mksmbpasswd.sh does not create accounts with the X flag in the password flags field. Does this X matter, and if so, what does it mean? It's not in the man page. ---- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | | Ryan Novosielski - Jr. UNIX Systems Admin |$&| |__| | | |__/ | \| _| | novosirj@umdnj.edu - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630
On Thu, 22 May 2003, Ryan Novosielski wrote:> mksmbpasswd.sh does not create accounts with the X flag in the password > flags field. Does this X matter, and if so, what does it mean? It's not in > the man page.The 'X' flag is not used at this time, but please note that with Samba-3 there can be many passwd back ends - only smbpasswd (a legacy database) is plain text based. Use of mksmbpasswd.sh should be discouraged. - John T. -- John H Terpstra Email: jht@samba.org
If that is the case, then what should be used to migrate current passwords into smbpasswd? Cheers, Mun Heng, Ow H/M Engineering Western Digital M'sia DID : 03-7870 5168 -----Original Message----- From: John H Terpstra [mailto:jht@samba.org] Sent: Friday, May 23, 2003 11:39 PM To: Ryan Novosielski Cc: Samba Mailing List Subject: Re: [Samba] X flag in smbpasswd? On Thu, 22 May 2003, Ryan Novosielski wrote:> mksmbpasswd.sh does not create accounts with the X flag in the password > flags field. Does this X matter, and if so, what does it mean? It's not in > the man page.The 'X' flag is not used at this time, but please note that with Samba-3 there can be many passwd back ends - only smbpasswd (a legacy database) is plain text based. Use of mksmbpasswd.sh should be discouraged. - John T. -- John H Terpstra Email: jht@samba.org
Well, doing a fresh install of Redhat 8 samba 2.2.7a, it states that I need to create the smbpasswd file and thus need to use mksmbpasswd.sh on /etc/passwd and redirect the output into smbpasswd. That's just to create the initial smbpasswd database. To add any new/additional users I use smbpasswd -a newuser. So, if mksmbpasswd.sh use is discouraged, does that mean I'll have to add the users 1 by one? Cheers, Mun Heng, Ow H/M Engineering Western Digital M'sia DID : 03-7870 5168 -----Original Message----- From: John H Terpstra [mailto:jht@samba.org] Sent: Monday, May 26, 2003 11:43 AM To: Ow Mun Heng Cc: Ryan Novosielski; Samba Mailing List Subject: RE: [Samba] X flag in smbpasswd? On Mon, 26 May 2003, Ow Mun Heng wrote:> If that is the case, then what should be used to migrate current passwords > into smbpasswd?What current passwords are you trying to migrate? What form are they in now? - John T.> > Cheers, > Mun Heng, Ow > H/M Engineering > Western Digital M'sia > DID : 03-7870 5168 > > > -----Original Message----- > From: John H Terpstra [mailto:jht@samba.org] > Sent: Friday, May 23, 2003 11:39 PM > To: Ryan Novosielski > Cc: Samba Mailing List > Subject: Re: [Samba] X flag in smbpasswd? > > > On Thu, 22 May 2003, Ryan Novosielski wrote: > > > mksmbpasswd.sh does not create accounts with the X flag in the password > > flags field. Does this X matter, and if so, what does it mean? It's notin> > the man page. > > The 'X' flag is not used at this time, but please note that with Samba-3 > there can be many passwd back ends - only smbpasswd (a legacy database) is > plain text based. Use of mksmbpasswd.sh should be discouraged. > > - John T. >-- John H Terpstra Email: jht@samba.org
Thanks for the tip. Hence in that case, Since I have a lot of XXXX in my smbpasswd file for users such as apache, gdm, nfsnobody etc.. does it mean I should remove that? (so that someone can't use a login such as ftp/apache with NO password and get into samba shares?) BTW, i'm trying to set up anonymous access to the samba shares. (I have 1 share which I would like to share out to the 'world') I have # If you want users samba doesn't recognize to be mapped to a guest user map to guest = bad user but that does not work. I already have : # A publicly accessible directory, but read only, except for people in # the "headmedia" group [H-Media] comment = Head Media (Readable) Share path = /usr/HeadMedia public = yes <--------This should be the one right? read only = yes write list = @headmedia create mask = 0665 directory mode = 0775 unfortunately, it still prompts users for a password. (security = user) Cheers, Mun Heng, Ow H/M Engineering Western Digital M'sia DID : 03-7870 5168 -----Original Message----- From: John H Terpstra [mailto:jht@samba.org] Sent: Monday, May 26, 2003 12:58 PM To: Ow Mun Heng Cc: Samba Mailing List Subject: RE: [Samba] X flag in smbpasswd? On Mon, 26 May 2003, Ow Mun Heng wrote:> Well, doing a fresh install of Redhat 8 samba 2.2.7a, it states that Ineed> to create the smbpasswd file and thus need to use mksmbpasswd.sh on > /etc/passwd and redirect the output into smbpasswd.The script mksmbpasswd.sh has the following in it: #!/bin/sh awk 'BEGIN {FS=":" printf("#\n# SMB password file.\n#\n") } { printf( "%s:%s:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:%s\n", $1, $3, $5) } ' This script simply puts account entries into the smbpasswd file but does NOT set a password for any of them. You will still need to set a password for each user by way of: smbpasswd 'username' Now to add a user account _AND_ set the password in the first place you would run (as you point out): smbpasswd -a 'username' Both uses of smbpasswd are fully portable from samba-2.2.x to samba-3 when it ships. It will work with Samba-3 regardless of the password backend you choose to use. If you choose to use the 'tdbsam' or 'ldapsam' options then the mksmbpasswd.sh shell script is useless to you anyhow - it will put entries (without passwords) into a file that you will not be using.