Ldapwiki: Samba

More...

For Current Real Information#

Passwords #

The samba password is not the Linux password.

The Microsoft SMB Protocol originally used plaintext passwords. Starting with Windows 2000 and Windows NT 4.0 with Service Pack 3 or higher required encrypted Samba passwords. To use Samba between a Linux system and a system with Windows 2000 or Windows NT 4.0 Service Pack 3 or higher, you can either edit your Windows registry to use plaintext passwords or configure Samba on your Linux system to use encrypted passwords. If you choose to modify your registry, you must do so for all your Windows NT or 2000 machines — this is risky and may cause further conflicts.

Using LDAP, the password is from sambaLMPassword or sambaNTPassword. The samba password must be set independently from the Linux and the LDAP password.

In a Windows Domain, authentication process performed from a Domain controller.

In contrast, Linux and (most) Unix variants allows authentication redirection where the the authentication process can be performed from by a "Pluggable Authentication Module" (PAM).

Setting the samba Password#

The samba password can be set or changed for the current user with:

 smbpasswd

Troubleshooting#

Note: This is from our samba install that is LDAP enabled.

Testing from Linux#

Commands from a Linux workstation that may help.

Get the Domain SID#

net getlocalsid willeke
SID for domain willeke is: S-1-5-21-852355746-2165432268-4188094699 (sid shown is fake)

LDAP server sees:

19:00:00 94C04BA0 LDAP: (192.168.1.4:41817)(0x0001:0x60) DoBind on connection 0x9ced280
19:00:00 94C04BA0 LDAP: (192.168.1.4:41817)(0x0001:0x60) Bind name:cn=admin,ou=administration,dc=willeke,dc=com, version:3, authentication:simple
18:34:40 94C04BA0 LDAP: (192.168.1.4:41817)(0x0001:0x60) Sending operation result 0:"":"" to connection 0x9ced280
19:00:00 B6E23BA0 LDAP: (192.168.1.4:41817)(0x0002:0x63) DoSearch on connection 0x9ced280
19:00:06 B6E23BA0 LDAP: (192.168.1.4:41817)(0x0002:0x63) Search request:
   base: ""
   scope:0 dereference:0 sizelimit:0 timelimit:0 attrsonly:0
   filter: "(objectclass=*)"
   attribute: "supportedControl"
18:34:40 B6E23BA0 LDAP: (192.168.1.4:41817)(0x0002:0x63) Sending search result entry "" to connection 0x9ced280
19:00:00 B6E23BA0 LDAP: (192.168.1.4:41817)(0x0002:0x63) Sending operation result 0:"":"" to connection 0x9ced280
19:00:00 9368FBA0 LDAP: (192.168.1.4:41817)(0x0003:0x63) DoSearch on connection 0x9ced280
19:00:00 9368FBA0 LDAP: (192.168.1.4:41817)(0x0003:0x63) Search request:
   base: "dc=willeke,dc=com"
   scope:2 dereference:0 sizelimit:0 timelimit:15 attrsonly:0
   filter: "(&(objectClass=sambaDomain)(sambaDomainName=WILLEKE))"
   attribute: "sambaDomainName"
   attribute: "sambaNextRid"
   attribute: "sambaNextUserRid"
   attribute: "sambaNextGroupRid"
   attribute: "sambaSID"
   attribute: "sambaAlgorithmicRidBase"
   attribute: "objectClass"
19:00:00 9368FBA0 LDAP: (192.168.1.4:41817)(0x0003:0x63) Sending search result entry "sambaDomainName=WILLEKE,dc=willeke,dc=com" to connection 0x9ced280
19:00:04 9368FBA0 LDAP: (192.168.1.4:41817)(0x0003:0x63) Sending operation result 0:"":"" to connection 0x9ced280
19:00:04 9535BBA0 LDAP: Monitor 0x9535bba0 found connection 0x9ced280 socket closed, err = -5871, 0 of 0 bytes read
00:44:21 9535BBA0 LDAP: Monitor 0x9535bba0 initiating close for connection 0x9ced280
00:44:21 93B94BA0 LDAP: Server closing connection 0x9ced280, socket error = -5871
08:45:20 93B94BA0 LDAP: Connection 0x9ced280 closed

Get a list of share on a host#

smbclient -L FRANCIS -U jim
Password:
Domain=[WILLEKE] OS=[Unix] Server=[Samba 3.0.32-0.8-2045-SUSE-CODE10]

