Samba passwords

Scott Mitchell scott+freebsd at fishballoon.org
Tue Jul 1 02:30:29 PDT 2003


On Mon, Jun 30, 2003 at 08:25:57PM -0400, Bob Hall wrote:
> samba-2.2.8a
> FreeBSD 4.8
> 
> I'm trying to get samba running on my FBSD server. I've done this 
> previously with another server, but I can't seem to get it to 
> work this time. If I turn off password encryption, then I pass 
> all the tests in the DIAGNOSIS file, but Win2k obviously won't 
> allow the connection without encrypted passwords. If I turn 
> encryption on, I pass any test that doesn't involve a password. 
> 
> I created the password file with make_smbpasswd. I also tried 
> importing a password file used with an earlier version of Samba, 
> and editing the usernames and user ids. There is no ENCRYPTION 
> file included with this port, and I can't find any other 
> instructions for setting up the password file. I've googled and 
> searched, and can't find anything that goes beyond what I already 
> know. If someone could point me to instructions for setting this 
> up, I'd be grateful.
> 
> Bob Hall

Hi Bob,

I'm using Samba 3.0 (the samba-devel port) and I'm not sure this is all
100% true for older versions, but these tips may be useful anyway:

- Use 'swat' instead of writing the Samba config file by hand.  You'll need
  to uncomment the relevant line at the end of /etc/inetd.conf, HUP inetd,
  then just point your browser at http://sambaserver:901/  Trust me, it
  makes life a lot easier :-)

- make_smbpasswd will create entries in the smbpasswd file for all of your
  local users, but they won't have valid SMB passwords (there's no way of
  getting from an encrypted UNIX password to an encrypted SMB password).
  You'll need to run 'smbpasswd <user>' (as root) for all the users you
  want to have SMB logins, to give them valid SMB passwords.  Keeping these
  in sync with the UNIX passwords is a whole other game (see my other
  message in this thread).  You probably also want to delete the system
  accounts from smbpasswd -- either use 'smbpasswd -x <user>' or just edit
  the lines out by hand.

- I find it easier to test things with 'smbclient' until I'm sure
  everything is working, before bothering with Windows clients.

I've attached my smb.conf (as generated by swat) which is working fine for
me, with encrypted passwords and SMB -> UNIX password sync.

Cheers,

	Scott

# Samba config file created using SWAT
# from 192.168.1.6 (192.168.1.6)
# Date: 2003/06/30 23:21:11

# Global parameters
[global]
	workgroup = FISHBALLOON
	netbios name = LLAMA
	server string = Samba Server
	passwd program = /usr/bin/passwd %u
	passwd chat = *New\spassword:* %n\n *Retype\snew\spassword:* %n\n *password\shas\sbeen\schanged*
	unix password sync = Yes
	log level = 20
	log file = /var/log/log.%m
	max log size = 50
	dns proxy = No

[homes]
	comment = Home Directories
	read only = No
	browseable = No

[printers]
	comment = All Printers
	path = /var/spool/samba
	printable = Yes
	browseable = No

-- 
===========================================================================
Scott Mitchell           | PGP Key ID | "Eagles may soar, but weasels
Cambridge, England       | 0x54B171B9 |  don't get sucked into jet engines"
scott at fishballoon.org | 0xAA775B8B |      -- Anon


More information about the freebsd-questions mailing list