[Samba] converting Linux users & paswords to Samba

[Logan Shaw]

On Mon, 7 Aug 2006, FTuzi wrote:
> I have a Fedora 5  system with about 300 users and 2 printers.  Samba is 
> running on the sole server.  There are also about 2 dozen Windows XP 
> computers in use, but there is no domain and no Active Directory.  All the 
> computers are standalone.  Users desire to use the Samba printers and access 
> their home directories in the Linux system.
>
> I have setup and have Samba running fine.  Using Webmin, I converted all 
> Linux users to Samba users.  BUT the passwords don't convert.

I don't believe there is any way of converting the passwords.
Both Unix and Windows use a one-way hash system.  It's possible
to get the hashed password from the cleartext password, but not
vice versa.  (That's enough for authentication purposes because
it allows you to verify a password, which is all you need.)

Since Unix/Linux and Windows/Samba use different one-way hash
schemes from each other, you will have to create the Windows
hashes[1], and that requires access to the cleartext passwords,
which you don't have available on a Unix/Linux system.

So, you're going to have to have users re-enter their passwords.
One possible solution to this problem is to assign every user a
new password for Samba only and let them know what it is, then
give them a mechanism to change both.

By the way, I would probably go ahead and set up the Linux
machine as a domain controller.  That won't help your passwords
issue, but at some point you may want to have people logon
to Windows machines and they might as well be able to use a
unified set of accounts to do it.  Also, if the users need
to use Samba shares regularly, it's just as easy for them to
logon at the beginning of the session.  That way they only
have to type their password when they logon to the Windows
machine and not every time they access a new share.

   - Logan

[1] There are actually two types: Lan Manager ("LM") and Windows
     NT ("NT").