        Sharename       Type      Comment
        ---------       ----      -------
        profiles        Disk      Network Profiles Service
        users           Disk      All users
        groups          Disk      All groups
        print$          Disk      Printer Drivers
        netlogon        Disk      Network Logon Service
        srv             Disk      Web Stuff
        IPC$            IPC       IPC Service (Samba 3.0.32-0.8-2045-SUSE-CODE10)
        ipp             Printer   MFC
        jim             Disk      Home Directories
Domain=[WILLEKE] OS=[Unix] Server=[Samba 3.0.32-0.8-2045-SUSE-CODE10]

        Server               Comment
        ---------            -------
        FRANCIS              Samba 3.0.32-0.8-2045-SUSE-CODE10
        XENHOST              Samba 3.0.32-0.8-2045-SUSE-CODE10

        Workgroup            Master
        ---------            -------
        WILLEKE              XENHOST

LDAP Server shows: (eDirectory)

19:00:00 B691EBA0 LDAP: New cleartext connection 0x9ced280 from 192.168.1.4:52750, monitor = 0x9535bba0, index = 9
19:00:00 B6D22BA0 LDAP: (192.168.1.4:52750)(0x0001:0x60) DoBind on connection 0x9ced280
08:02:44 B6D22BA0 LDAP: (192.168.1.4:52750)(0x0001:0x60) Bind name:cn=admin,ou=administration,dc=willeke,dc=com, version:3, authentication:simple
18:34:40 B6D22BA0 LDAP: (192.168.1.4:52750)(0x0001:0x60) Sending operation result 0:"":"" to connection 0x9ced280
04:06:36 9348DBA0 LDAP: (192.168.1.4:52750)(0x0002:0x63) DoSearch on connection 0x9ced280
02:04:24 9348DBA0 LDAP: (192.168.1.4:52750)(0x0002:0x63) Search request:
   base: ""
   scope:0 dereference:0 sizelimit:0 timelimit:0 attrsonly:0
   filter: "(objectclass=*)"
   attribute: "supportedControl"
19:00:00 9348DBA0 LDAP: (192.168.1.4:52750)(0x0002:0x63) Sending search result entry "" to connection 0x9ced280
04:06:40 9348DBA0 LDAP: (192.168.1.4:52750)(0x0002:0x63) Sending operation result 0:"":"" to connection 0x9ced280
19:00:00 9338CBA0 LDAP: (192.168.1.4:52750)(0x0003:0x63) DoSearch on connection 0x9ced280
19:00:02 9338CBA0 LDAP: (192.168.1.4:52750)(0x0003:0x63) Search request:
   base: "ou=Group,dc=willeke,dc=com"
   scope:2 dereference:0 sizelimit:0 timelimit:15 attrsonly:0
   filter: "(&(objectClass=sambaGroupMapping)(gidNumber=65533))"
   attribute: "gidNumber"
   attribute: "sambaSID"
   attribute: "sambaGroupType"
   attribute: "sambaSIDList"
   attribute: "description"
   attribute: "displayName"
   attribute: "cn"
   attribute: "objectClass"
19:00:00 9338CBA0 LDAP: (192.168.1.4:52750)(0x0003:0x63) Sending operation result 0:"":"" to connection 0x9ced280
19:00:00 B691EBA0 LDAP: New cleartext connection 0xb0f7a00 from 192.168.1.4:52751, monitor = 0x9535bba0, index = 16
19:00:00 9535BBA0 LDAP: Monitor 0x9535bba0 found connection 0x9ced280 socket closed, err = -5871, 0 of 0 bytes read
19:00:00 9535BBA0 LDAP: Monitor 0x9535bba0 initiating close for connection 0x9ced280
19:00:00 9358EBA0 LDAP: Server closing connection 0x9ced280, socket error = -5871
19:00:01 9358EBA0 LDAP: Connection 0x9ced280 closed
04/06/09
19:00:00 955DEBA0 LDAP: (192.168.1.4:52751)(0x0001:0x60) DoBind on connection 0xb0f7a00
19:00:00 955DEBA0 LDAP: (192.168.1.4:52751)(0x0001:0x60) Bind name:cn=admin,ou=administration,dc=willeke,dc=com, version:3, authentication:simple
18:34:40 955DEBA0 LDAP: (192.168.1.4:52751)(0x0001:0x60) Sending operation result 0:"":"" to connection 0xb0f7a00
01:44:40 9348DBA0 LDAP: (192.168.1.4:52751)(0x0002:0x63) DoSearch on connection 0xb0f7a00
19:00:00 9348DBA0 LDAP: (192.168.1.4:52751)(0x0002:0x63) Search request:
   base: ""
   scope:0 dereference:0 sizelimit:0 timelimit:0 attrsonly:0
   filter: "(objectclass=*)"
   attribute: "supportedControl"
19:00:00 9348DBA0 LDAP: (192.168.1.4:52751)(0x0002:0x63) Sending search result entry "" to connection 0xb0f7a00
19:00:00 9348DBA0 LDAP: (192.168.1.4:52751)(0x0002:0x63) Sending operation result 0:"":"" to connection 0xb0f7a00
