For Current Real Information#
Please see: http://wiki.samba.org/
Passwords#
The samba password is not the Linux password.The Microsoft SMB Protocol originally used plaintext passwords. Starting with Windows 2000 and Windows NT 4.0 with Service Pack 3 or higher required encrypted Samba passwords. To use Samba between a Linux system and a system with Windows 2000 or Windows NT 4.0 Service Pack 3 or higher, you can either edit your Windows registry to use plaintext passwords or configure Samba on your Linux system to use encrypted passwords. If you choose to modify your registry, you must do so for all your Windows NT or 2000 machines — this is risky and may cause further conflicts.
Using LDAP, the password is from sambaLMPassword or sambaNTPassword. The samba password must be set independently from the Linux and the LDAP password.
In a Windows Domain, authentication process performed from a Domain controller.
In contrast, Linux and (most) Unix variants allows authentication redirection where the the authentication process can be performed from by a "Pluggable Authentication Module" (PAM).
Setting the samba Password#
The samba password can be set or changed for the current user with:
smbpasswd
Troubleshooting#
Note: This is from our samba install that is LDAP enabled.Testing from Linux#
Commands from a Linux workstation that may help.
Get the Domain SID#
net getlocalsid willeke SID for domain willeke is: S-1-5-21-852355746-2165432268-4188094699 (sid shown is fake)
LDAP server sees:
19:00:00 94C04BA0 LDAP: (192.168.1.4:41817)(0x0001:0x60) DoBind on connection 0x9ced280 19:00:00 94C04BA0 LDAP: (192.168.1.4:41817)(0x0001:0x60) Bind name:cn=admin,ou=administration,dc=willeke,dc=com, version:3, authentication:simple 18:34:40 94C04BA0 LDAP: (192.168.1.4:41817)(0x0001:0x60) Sending operation result 0:"":"" to connection 0x9ced280 19:00:00 B6E23BA0 LDAP: (192.168.1.4:41817)(0x0002:0x63) DoSearch on connection 0x9ced280 19:00:06 B6E23BA0 LDAP: (192.168.1.4:41817)(0x0002:0x63) Search request: base: "" scope:0 dereference:0 sizelimit:0 timelimit:0 attrsonly:0 filter: "(objectclass=*)" attribute: "supportedControl" 18:34:40 B6E23BA0 LDAP: (192.168.1.4:41817)(0x0002:0x63) Sending search result entry "" to connection 0x9ced280 19:00:00 B6E23BA0 LDAP: (192.168.1.4:41817)(0x0002:0x63) Sending operation result 0:"":"" to connection 0x9ced280 19:00:00 9368FBA0 LDAP: (192.168.1.4:41817)(0x0003:0x63) DoSearch on connection 0x9ced280 19:00:00 9368FBA0 LDAP: (192.168.1.4:41817)(0x0003:0x63) Search request: base: "dc=willeke,dc=com" scope:2 dereference:0 sizelimit:0 timelimit:15 attrsonly:0 filter: "(&(objectClass=sambaDomain)(sambaDomainName=WILLEKE))" attribute: "sambaDomainName" attribute: "sambaNextRid" attribute: "sambaNextUserRid" attribute: "sambaNextGroupRid" attribute: "sambaSID" attribute: "sambaAlgorithmicRidBase" attribute: "objectClass" 19:00:00 9368FBA0 LDAP: (192.168.1.4:41817)(0x0003:0x63) Sending search result entry "sambaDomainName=WILLEKE,dc=willeke,dc=com" to connection 0x9ced280 19:00:04 9368FBA0 LDAP: (192.168.1.4:41817)(0x0003:0x63) Sending operation result 0:"":"" to connection 0x9ced280 19:00:04 9535BBA0 LDAP: Monitor 0x9535bba0 found connection 0x9ced280 socket closed, err = -5871, 0 of 0 bytes read 00:44:21 9535BBA0 LDAP: Monitor 0x9535bba0 initiating close for connection 0x9ced280 00:44:21 93B94BA0 LDAP: Server closing connection 0x9ced280, socket error = -5871 08:45:20 93B94BA0 LDAP: Connection 0x9ced280 closed
