[Samba] Synching /etc/passwd with smbpasswd

Dmulec · 11-10-2008, 04:48 AM

Hello! First off, sorry for my bad english, english is like my 3rd language.

Anyway, I'm currently working on getting a Samba server to work with sharer security level. The OS I'm using is Debian 4 Etch.

I'm supposed to be able to sync the samba users passwords with /etc/passwd, but how? And also, how do I make it so Samba writes by default in /etc/samba/smbpasswd? At the moment Samba writes in an unknown location when I'm using smbpasswd :/

This is how my smb.conf looks like atm

Quote:

security = share
encrypt passwords = yes
guest account = nobody
invalid users = root
passdb backend = tdbsam
unix password sync = yes
passwd program = /usr/bin/smbpasswd %u
smb passwd file = /etc/samba/smbpasswd

I can change the samba passwords fine, but they don't sync and don't write into /etc/samba/smbpasswd :/

Can anyone help me? I've been googling the past 5 days and looked around many forums, but so far I didn't find an answer ;;. All I found so far were outdated things from 1998, which don't contain any useful info anyway.

jschiwal · 11-10-2008, 05:40 AM

The Share security model doesn't use user authentication.

Dmulec · 11-10-2008, 06:25 AM

Quote:

Originally Posted by jschiwal

The Share security model doesn't use user authentication.

When I make the share private (Guest ok = no and the user who can have access) it uses a password request on the private share.

EDIT: Well more importantly, how do I make it so the smbpasswd command by default writes into /etc/samba/smbpasswd?
EDIT2: I solved the problem with writing into /etc/samba/smbpasswd, now I only need to find out how to sync it with /etc/passwd

jschiwal · 11-11-2008, 02:41 AM

You are trying to use "security = domain" features for a server with "security = share". Share level security is obsolete Win 95 technology that is hardly covered in the "Samba 3 HOWTO & Reference Guide". The script entries are what would be run if a user on a client changed his password in a Windows Domain, and the Samba server was the domain controller.

You could instead use "security = user" and configure public shares for guest read/writable shares and user shares for the private ones. You could also create a Linux user on the server with the name of the share and add a Linux password and samba password. That would allow giving the username and password to certain people. You will need to run both "passwd" and "smbpasswd" to set the password. I think that you can change the samba password later (or use a different password) without changing the user password. I did test this, running "smbpasswd" on my laptop to change the samba password on my desktop. Then I was able to get at my shares using the new password.

You can run "smbpasswd -u <username> -r <remote-machine>" to change the samba password remotely.

I have never used "security = share" on a Samba server. I don't even know if a user name is prompted for. The "Samba 3 HOWTO and Reference Guide" says that the Samba server isn't given the username, and each possible user name is tried. Maybe using "smbpasswd -u <user> -r <remote-machine>" would be enough if the password (hash) matches that of any user in smbpasswd.

---

I just installed Fedora 9 on my old Laptop. I have been using SuSE exclusively. Running samba swat (http://localhost:901), I see that is uses /var/lib/samba/private/smbpasswd instead of /etc/samba/smbpasswd.

-----
One small thing that I noticed later on, is that the "Password Program" entry in smb.conf is for the Unix password program rather than the Samba password program. So it should be "/usr/bin/passwd %u" instead of using smbpasswd.