[SAMBA] how to make smbpasswd use or import system passwords?

Kyle Schmitt kyleaschmitt at gmail.com
Wed Feb 27 14:35:41 GMT 2008

Seriously, eww.  First off, your system isn't too small to take
advantage of ldap.  Not by a long shot.  Just for ease of use &
administration I've setup ldap+samba on my home network, where the
only user accounts are me, my wife and a few family members.
It's really not that hard.

Now, lets assume you don't want to use ldap & set all that up.  Fine.
You can use straight samba to keep those in sync, using the unix
password sync option.  To do that, you add something like this to your

unix password sync = yes
passwd program = /bin/passwd %u

The upside of this is that changing their samba password will change
their unix password.  The downside, is that to keep things in sync,
they can't use passwd to change their unix password anymore, they'll
need to use smbpasswd.
Not a big deal really.

Now, lets say you did that, and now are having issues with one user
writing to a share, and the next user not being able to read what they
wrote (I'm just going to guess you'll run into this problem based on
what you've said so far).
Lets say you defined a share named APPS, and you have a unix group
APPS, to which these users belong.
In your share definition you need to make sure the create mask & the
directory mask allow reading/writing/executing by that group, and you
need to use the "force group" parameter.  So the whole share
definition would look something like this (after you set this up, you
may have to chown -R root:APPS that directory).
comment = Applications
path = /var/samba/shares/APPS
valid users = @APPS @admin
public = no
writable = yes
create mask = 0770
directory mask = 2770
force group = APPS

Hope all that helps.

On Wed, Feb 27, 2008 at 6:52 AM, Maginot Junior
<maginot.junior at gmail.com> wrote:
> Well .... this isnt possible, because all my share are sector specific
>  with group restriction ... So ... what I came across is to use mysql
>  (ldap is to big to my network with less them 100 users) to sync all
>  passwords, Im going to make a db with mysql and inside create a simple
>  "login, passwd, full name, homedir" table and populate it with the
>  same postfix password that users uses to access email and make through
>  pam it work with my ltsp server, email and hopefully with samba too,

More information about the samba mailing list