Get a list of share on a host#
smbclient -L FRANCIS -U jim Password: Domain=[WILLEKE] OS=[Unix] Server=[Samba 3.0.32-0.8-2045-SUSE-CODE10] Sharename Type Comment --------- ---- ------- profiles Disk Network Profiles Service users Disk All users groups Disk All groups print$ Disk Printer Drivers netlogon Disk Network Logon Service srv Disk Web Stuff IPC$ IPC IPC Service (Samba 3.0.32-0.8-2045-SUSE-CODE10) ipp Printer MFC jim Disk Home Directories Domain=[WILLEKE] OS=[Unix] Server=[Samba 3.0.32-0.8-2045-SUSE-CODE10] Server Comment --------- ------- FRANCIS Samba 3.0.32-0.8-2045-SUSE-CODE10 XENHOST Samba 3.0.32-0.8-2045-SUSE-CODE10 Workgroup Master --------- ------- WILLEKE XENHOST
LDAP Server shows: (eDirectory)
19:00:00 B691EBA0 LDAP: New cleartext connection 0x9ced280 from 192.168.1.4:52750, monitor = 0x9535bba0, index = 9 19:00:00 B6D22BA0 LDAP: (192.168.1.4:52750)(0x0001:0x60) DoBind on connection 0x9ced280 08:02:44 B6D22BA0 LDAP: (192.168.1.4:52750)(0x0001:0x60) Bind name:cn=admin,ou=administration,dc=willeke,dc=com, version:3, authentication:simple 18:34:40 B6D22BA0 LDAP: (192.168.1.4:52750)(0x0001:0x60) Sending operation result 0:"":"" to connection 0x9ced280 04:06:36 9348DBA0 LDAP: (192.168.1.4:52750)(0x0002:0x63) DoSearch on connection 0x9ced280 02:04:24 9348DBA0 LDAP: (192.168.1.4:52750)(0x0002:0x63) Search request: base: "" scope:0 dereference:0 sizelimit:0 timelimit:0 attrsonly:0 filter: "(objectclass=*)" attribute: "supportedControl" 19:00:00 9348DBA0 LDAP: (192.168.1.4:52750)(0x0002:0x63) Sending search result entry "" to connection 0x9ced280 04:06:40 9348DBA0 LDAP: (192.168.1.4:52750)(0x0002:0x63) Sending operation result 0:"":"" to connection 0x9ced280 19:00:00 9338CBA0 LDAP: (192.168.1.4:52750)(0x0003:0x63) DoSearch on connection 0x9ced280 19:00:02 9338CBA0 LDAP: (192.168.1.4:52750)(0x0003:0x63) Search request: base: "ou=Group,dc=willeke,dc=com" scope:2 dereference:0 sizelimit:0 timelimit:15 attrsonly:0 filter: "(&(objectClass=sambaGroupMapping)(gidNumber=65533))" attribute: "gidNumber" attribute: "sambaSID" attribute: "sambaGroupType" attribute: "sambaSIDList" attribute: "description" attribute: "displayName" attribute: "cn" attribute: "objectClass" 19:00:00 9338CBA0 LDAP: (192.168.1.4:52750)(0x0003:0x63) Sending operation result 0:"":"" to connection 0x9ced280 19:00:00 B691EBA0 LDAP: New cleartext connection 0xb0f7a00 from 192.168.1.4:52751, monitor = 0x9535bba0, index = 16 19:00:00 9535BBA0 LDAP: Monitor 0x9535bba0 found connection 0x9ced280 socket closed, err = -5871, 0 of 0 bytes read 19:00:00 9535BBA0 LDAP: Monitor 0x9535bba0 initiating close for connection 0x9ced280 19:00:00 9358EBA0 LDAP: Server closing connection 0x9ced280, socket error = -5871 19:00:01 9358EBA0 LDAP: Connection 0x9ced280 closed 04/06/09 19:00:00 955DEBA0 LDAP: (192.168.1.4:52751)(0x0001:0x60) DoBind on connection 0xb0f7a00 19:00:00 955DEBA0 LDAP: (192.168.1.4:52751)(0x0001:0x60) Bind name:cn=admin,ou=administration,dc=willeke,dc=com, version:3, authentication:simple 18:34:40 955DEBA0 LDAP: (192.168.1.4:52751)(0x0001:0x60) Sending operation result 0:"":"" to connection 0xb0f7a00 01:44:40 9348DBA0 LDAP: (192.168.1.4:52751)(0x0002:0x63) DoSearch on connection 0xb0f7a00 19:00:00 