19:00:00 9338CBA0 LDAP: (192.168.1.4:52751)(0x0003:0x63) DoSearch on connection 0xb0f7a00
19:00:08 9338CBA0 LDAP: (192.168.1.4:52751)(0x0003:0x63) Search request:
   base: "dc=willeke,dc=com"
   scope:2 dereference:0 sizelimit:0 timelimit:15 attrsonly:0
   filter: "(&(uid=root)(objectclass=sambaSamAccount))"
   attribute: "uid"
   attribute: "uidNumber"
   attribute: "gidNumber"
   attribute: "homeDirectory"
   attribute: "sambaPwdLastSet"
   attribute: "sambaPwdCanChange"
   attribute: "sambaPwdMustChange"
   attribute: "sambaLogonTime"
   attribute: "sambaLogoffTime"
   attribute: "sambaKickoffTime"
   attribute: "cn"
   attribute: "sn"
   attribute: "displayName"
   attribute: "sambaHomeDrive"
   attribute: "sambaHomePath"
   attribute: "sambaLogonScript"
   attribute: "sambaProfilePath"
   attribute: "description"
   attribute: "sambaUserWorkstations"
   attribute: "sambaSID"
   attribute: "sambaPrimaryGroupSID"
   attribute: "sambaLMPassword"
   attribute: "sambaNTPassword"
   attribute: "sambaDomainName"
   attribute: "objectClass"
   attribute: "sambaAcctFlags"
   attribute: "sambaMungedDial"
   attribute: "sambaBadPasswordCount"
   attribute: "sambaBadPasswordTime"
   attribute: "sambaPasswordHistory"
   attribute: "modifyTimestamp"
   attribute: "sambaLogonHours"
   attribute: "modifyTimestamp"
   attribute: "uidNumber"
19:00:00 9338CBA0 LDAP: (192.168.1.4:52751)(0x0003:0x63) Sending operation result 0:"":"" to connection 0xb0f7a00
01:44:40 9348DBA0 LDAP: (192.168.1.4:52751)(0x0004:0x63) DoSearch on connection 0xb0f7a00
19:00:02 9348DBA0 LDAP: (192.168.1.4:52751)(0x0004:0x63) Search request:
   base: "ou=Group,dc=willeke,dc=com"
   scope:2 dereference:0 sizelimit:0 timelimit:15 attrsonly:0
   filter: "(&(objectClass=sambaGroupMapping)(gidNumber=65533))"
   attribute: "gidNumber"
   attribute: "sambaSID"
   attribute: "sambaGroupType"
   attribute: "sambaSIDList"
   attribute: "description"
   attribute: "displayName"
   attribute: "cn"
   attribute: "objectClass"
19:00:00 9348DBA0 LDAP: (192.168.1.4:52751)(0x0004:0x63) Sending operation result 0:"":"" to connection 0xb0f7a00
19:00:00 9535BBA0 LDAP: Monitor 0x9535bba0 found connection 0xb0f7a00 socket closed, err = -5871, 0 of 0 bytes read
19:00:00 9535BBA0 LDAP: Monitor 0x9535bba0 initiating close for connection 0xb0f7a00
19:00:00 9328BBA0 LDAP: Server closing connection 0xb0f7a00, socket error = -5871
19:00:00 9328BBA0 LDAP: Connection 0xb0f7a00 closed
19:00:00 B691EBA0 LDAP: New cleartext connection 0x9ced280 from 192.168.1.4:52754, monitor = 0x9535bba0, index = 9
19:00:00 B6E23BA0 LDAP: (192.168.1.4:52754)(0x0001:0x60) DoBind on connection 0x9ced280
19:00:00 B6E23BA0 LDAP: (192.168.1.4:52754)(0x0001:0x60) Bind name:cn=admin,ou=administration,dc=willeke,dc=com, version:3, authentication:simple
18:34:40 B6E23BA0 LDAP: (192.168.1.4:52754)(0x0001:0x60) Sending operation result 0:"":"" to connection 0x9ced280
04:06:36 94D86BA0 LDAP: (192.168.1.4:52754)(0x0002:0x63) DoSearch on connection 0x9ced280
02:04:24 94D86BA0 LDAP: (192.168.1.4:52754)(0x0002:0x63) Search request:
   base: ""
   scope:0 dereference:0 sizelimit:0 timelimit:0 attrsonly:0
   filter: "(objectclass=*)"
   attribute: "supportedControl"
19:00:00 94D86BA0 LDAP: (192.168.1.4:52754)(0x0002:0x63) Sending search result entry "" to connection 0x9ced280
18:34:40 94D86BA0 LDAP: (192.168.1.4:52754)(0x0002:0x63) Sending operation result 0:"":"" to connection 0x9ced280
01:30:56 9348DBA0 LDAP: (192.168.1.4:52754)(0x0003:0x63) DoSearch on connection 0x9ced280
19:00:00 9348DBA0 LDAP: (192.168.1.4:52754)(0x0003:0x63) Search request:
   base: "ou=Group,dc=willeke,dc=com"
   scope:2 dereference:0 sizelimit:0 timelimit:15 attrsonly:0
   filter: "(&(objectClass=sambaGroupMapping)(gidNumber=65533))"
   attribute: "gidNumber"
   attribute: "sambaSID"
   attribute: "sambaGroupType"
   attribute: "sambaSIDList"
   attribute: "description"
   attribute: "displayName"
