[Samba] Samba4 creating users

Rowland Penny rpenny at samba.org
Tue Sep 4 17:55:45 UTC 2018


On Tue, 4 Sep 2018 12:31:57 -0400
David Mehler <dave.mehler at gmail.com> wrote:

> Hello,
> 
> Thanks for your reply. I've included my smb.conf file below. I put a
> few in-laid questions in it with # signs they are not on the server
> just this file. If the file is missing anything let me know.
> 

I have reworked your smb.conf by removing the comments and default
settings:

[global]
   workgroup = example
   wins support = yes
   dns proxy = no
   interfaces = 127.0.0.0/8 br0
   bind interfaces only = yes
   log file = /var/log/samba/log.%m
   max log size = 1000
   server role = standalone server
   obey pam restrictions = yes
   unix password sync = yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
   security = user

# Does enabling obey pam restrictions invalidate unix password sync,
passwd program, and passwd chat?

No, but then again it doesn't actually do anything, because there is the
default setting 'encrypt passwords = yes' If you read 'man smb.conf'
under 'obey pam restrictions' you will find this:

    Note that Samba always ignores PAM for authentication in the case of
    encrypt passwords = yes. The reason is that PAM modules cannot support the
    challenge/response authentication mechanism needed in the presence
    of SMB password encryption.

So, there isn't much point in setting it ;-)

I think your problem may be NTLMv1, this was turned of at 4.5.0, but
your other machines may be trying to use it, there is an easy check for
this, add 'ntlm auth = yes' to your smb.conf and restart samba, if this
fixes your problem then you need to stop your other machines using
NTLMv1
If it doesn't then it could be the use of the bridge ?

Rowland



More information about the samba mailing list