9348DBA0 LDAP: (192.168.1.4:52751)(0x0002:0x63) Search request: base: "" scope:0 dereference:0 sizelimit:0 timelimit:0 attrsonly:0 filter: "(objectclass=*)" attribute: "supportedControl" 19:00:00 9348DBA0 LDAP: (192.168.1.4:52751)(0x0002:0x63) Sending search result entry "" to connection 0xb0f7a00 19:00:00 9348DBA0 LDAP: (192.168.1.4:52751)(0x0002:0x63) Sending operation result 0:"":"" to connection 0xb0f7a00 19:00:00 9338CBA0 LDAP: (192.168.1.4:52751)(0x0003:0x63) DoSearch on connection 0xb0f7a00 19:00:08 9338CBA0 LDAP: (192.168.1.4:52751)(0x0003:0x63) Search request: base: "dc=willeke,dc=com" scope:2 dereference:0 sizelimit:0 timelimit:15 attrsonly:0 filter: "(&(uid=root)(objectclass=sambaSamAccount))" attribute: "uid" attribute: "uidNumber" attribute: "gidNumber" attribute: "homeDirectory" attribute: "sambaPwdLastSet" attribute: "sambaPwdCanChange" attribute: "sambaPwdMustChange" attribute: "sambaLogonTime" attribute: "sambaLogoffTime" attribute: "sambaKickoffTime" attribute: "cn" attribute: "sn" attribute: "displayName" attribute: "sambaHomeDrive" attribute: "sambaHomePath" attribute: "sambaLogonScript" attribute: "sambaProfilePath" attribute: "description" attribute: "sambaUserWorkstations" attribute: "sambaSID" attribute: "sambaPrimaryGroupSID" attribute: "sambaLMPassword" attribute: "sambaNTPassword" attribute: "sambaDomainName" attribute: "objectClass" attribute: "sambaAcctFlags" attribute: "sambaMungedDial" attribute: "sambaBadPasswordCount" attribute: "sambaBadPasswordTime" attribute: "sambaPasswordHistory" attribute: "modifyTimestamp" attribute: "sambaLogonHours" attribute: "modifyTimestamp" attribute: "uidNumber" 19:00:00 9338CBA0 LDAP: (192.168.1.4:52751)(0x0003:0x63) Sending operation result 0:"":"" to connection 0xb0f7a00 01:44:40 9348DBA0 LDAP: (192.168.1.4:52751)(0x0004:0x63) DoSearch on connection 0xb0f7a00 19:00:02 9348DBA0 LDAP: (192.168.1.4:52751)(0x0004:0x63) Search request: base: "ou=Group,dc=willeke,dc=com" scope:2 dereference:0 sizelimit:0 timelimit:15 attrsonly:0 filter: "(&(objectClass=sambaGroupMapping)(gidNumber=65533))" attribute: "gidNumber" attribute: "sambaSID" attribute: "sambaGroupType" attribute: "sambaSIDList" attribute: "description" attribute: "displayName" attribute: "cn" attribute: "objectClass" 19:00:00 9348DBA0 LDAP: (192.168.1.4:52751)(0x0004:0x63) Sending operation result 0:"":"" to connection 0xb0f7a00 19:00:00 9535BBA0 LDAP: Monitor 0x9535bba0 found connection 0xb0f7a00 socket closed, err = -5871, 0 of 0 bytes read 19:00:00 9535BBA0 LDAP: Monitor 0x9535bba0 initiating close for connection 0xb0f7a00 19:00:00 9328BBA0 LDAP: Server closing connection 0xb0f7a00, socket error = -5871 19:00:00 9328BBA0 LDAP: Connection 0xb0f7a00 closed 19:00:00 B691EBA0 LDAP: New cleartext connection 0x9ced280 from 192.168.1.4:52754, monitor = 0x9535bba0, index = 9 19:00:00 B6E23BA0 LDAP: (192.168.1.4:52754)(0x0001:0x60) DoBind on connection 0x9ced280 19:00:00 B6E23BA0 LDAP: (192.168.1.4:52754)(0x0001:0x60) Bind name:cn=admin,ou=administration,dc=willeke,dc=com, version:3, authentication:simple 18:34:40 B6E23BA0 LDAP: (192.168.1.4:52754)(0x0001:0x60) Sending operation result 0:"":"" to connection 0x9ced280 04:06:36 94D86BA0 LDAP: (192.168.1.4:52754)(0x0002:0x63) DoSearch on connection 0x9ced280 02:04:24 94D86BA0 LDAP: (192.168.1.4:52754)(0x0002:0x63) Search request: