[Samba] Samba 4 vs UNIX password

Chris Weiss cweiss at gmail.com
Thu Jan 17 14:21:57 MST 2013

On Thu, Jan 17, 2013 at 3:12 PM, Jeremy Allison <jra at samba.org> wrote:
> On Thu, Jan 17, 2013 at 09:09:43PM +0000, Benjamin Huntsman wrote:
>> Ok, now I'm stuck...
>> We have several stand-alone UNIX (AIX) systems that we need to share a few SMB shares from.  None of these are joined to our domain.
>> We want the end-users to be able to map these shares to their Windows systems using the username in the form of AIXSERVER\username, and using the password from their local AIX account on the server.
>> Asking the end-users to understand that they must run smbpasswd after updating their OS password is not realistic.  In the past, we were able to get around that by specifying "security = SHARE" in the smb.conf file.  Now that this is removed, what option do I have to ensure that users can always log in via their UNIX OS password, and don't need to run smbpasswd after running passwd?  Is there such a method?  pam_smbpass.so?
>> Also, what was the last version of Samba that supported "security = share"?
> 3.6.x supports "security = share".
> But by using "security = share" you're not bypassing
> the password sync requirement. I bet you're just ignoring
> the fact they're logging in as guest.
> Chech out the "map to guest" parameter. You can keep
> using that with "security = user" (the default).
> Jeremy.

another option is to rename passwd executable and put a script in
place that runs both smbpasswd and the renamed passwd, keeping the
passwords in sync.

More information about the samba mailing list