[Samba] Unnecessary smbpasswd

Ric Tibbetts rtibbetts at lanl.gov
Thu Sep 29 20:07:57 GMT 2005


At 12:43 PM 9/29/2005, Jeremy Allison wrote:
>On Thu, Sep 29, 2005 at 12:30:35PM -0600, Ric Tibbetts wrote:
>
> > If I understand the process correctly:
> >
> > User on Windows XP box makes a request to the Samba server.
> > The windows box passes the username/password pair to the Samba server.
> > The Samba server checks that the user exists on the unix box, and
> > (following the "password server = xxx.xxx.xxx.xxx" parameter in
> > smb.conf) verifies the username/password from the Windows Domain
> > Controller (specified in the "password server = " parameter).
> > If the username/password do not exist on the specified password
> > server, samba checks the smbpasswd file.
> > Once the username/password is validated, the samba server will pass the
> > share.
> >
> > Is the above a fair breakdown, in a very simple implementation?
>
>Close. The Samba server sends a challenge to the client on initial
>connect, the client replies on sessionsetup (user logon) with a
>username and a cryptographic reply to the challenge based on
>the users hashed password.
>
>Now Samba has to authenticate that reply somehow. It can't use
>unix passwords as the hashes aren't the same. To do it locally
>it can use smbpassword (or a local tdb or an ldap based SAM). To
>do this remotely against a Windows DC the Samba server have to
>be set up as a member of the domain served by the Windows PDC.
>That's where the net XXX (ads or rpc) join comes in.
>
>Once the authentication passes the the Samba server needs to
>look up a UNIX user that will represent the logging in client
>on this box - that's where you have either local unix users
>in /etc/passwd or use winbindd to have remote domain users
>appear as local unix users.
>
>Hope this helps,
>
>Jeremy.


Yes, that confirmation helps greatly. I know where the breakdown is now.
Resolving it is another issue, but at least I know where to look.

The problem seems to be that the Windows ADS isn't answering, thus 
I'm getting the unknown user errors when I take out the smbpasswd.
I did the net rpc join, and it did join the domain. So now i need to 
figure out why it isn't resolving the users/passwords.
I may be back with more questions, but they'll be getting more specific now.

Thank you! (seriously).

-Ric









More information about the samba mailing list