[Samba] Can someone explain SMB passwords?

Paul D. DeRocco pderocco at ix.netcom.com
Sun Jul 21 12:41:17 MDT 2013

> From: Volker Lendecke [mailto:Volker.Lendecke at SerNet.DE] 
> On Sun, Jul 21, 2013 at 01:34:23AM -0700, Paul D. DeRocco wrote:
> > You completely misunderstood my question. I'm asking 
> something much simpler
> > and more basic than all that. What's an SMB password for, 
> and how does it
> > relate to a Unix password?
> With the Samba password stored on the server a client can
> convince the Samba server about it's identity. That's called
> authentication. The Samba password has no relationship at
> all to the unix password, it is a completely separate thing.
> > Here's the situation. I have a directory on a machine, and 
> the files in it
> > are created by a service which runs as root, so the files 
> are owned by root
> > and only locally accessible to root. I need to make this directory
> You could set up a normal Samba server, and for this
> particular share use "force user = root". Be aware this
> option is pretty dangerous, but it is made for that
> situation.

(This is an embedded box, so, short of taking a screwdriver and opening the
unit, there is no other access besides this share.)

Thanks for taking the time to try to explain this. The fog is starting to
lift a little.

I assume "force user = root" means "ignore the username provided by the
client, and pretend all clients are username root instead". So what password
does the client need to provide? The root Unix password, or some password
entered into the SMB password database by the smbpasswd command? Does Samba
use an SMB password if it finds an appropriate username in its own database,
and fall back to using the Unix password if it doesn't find the username in
its own database? If so, is the purpose of the SMB password to provide an
alternate namespace, so that one can use a different password (and perhaps
username) than has no analog among local user accounts?

For instance, if my root account has the password "blahblah", can I invent
an arbitrary username like "foobar" that doesn't correspond to any local
Unix user account, put that into the SMB password database with the password
"yadayada", and then put "force user = foobar" in smb.conf? Will all
external clients then be able to log in with any username and "yadayada", so
I don't need to reveal "blahblah" to anyone? Or will Samba be unable (or
unwilling) to access the files owned by root without somehow being given the
"blahblah" password?


Ciao,               Paul D. DeRocco
Paul                mailto:pderocco at ix.netcom.com 
> Volker
> -- 
> SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
> phone: +49-551-370000-0, fax: +49-551-370000-9
> AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
> http://www.sernet.de, mailto:kontakt at sernet.de

More information about the samba mailing list