passwords (smb.conf file parameter "encrypt 
passwords = No" means that your Windows network clients can really only be 
workgroup members.

This also has horrible security implications.

> The reason is that we have other applications all working together and
> most of them are also using the Linux password file which make the
> process of maintaining users much easier and from a central point.

That is why we introduced the various password synchronization methods in 
Samba, so that the UNIX password and the smbpasswds can be kept in sync. What 
is wrong with this method? Why does that not suit your needs?

> Any help would be greatly appreciated.


Is this not documented in the Samba3-HOWTO? 

Have you checked the HOWTO before asking on this list?

If you can not find the answer you are looking for in the Samba3-HOWTO I'd 
like to know how you have conducted your search. Perhaps you can provide the 
key that will enable us to improve our documentation so that we can get the 
repeat level of questions and issues on this mailing list down to a more 
manageble level.

I look forward to your feedback.

- John T.

More information about the samba mailing list