On Monday 20 June 2005 10:09 pm, Jerome Lyles wrote:
---------- Forwarded Message ----------
Subject: Re: Fwd: RE: [SLE] Using Samba Date: Sunday 19 June 2005 00:56 From: Ken Schneider <suse-list@bout-tyme.net> To: suse-linux-e@suse.com
On Sat, 2005-06-18 at 21:16 -1000, Jerome Lyles wrote:
On Saturday 18 June 2005 05:27 pm, Susemail wrote:
If you want to use user security then you need to add smb users with smbpasswd, at least that has always solved it for me. man smbpasswd for more info. You can also set samba to automatically add/remove user access when linux users are added/removed.
Hello Ken, Adding myself as a user (as root) using smbpasswd didn't produce access. Trying to change my password as user using smbpasswd produced this: :~> smbpasswd Old SMB password: New SMB password: Retype new SMB password: machine 127.0.0.1 rejected the (anonymous) password change: Error was : No such user. Failed to change password for user But the user is in the smbpasswd file: # cat /etc/samba/smbpasswd ... user:1000:FCF29D3EC14322D993E28745B8BF4BA6:... The comments in the smbpasswd file state: # This file is the authentication source for Samba if 'passdb backend' is set # to 'smbpasswd' and 'encrypt passwords' is 'Yes' in the [global] section of # /etc/samba/smb.conf # # See section 'passdb backend' and 'encrypt passwords' in the manual page of # smb.conf for more information. I put 'encrypt passwords' is 'Yes' in the [global] section but nothing changed. I think because 'passdb backend' is not set to 'smbpasswd'. Man smb.conf says smbpasswd is the default backend, but there are others: smbpasswd - The default smbpasswd backend. Takes a path to the smbpasswd file as an optional argument. tdbsam - The TDB based password storage backend. Takes a path to the TDB as an optional argument (defaults to passdb.tdb in the private dir directory. ldapsam - The LDAP based passdb backend. Takes an LDAP URL as an optional argument (defaults to ldap://localhost) LDAP connections should be secured where possible. This may be done using either Start-TLS (see ldap ssl) or by specifying ldaps:// in the URL argument. Multiple servers may also be specified in double-quotes, if your LDAP libraries supports the LDAP URL notation. (OpenLDAP does). nisplussam - The NIS+ based passdb backend. Takes name NIS domain as an optional argument. Only works with sun NIS+ servers. mysql - The MySQL based passdb backend. Takes an identifier as argument. Read the Samba HOWTO Collection for configuration details. There is a file called 'secrets.tdb' ,it's a binary file. Which backend does it belong to? I think it's ldapsam. man:smb.conf states: There are a number of ways in which a user can connect to a service. The server uses the following steps in determining if it will allow a connection to a specified service. If all the steps fail, the connection request is rejected. However, if one of the steps succeeds, the following steps are not checked. If the service is marked ``guest only = yes'' and the server is running with share-level security ``security = share'', steps 1 to 5 are skipped. 1. If the client has passed a username/password pair and that username/password pair is validated by the UNIX system's password programs, the connection is made as that username. This includes the serverrvice%username method of passing a username. I am passing a username/password pair that is validated by the UNIX system's password programs, yet the connection is not made.??
-- Ken Schneider UNIX since 1989, linux since 1994, SuSE since 1998
"The day Microsoft makes something that doesn't suck is probably the day they start making vacuum cleaners." -Ernst Jan Plugge
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
-------------------------------------------------------