Greetings all, I have a bit of a problem whose answer I cannot seem to find anywhere. I have a Fedora 5 system with about 300 users and 2 printers. Samba is running on the sole server. There are also about 2 dozen Windows XP computers in use, but there is no domain and no Active Directory. All the computers are standalone. Users desire to use the Samba printers and access their home directories in the Linux system. I have setup and have Samba running fine. Using Webmin, I converted all Linux users to Samba users. BUT the passwords don't convert. Since there is no Windows AD or Domain controllers, I cannot do authentication lookups from some other system since they do not exist. I suppose I could make the Linux Samba the Domain Controller, but since the windows users currently do not log in, I wanted to avoid the extra work of setting up those systems. My quesiton is - how can I convert both the Linux users and their passwords into one on the Samba Password backends? Thank you. Frank
On Mon, 07 Aug 2006 09:12:12 +0900 FTuzi <ftuzi@yahoo.com> wrote:> Greetings all, > I have a bit of a problem whose answer I cannot seem to find anywhere. > > I have a Fedora 5 system with about 300 users and 2 printers. Samba is > running on the sole server. There are also about 2 dozen Windows XP > computers in use, but there is no domain and no Active Directory. All > the computers are standalone. Users desire to use the Samba printers > and access their home directories in the Linux system. > > I have setup and have Samba running fine. Using Webmin, I converted all > Linux users to Samba users. BUT the passwords don't convert. Since > there is no Windows AD or Domain controllers, I cannot do authentication > lookups from some other system since they do not exist. > > I suppose I could make the Linux Samba the Domain Controller, but since > the windows users currently do not log in, I wanted to avoid the extra > work of setting up those systems. > > My quesiton is - how can I convert both the Linux users and their > passwords into one on the Samba Password backends? > > Thank you. > > Frank > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/sambaI've seen some topics about this issue in another Linux lists and it seems that if you DO NOT use shadow passwords in Linux you can a command (or a script, I don't know very well) called mksmbpasswd. A pipe of cat and this "command" could solve the problem (if DO NOT use shadow passwords). I've never tryed that, so I could not warrantise it works, but maybe it could be a starting point. If it do not work you'll indeed have to make all the users type the passwords. Good luck. -- Miguel Da Silva. Servicio de Informatica. Facultad de Ciencias.
On Mon, 7 Aug 2006, FTuzi wrote:> I have a Fedora 5 system with about 300 users and 2 printers. Samba is > running on the sole server. There are also about 2 dozen Windows XP > computers in use, but there is no domain and no Active Directory. All the > computers are standalone. Users desire to use the Samba printers and access > their home directories in the Linux system. > > I have setup and have Samba running fine. Using Webmin, I converted all > Linux users to Samba users. BUT the passwords don't convert.I don't believe there is any way of converting the passwords. Both Unix and Windows use a one-way hash system. It's possible to get the hashed password from the cleartext password, but not vice versa. (That's enough for authentication purposes because it allows you to verify a password, which is all you need.) Since Unix/Linux and Windows/Samba use different one-way hash schemes from each other, you will have to create the Windows hashes[1], and that requires access to the cleartext passwords, which you don't have available on a Unix/Linux system. So, you're going to have to have users re-enter their passwords. One possible solution to this problem is to assign every user a new password for Samba only and let them know what it is, then give them a mechanism to change both. By the way, I would probably go ahead and set up the Linux machine as a domain controller. That won't help your passwords issue, but at some point you may want to have people logon to Windows machines and they might as well be able to use a unified set of accounts to do it. Also, if the users need to use Samba shares regularly, it's just as easy for them to logon at the beginning of the session. That way they only have to type their password when they logon to the Windows machine and not every time they access a new share. - Logan [1] There are actually two types: Lan Manager ("LM") and Windows NT ("NT").