   attribute: "cn"
   attribute: "objectClass"
19:00:00 9348DBA0 LDAP: (192.168.1.4:52754)(0x0003:0x63) Sending operation result 0:"":"" to connection 0x9ced280
19:00:00 B691EBA0 LDAP: New cleartext connection 0xb0f7a00 from 192.168.1.4:52755, monitor = 0x9535bba0, index = 16
19:00:00 9535BBA0 LDAP: Monitor 0x9535bba0 found connection 0x9ced280 socket closed, err = -5871, 0 of 0 bytes read
19:00:00 9535BBA0 LDAP: Monitor 0x9535bba0 initiating close for connection 0x9ced280
19:00:00 9338CBA0 LDAP: Server closing connection 0x9ced280, socket error = -5871
17:08:53 9338CBA0 LDAP: Connection 0x9ced280 closed
19:00:00 B6E23BA0 LDAP: (192.168.1.4:52755)(0x0001:0x60) DoBind on connection 0xb0f7a00
19:00:00 B6E23BA0 LDAP: (192.168.1.4:52755)(0x0001:0x60) Bind name:cn=admin,ou=administration,dc=willeke,dc=com, version:3, authentication:simple
18:34:40 B6E23BA0 LDAP: (192.168.1.4:52755)(0x0001:0x60) Sending operation result 0:"":"" to connection 0xb0f7a00
19:00:00 955DEBA0 LDAP: (192.168.1.4:52755)(0x0002:0x63) DoSearch on connection 0xb0f7a00
15:32:24 955DEBA0 LDAP: (192.168.1.4:52755)(0x0002:0x63) Search request:
   base: ""
   scope:0 dereference:0 sizelimit:0 timelimit:0 attrsonly:0
   filter: "(objectclass=*)"
   attribute: "supportedControl"
19:00:00 955DEBA0 LDAP: (192.168.1.4:52755)(0x0002:0x63) Sending search result entry "" to connection 0xb0f7a00
18:34:40 955DEBA0 LDAP: (192.168.1.4:52755)(0x0002:0x63) Sending operation result 0:"":"" to connection 0xb0f7a00
18:27:20 9358EBA0 LDAP: (192.168.1.4:52755)(0x0003:0x63) DoSearch on connection 0xb0f7a00
19:24:34 9358EBA0 LDAP: (192.168.1.4:52755)(0x0003:0x63) Search request:
   base: "dc=willeke,dc=com"
   scope:2 dereference:0 sizelimit:0 timelimit:15 attrsonly:0
   filter: "(&(uid=root)(objectclass=sambaSamAccount))"
   attribute: "uid"
   attribute: "uidNumber"
   attribute: "gidNumber"
   attribute: "homeDirectory"
   attribute: "sambaPwdLastSet"
   attribute: "sambaPwdCanChange"
   attribute: "sambaPwdMustChange"
   attribute: "sambaLogonTime"
   attribute: "sambaLogoffTime"
   attribute: "sambaKickoffTime"
   attribute: "cn"
   attribute: "sn"
   attribute: "displayName"
   attribute: "sambaHomeDrive"
   attribute: "sambaHomePath"
   attribute: "sambaLogonScript"
   attribute: "sambaProfilePath"
   attribute: "description"
   attribute: "sambaUserWorkstations"
   attribute: "sambaSID"
   attribute: "sambaPrimaryGroupSID"
   attribute: "sambaLMPassword"
   attribute: "sambaNTPassword"
   attribute: "sambaDomainName"
   attribute: "objectClass"
   attribute: "sambaAcctFlags"
   attribute: "sambaMungedDial"
   attribute: "sambaBadPasswordCount"
   attribute: "sambaBadPasswordTime"
   attribute: "sambaPasswordHistory"
   attribute: "modifyTimestamp"
   attribute: "sambaLogonHours"
   attribute: "modifyTimestamp"
   attribute: "uidNumber"
07:11:27 9358EBA0 LDAP: (192.168.1.4:52755)(0x0003:0x63) Sending operation result 0:"":"" to connection 0xb0f7a00
19:00:00 955DEBA0 LDAP: (192.168.1.4:52755)(0x0004:0x63) DoSearch on connection 0xb0f7a00
10:33:32 955DEBA0 LDAP: (192.168.1.4:52755)(0x0004:0x63) Search request:
   base: "ou=Group,dc=willeke,dc=com"
   scope:2 dereference:0 sizelimit:0 timelimit:15 attrsonly:0
   filter: "(&(objectClass=sambaGroupMapping)(gidNumber=65533))"
   attribute: "gidNumber"
   attribute: "sambaSID"
   attribute: "sambaGroupType"
   attribute: "sambaSIDList"
   attribute: "description"
   attribute: "displayName"
   attribute: "cn"
   attribute: "objectClass"
18:34:40 955DEBA0 LDAP: (192.168.1.4:52755)(0x0004:0x63) Sending operation result 0:"":"" to connection 0xb0f7a00
18:34:40 9535BBA0 LDAP: Monitor 0x9535bba0 found connection 0xb0f7a00 socket closed, err = -5871, 0 of 0 bytes read
09:46:40 9535BBA0 LDAP: Monitor 0x9535bba0 initiating close for connection 0xb0f7a00
19:00:00 9328BBA0 LDAP: Server closing connection 0xb0f7a00, socket error = -5871
19:00:00 9328BBA0 LDAP: Connection 0xb0f7a00 closed

