Samba and Windows passwords

the_imax · 03-02-2008, 03:12 PM

I was reading a samba tutorial and it said

Quote:

we know that Linux users already have an encrypted password in /etc/shadow on the Linux server. So Samba should just be able to compare the proffered Windows encrypted password with the string in /etc/shadow and authenticate a Windows user, right? Unfortunately, that is not the case. Windows and Linux use different password encryption algorithms, so although the password might be the same for a Linux user and a Windows user, the encrypted string will not be. This means that if your Samba server is using user-level access to share resources with Windows systems running Windows 95OSR2 or later, you must maintain a list of Windows users and their encrypted Windows passwords on your Linux server, in addition to the list of users you already have in /etc/shadow. Because this has been a default of Microsoft Windows for so long, encrypt passwords = yes is the default in the smb.conf file. The smb passwd file variable defines where this list of Windows users and their passwords resides, and it defaults to /etc/samba/smbpasswd.

DO I really need a list of windows users on my samba server?

I can just connect to the samba sever from windows using any samba user created by smbpassd -a.

I can login to samba sever using samba user xyz even if I am logged in on Winodws as user abc ?

Can someone kinldy explain it a bit

Thanks

ranger_nemo · 03-02-2008, 03:28 PM

> I can just connect to the samba sever from windows
> using any samba user created by smbpassd -a.
Yes. When a Windows user connects to the Samba server, it tries to match the Windows user name and password to one in the smbpasswd list. If it can't, it will request a name and password. Windows will pop-up a window asking for that info, and will send that the next time the user connects to the Samba server.

It all depends on how separate you want the users to be in the Samba server. You can create one account that all the users connect as; but then everybody has the same access to the same files. You can create a couple different accounts, maybe if you had different departments that needed different files. Or, you can create a full list of accounts.

the_imax · 03-02-2008, 11:05 PM

Thanks, so If a user John is logged in at windows and tries to connect to samba where the samba server also has a user john with password same as that defined for John in Windows
than the user will not be prompted for password while connecting from windows?