[Samba] password authentification

BeefStu BeefStu beefstu350 at hotmail.com
Mon Jun 8 13:24:55 GMT 2009



Thanks, but I have a few more questions. I took a working example of a smb.conf from another machine and placed this into my smb.cnf (see below in red). This is the only thing I did on the UNIX end.


To use AD for password verification, I will follow your directions below, 

but is there anything else I need to do on the UNIX end?


What I am trying to say, is how will samba get the password now if there is no password file. I know it will get it from AD, but can you take me through step by step as to what happens. 


Lets assume I want to map a drive. By doing a join does samba actually go into AD with my login (it must be cached some how right) and look up my password?


Current working version

        workgroup = hshhp
        server string = Samba
        smb passwd file = /var/samba/private/smbpasswd
        log file = /usr/local/samba/var/log.%m
        mangle case = Yes


New version

        workgroup = hshhp
        security = DOMAIN
        auth methods = ntdomain
        password server = ttndc3
        max xmit = 65535
        socket options = TCP_NODELAY IPTOS_LOWDELAY
        ldap ssl = no
        oplocks = No

For example, I see things like this (see below) do I need all this?


The smbpasswd File 
For security reasons we will place the smbpasswd file in a private directory using the following commands: cd /etc/samba
mkdir private
cd private
touch smbpasswd
chmod 600 smbpasswd
cd ..
chmod 500 private

Now we will add a dummy entry to the smbpasswd file. To do this, first create a user account for yourself on the Linux server [unless one already exists], then execute the following commands: cd /etc/samba/private
cat /etc/passwd | mksmbpasswd.sh  > smbpasswdSetting up winbind?  


From: samba at nedharvey.com
To: beefstu350 at hotmail.com; samba at lists.samba.org
Date: Sat, 6 Jun 2009 07:03:54 -0400
Subject: RE: [Samba] password authentification

> I am trying to setup samba so that it uses the password from my AD
> instead of having a password file in SAMBA.
> Can somebody tell me what I have to do on the windows 2003 side to make
> this work. I am guessing I have to setup a samaba acct in AD but not to
> sure. Can somebody please verify and maybe send me a screen print.
There are a million and one ways to do what you're trying to do.  The simplest way that I know of - you don't need to do anything on the Windows side.  You join the domain with the samba server, and that will create a computer account in AD for you, just as if you were joining AD with some windows laptop.  Here's how I do that on my systems:
I don't mess with the smb.conf file.  I admin the whole thing via SWAT, as follows:
1.  Enable SWAT.  Browse to http://localhost:901  (note: by default in the xinetd.d config, this interface is only enabled for localhost; by default you can’t browse to this web interface across the network; you must use localhost or change the xinetd.d config)
2.  Go to Wizard.
a.  Server type:  Domain member
b.  Commit
3.  Edit Parameter Values
a.  Workgroup:  MYDOMAIN
b.  Realm:      MYDOMAIN.COM     (all caps)
c.  Commit changes
4.  Go to the command prompt.
net join –w MYDOMAIN –U administrator
(It’s normal to get an error, as long as it says “joined” in the end and the computer account was created in AD)
5.  Restart samba
Lauren found her dream laptop. Find the PC that’s right for you.

More information about the samba mailing list