base: "" scope:0 dereference:0 sizelimit:0 timelimit:0 attrsonly:0 filter: "(objectclass=*)" attribute: "supportedControl" 19:00:00 94D86BA0 LDAP: (192.168.1.4:52754)(0x0002:0x63) Sending search result entry "" to connection 0x9ced280 18:34:40 94D86BA0 LDAP: (192.168.1.4:52754)(0x0002:0x63) Sending operation result 0:"":"" to connection 0x9ced280 01:30:56 9348DBA0 LDAP: (192.168.1.4:52754)(0x0003:0x63) DoSearch on connection 0x9ced280 19:00:00 9348DBA0 LDAP: (192.168.1.4:52754)(0x0003:0x63) Search request: base: "ou=Group,dc=willeke,dc=com" scope:2 dereference:0 sizelimit:0 timelimit:15 attrsonly:0 filter: "(&(objectClass=sambaGroupMapping)(gidNumber=65533))" attribute: "gidNumber" attribute: "sambaSID" attribute: "sambaGroupType" attribute: "sambaSIDList" attribute: "description" attribute: "displayName" attribute: "cn" attribute: "objectClass" 19:00:00 9348DBA0 LDAP: (192.168.1.4:52754)(0x0003:0x63) Sending operation result 0:"":"" to connection 0x9ced280 19:00:00 B691EBA0 LDAP: New cleartext connection 0xb0f7a00 from 192.168.1.4:52755, monitor = 0x9535bba0, index = 16 19:00:00 9535BBA0 LDAP: Monitor 0x9535bba0 found connection 0x9ced280 socket closed, err = -5871, 0 of 0 bytes read 19:00:00 9535BBA0 LDAP: Monitor 0x9535bba0 initiating close for connection 0x9ced280 19:00:00 9338CBA0 LDAP: Server closing connection 0x9ced280, socket error = -5871 17:08:53 9338CBA0 LDAP: Connection 0x9ced280 closed 19:00:00 B6E23BA0 LDAP: (192.168.1.4:52755)(0x0001:0x60) DoBind on connection 0xb0f7a00 19:00:00 B6E23BA0 LDAP: (192.168.1.4:52755)(0x0001:0x60) Bind name:cn=admin,ou=administration,dc=willeke,dc=com, version:3, authentication:simple 18:34:40 B6E23BA0 LDAP: (192.168.1.4:52755)(0x0001:0x60) Sending operation result 0:"":"" to connection 0xb0f7a00 19:00:00 955DEBA0 LDAP: (192.168.1.4:52755)(0x0002:0x63) DoSearch on connection 0xb0f7a00 15:32:24 955DEBA0 LDAP: (192.168.1.4:52755)(0x0002:0x63) Search request: base: "" scope:0 dereference:0 sizelimit:0 timelimit:0 attrsonly:0 filter: "(objectclass=*)" attribute: "supportedControl" 19:00:00 955DEBA0 LDAP: (192.168.1.4:52755)(0x0002:0x63) Sending search result entry "" to connection 0xb0f7a00 18:34:40 955DEBA0 LDAP: (192.168.1.4:52755)(0x0002:0x63) Sending operation result 0:"":"" to connection 0xb0f7a00 18:27:20 9358EBA0 LDAP: (192.168.1.4:52755)(0x0003:0x63) DoSearch on connection 0xb0f7a00 19:24:34 9358EBA0 LDAP: (192.168.1.4:52755)(0x0003:0x63) Search request: base: "dc=willeke,dc=com" scope:2 dereference:0 sizelimit:0 timelimit:15 attrsonly:0 filter: "(&(uid=root)(objectclass=sambaSamAccount))" attribute: "uid" attribute: "uidNumber" attribute: "gidNumber" attribute: "homeDirectory" attribute: "sambaPwdLastSet" attribute: "sambaPwdCanChange" attribute: "sambaPwdMustChange" attribute: "sambaLogonTime" attribute: "sambaLogoffTime" attribute: "sambaKickoffTime" attribute: "cn" attribute: "sn" attribute: "displayName" attribute: "sambaHomeDrive" attribute: "sambaHomePath" attribute: "sambaLogonScript" attribute: "sambaProfilePath" attribute: "description" attribute: "sambaUserWorkstations" attribute: "sambaSID" attribute: "sambaPrimaryGroupSID" attribute: "sambaLMPassword" attribute: "sambaNTPassword" attribute: "sambaDomainName" attribute: "objectClass" attribute: "sambaAcctFlags" attribute: "sambaMungedDial" attribute: "sambaBadPasswordCount" attribute: "sambaBadPasswordTime" attribute: "sambaPasswordHistory" attribute: "modifyTimestamp" attribute: "sambaLogonHours" attribute: "modifyTimestamp" attribute: "uidNumber" 07:11:27 9358EBA0 LDAP: (192.168.1.4:52755)(0x0003:0x63) Sending operation result 0:"":"" to connection 0xb0f7a00 19:00:00 955DEBA0 LDAP: (192.168.1.4:52755)(0x0004:0x63) DoSearch on connection 0xb0f7a00 10:33:32 955DEBA0 LDAP: (192.168.1.4:52755)(0x0004:0x63) Search request: base: "ou=Group,dc=willeke,dc=com" scope:2 dereference:0 sizelimit:0 timelimit:15 attrsonly:0 filter: "(&(objectClass=sambaGroupMapping)(gidNumber=65533))" attribute: "gidNumber" attribute: "sambaSID" attribute: "sambaGroupType" attribute: "sambaSIDList" attribute: "description" attribute: "displayName" attribute: "cn" attribute: "objectClass" 18:34:40 955DEBA0 LDAP: (192.168.1.4:52755)(0x0004:0x63) Sending operation result 0:"":"" to connection 0xb0f7a00 18:34:40 9535BBA0 LDAP: Monitor 0x9535bba0 found connection 0xb0f7a00 socket closed, err = -5871, 0 of 0 bytes read 09:46:40 9535BBA0 LDAP: Monitor 0x9535bba0 initiating close for connection 0xb0f7a00 19:00:00 9328BBA0 LDAP: Server closing connection 0xb0f7a00, socket error = -5871 19:00:00 9328BBA0 LDAP: Connection 0xb0f7a00 closed
Start Samba Services#
rcsmb restart rcnmb restart
Add samba users#
First we need to give Samba the admin password. This is accomplished with:smbpasswd -w somethingverysecretwhere somethingverysecret is the password for the account you set in smb.conf. (Tip: if you put a space at the start of the command line then the command won't be saved in you shell history)
You should see a line that says "Setting stored password for 'cn=admin,o=sbs' in secrets.tdb" That will give Samba access via LDAP, so we should now be able to add user accounts.
Noraml Users #
smbpasswd -a jimand enter the password twice when prompted
You should see a line that says "Added user jim". If you get error messages complaining about ldapsam_search_one_group you can safely ignore them! The user should now able to log in via Samba.
Test samba connectivity#
You can use a windows machine here if you like, but it's easier to test thing on Linux first. The command smbclient allows you to test samba without leaving the command line!Try
smbclient //francis/home/tv -U tvand enter your password when prompted. You should get a prompt like smb: \>
Try typing ls and you should see the contents of the user's home directory. You can type mkdir mynewfolder and a new folder should be created.
Type exit to leave the smb client. and change to
/rootand check that ls shows the new folder with the appropriate owner:
drwxr-xr-x 2 markrobinson eDirectoryUsers 48 Feb 16 16:56 mynewfolder
From Windows Client#
C:>net view \\192.168.1.5 Shared resources at \\192.168.1.5 Samba 3.0.32-0.8-2045-SUSE-CODE10 Share name Type Used as Comment ------------------------------------------------------------------------------- groups Disk All groups ipp Print MFC jim Disk Home Directories netlogon Disk Network Logon Service profiles Disk Network Profiles Service srv Disk Web Stuff users Disk All users The command completed successfully.
MAP Drives#
net use H: \\192.168.1.5\home\jim /PERSISTENT:YES net use M: \\192.168.1.5\mediacontent /PERSISTENT:YES net use W: \\192.168.1.5\srv /PERSISTENT:YES net use X: \\192.168.1.5\common /PERSISTENT:YES