[Samba] TOSHAG-Passdb.xml translate finished and some typo found
OPC oota
t-oota at dh.jp.nec.com
Wed Sep 9 20:23:33 MDT 2009
Now, TOSHARG-Passdb.xml translate to Japanese finished(3.4.0 base).
And some typo found.
Many people ask why Samba cannot simply use the UNIX password database. Windows requires
passwords that are encrypted in its own format. The UNIX passwords can't be converted to
---- Windows?
UNIX-style encrypted passwords. Because of that, you can't use the standard UNIX user
database, and you have to store the LanMan and NT hashes somewhere else.
<indexterm><primary>challenge/response mechanis</primary></indexterm>
-------- mechanism
<indexterm><primary>clear-text</primary></indexterm>
<indexterm><primary>encrypted</primary></indexterm>
<indexterm><primary>negotiate</primary></indexterm>
All current releases of Microsoft SMB/CIFS clients support authentication via the
Some people are confused when reference is made to <literal>smbpasswd</literal> because the
name refers to a storage mechanism for SambaSAMAccount information, but it is also the name
of a utility tool. That tool is destined to eventually be replaced by new functionality that
is being added to the <command>net</command> toolset (see <link linkend="NetCommand">the Net
Command</link>.
- forgot )
The <command>smbpasswd</command> utility is similar to the <command>passwd</command>
and <command>yppasswd</command> programs. It maintains the two 32 byte password
fields in the passdb backend. This utility operates independently of the actual
account and password storage methods used (as specified by the <parameter>passdb
backend</parameter> in the &smb.conf; file.
- forgot )
The POSIX and sambaSamAccount components of computer (machine) accounts are both used by Samba.
Thus, machine accounts are treated inside Samba in the same way that Windows NT4/200X treats
them. A user account and a machine account are indistinquishable from each other, except that
----------------- indistinguishable
the machine account ends in a $ character, as do trust accounts.
Domain global policy controls available in Windows NT4 compared with Samba
is shown in <link linkend="policycontrols">NT4 Domain v's Samba Policy Controls</link>.
--vs ?
<itemizedlist>
<listitem><para>Login ID.</para></listitem>
<listitem><para>UNIX UID.</para></listitem>
<listitem>
<para>Microsoft LanManager password hash (password converted
to upper-case thenhashed.</para>
_ need )
</listitem>
The first problem is that all lookups must be performed sequentially. Given that
there are approximately two lookups per domain logon (one during intial logon validation
------ initial
and one for a session connection setup, such as when mapping a network drive or printer
), this
is a performance bottleneck for large sites. What is needed is an indexed approach
such as that used in databases.
<para><quote>I've installed Samba, but now I can't log on with
my UNIX account! </quote></para>
<para>Make sure your user has been added to the current Samba
<smbconfoption name="passdb backend"/>.
Read the <link linkend="acctmgmttools">Account Management Tools,</link> for
unnecessary thing -
details.</para>
--
--- Oota Toshiya --- t-oota at dh.jp.nec.com
NEC Computers Software Operations Unit Shiba,Minato,Tokyo
Open Source Software Platform Development Division Japan,Earth,Solar system
(samba-jp/ldap-jp Staff,mutt-j/samba-jp postmaster)
More information about the samba
mailing list