On Sun, 2013-07-21 at 01:34 -0700, Paul D. DeRocco wrote: > > On Sat, Jul 20, 2013 at 10:41:31PM -0700, Paul D. DeRocco wrote: > > > I've read what I can find about SMB passwords, but I don't > > > get what they > > > are. Are they Unix passwords or an alternative to them? If > > > I have a file > > > share, and the underlying file system requires some sort of > > > credentials to > > > access it, what is the relationship between that and an SMB > > > password? > > > > > > If a client tries to access the share, using a user account > > > that is listed > > > in the smbpasswd file, does the client have to provide a > > > password that > > > matches the SMB password in order for the server to allow > > > the access, and > > > having done that, does it then not need to know the Unix > > > password? Or is the > > > SMB password the Unix password that the server will use to > > > access the share, > > > so that the client doesn't have to supply a password at all? > > > > > > I don't even understand if the SMB server runs as root, and > > > can therefore > > > access anything, or if it can't access local files unless > > > it is given a > > > password somehow. The smbpasswd(5) and smbpasswd(8) man pages, and > > > everything else I've read, seem to assume that whoever is > > > reading them > > > already knows the answers to these questions. > > > From: Volker Lendecke [mailto:[email protected]] > > > > The Samba server never sees the plaintext password. The > > Samba password is a one-way hashed version of the plaintext > > password, that is all Samba needs to do its > > challenge-response authentication. If Samba is a domain > > member, it does not even have the hash, it has nothing but > > trusts the domain controller to have it and check it > > properly. > > > > What file system is this? If it happens to be AFS, then > > there's the fake_kaserver functionality. The basic trick is > > that this makes the file server the KDC. A blatant violation > > of any security policy, but that's the only way. > > You completely misunderstood my question. I'm asking something much simpler > and more basic than all that. What's an SMB password for, and how does it > relate to a Unix password? > > Here's the situation. I have a directory on a machine, and the files in it > are created by a service which runs as root, so the files are owned by root > and only locally accessible to root. I need to make this directory > accessible to ANY remote client who knows a particular password. Do I have > to tell the client the root password, so that the client can tell the Samba > server the password needed to access the files? Or does Samba run as root > and have access to everything anyway? If the former, is the SMB password the > same as the Unix password needed to access the files, programmed into the > Samba server so that the client doesn't have to supply it? If the latter, is > the SMB password a completely independent password that Samba uses to grant > access? > > Nothing in the docs gives me a clue how this works. It all seems to be > written by and for people who've been working with networking since the > Stone Age, and already know all the mechanisms and issues. My only involving > with networking over the years has been as a user, who is given a user name > and a password to access various network services. How that maps to what's > going on in the Samba server is a complete mystery to me. But now I need to > set up a simple server with one file share, as described above. Some of the > docs imply that the client must supply a password that matches a password on > one of the local Unix user accounts (or in some remote password server). Yet > then there's this talk about an SMB password. I don't see where that fits > in. > > Is my question clearer now?
Hi. I sympathise with your need for plain English. I'll have a go from what you describe. Each Linux user needs also to be a samba user. It's easier to use the same password for both, so as root: useradd paul (enter a password) smbpasswd -a paul (enter the same password) paul is now a local Linux user and also a samba user who can now access folders defined in smb.conf on that machine. Setup a share like this: [myshare] path = /path/to/the/folder read only = No valid users = paul paul can now access that folder not only from that machine but also from remote machines, including windows. An easy way to do that in Linux is to use a browser: smb://ip.of.the.server/myshare Samba will then ask for a username and password on the remote machine, be it Linux or windows. That may be enough to get started but I'm afraid that from here the learning curve is steep. I know systems like GNOME and KDE have quite simple right click > share folder as > samba. Maybe that's good enough if you have just one folder? HTH, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