Start Samba Services#

rcsmb restart
rcnmb restart

Add samba users#

First we need to give Samba the admin password. This is accomplished with:

smbpasswd -w somethingverysecret

where somethingverysecret is the password for the account you set in smb.conf. (Tip: if you put a space at the start of the command line then the command won't be saved in you shell history)

You should see a line that says "Setting stored password for 'cn=admin,o=sbs' in secrets.tdb" That will give Samba access via LDAP, so we should now be able to add user accounts.

Noraml Users #

smbpasswd -a jim

and enter the password twice when prompted

You should see a line that says "Added user jim". If you get error messages complaining about ldapsam_search_one_group you can safely ignore them! The user should now able to log in via Samba.

Test samba connectivity#

You can use a windows machine here if you like, but it's easier to test thing on Linux first. The command smbclient allows you to test samba without leaving the command line!

Try

 
smbclient //francis/home/tv -U tv

and enter your password when prompted. You should get a prompt like smb: \>

Try typing ls and you should see the contents of the user's home directory. You can type mkdir mynewfolder and a new folder should be created.

Type exit to leave the smb client. and change to

 /root

and check that ls shows the new folder with the appropriate owner:

 drwxr-xr-x 2 markrobinson eDirectoryUsers 48 Feb 16 16:56 mynewfolder

From Windows Client#

C:>net view \\192.168.1.5
Shared resources at \\192.168.1.5

Samba 3.0.32-0.8-2045-SUSE-CODE10

Share name  Type   Used as  Comment

-------------------------------------------------------------------------------
groups      Disk            All groups
ipp         Print           MFC
jim         Disk            Home Directories
netlogon    Disk            Network Logon Service
profiles    Disk            Network Profiles Service
srv         Disk            Web Stuff
users       Disk            All users
The command completed successfully.

MAP Drives#

net use H: \\192.168.1.5\home\jim /PERSISTENT:YES
net use M: \\192.168.1.5\mediacontent /PERSISTENT:YES
net use W: \\192.168.1.5\srv /PERSISTENT:YES

net use X: \\192.168.1.5\common /PERSISTENT:YES

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.

« This page (revision-11) was last changed on 20-May-2016 10:40 by jim

G’day (anonymous guest) My Prefs

Main page
About
Recent Changes
Tools Page

Lead Pages#

WikiEtiquette
Find pages
Unused pages
Undefined pages
Page Index
News

Site Maintained By -jim

Costs of Wiki

Donations#

If you like Ldapwiki, please consider a donation.

Active Sessions	51
Uptime	40d, 19h 8m 49s
Number of pages	12104

JSPWiki v2.10.1