> > That's just to create the initial smbpasswd database. To add any > new/additional users I use smbpasswd -a newuser. > > So, if mksmbpasswd.sh use is discouraged, does that mean I'll have to add > the users 1 by one?Yes, or else change the mksmbpasswd.sh script to call smbpasswd for you. That is a pretty easy change to make, isn't it? Let's see: #!/bin/bash list=`cat -f1 -d: < /etc/passwd` for i in $list do echo Adding user: $i smbpasswd -a $i done exit 0 Now you will need to type the password for each user. Cheers, - John T.> > Cheers, > Mun Heng, Ow > H/M Engineering > Western Digital M'sia > DID : 03-7870 5168 > > > -----Original Message----- > From: John H Terpstra [mailto:jht@samba.org] > Sent: Monday, May 26, 2003 11:43 AM > To: Ow Mun Heng > Cc: Ryan Novosielski; Samba Mailing List > Subject: RE: [Samba] X flag in smbpasswd? > > > On Mon, 26 May 2003, Ow Mun Heng wrote: > > > If that is the case, then what should be used to migrate currentpasswords> > into smbpasswd? > > What current passwords are you trying to migrate? What form are they in > now? > > - John T. > > > > > Cheers, > > Mun Heng, Ow > > H/M Engineering > > Western Digital M'sia > > DID : 03-7870 5168 > > > > > > -----Original Message----- > > From: John H Terpstra [mailto:jht@samba.org] > > Sent: Friday, May 23, 2003 11:39 PM > > To: Ryan Novosielski > > Cc: Samba Mailing List > > Subject: Re: [Samba] X flag in smbpasswd? > > > > > > On Thu, 22 May 2003, Ryan Novosielski wrote: > > > > > mksmbpasswd.sh does not create accounts with the X flag in thepassword> > > flags field. Does this X matter, and if so, what does it mean? It'snot> in > > > the man page. > > > > The 'X' flag is not used at this time, but please note that with Samba-3 > > there can be many passwd back ends - only smbpasswd (a legacy database)is> > plain text based. Use of mksmbpasswd.sh should be discouraged. > > > > - John T. > > > >-- John H Terpstra Email: jht@samba.org
Solved it. Found out that the map to guest parameter is in the share definition section instead of in Global section. (I was just following redhat's default smb.conf file. How come it was in the share section? Or could it be my silly mistake?) Cheers, Mun Heng, Ow H/M Engineering Western Digital M'sia DID : 03-7870 5168 -----Original Message----- From: Ow Mun Heng Sent: Monday, May 26, 2003 4:06 PM To: John H Terpstra Cc: Samba Mailing List Subject: RE: [Samba] X flag in smbpasswd? Thanks for the tip. Hence in that case, Since I have a lot of XXXX in my smbpasswd file for users such as apache, gdm, nfsnobody etc.. does it mean I should remove that? (so that someone can't use a login such as ftp/apache with NO password and get into samba shares?) BTW, i'm trying to set up anonymous access to the samba shares. (I have 1 share which I would like to share out to the 'world') I have # If you want users samba doesn't recognize to be mapped to a guest user map to guest = bad user but that does not work. I already have : # A publicly accessible directory, but read only, except for people in # the "headmedia" group [H-Media] comment = Head Media (Readable) Share path = /usr/HeadMedia public = yes <--------This should be the one right? read only = yes write list = @headmedia create mask = 0665 directory mode = 0775 unfortunately, it still prompts users for a password. (security = user) Cheers, Mun Heng, Ow H/M Engineering Western Digital M'sia DID : 03-7870 5168 -----Original Message----- From: John H Terpstra [mailto:jht@samba.org] Sent: Monday, May 26, 2003 12:58 PM To: Ow Mun Heng Cc: Samba Mailing List Subject: RE: [Samba] X flag in smbpasswd? On Mon, 26 May 2003, Ow Mun Heng wrote:> Well, doing a fresh install of Redhat 8 samba 2.2.7a, it states that Ineed> to create the smbpasswd file and thus need to use mksmbpasswd.sh on > /etc/passwd and redirect the output into smbpasswd.The script mksmbpasswd.sh has the following in it: #!/bin/sh awk 'BEGIN {FS=":" printf("#\n# SMB password file.\n#\n") } { printf( "%s:%s:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:%s\n", $1, $3, $5) } ' This script simply puts account entries into the smbpasswd file but does NOT set a password for any of them. You will still need to set a password for each user by way of: smbpasswd 'username' Now to add a user account _AND_ set the password in the first place you would run (as you point out): smbpasswd -a 'username' Both uses of smbpasswd are fully portable from samba-2.2.x to samba-3 when it ships. It will work with Samba-3 regardless of the password backend you choose to use. If you choose to use the 'tdbsam' or 'ldapsam' options then the mksmbpasswd.sh shell script is useless to you anyhow - it will put entries (without passwords) into a file that you will not be using.> > That's just to create the initial smbpasswd database. To add any > new/additional users I use smbpasswd -a newuser. > > So, if mksmbpasswd.sh use is discouraged, does that mean I'll have to add > the users 1 by one?Yes, or else change the mksmbpasswd.sh script to call smbpasswd for you. That is a pretty easy change to make, isn't it? Let's see: #!/bin/bash list=`cat -f1 -d: < /etc/passwd` for i in $list do echo Adding user: $i smbpasswd -a $i done exit 0 Now you will need to type the password for each user. Cheers, - John T.> > Cheers, > Mun Heng, Ow > H/M Engineering > Western Digital M'sia > DID : 03-7870 5168 > > > -----Original Message----- > From: John H Terpstra [mailto:jht@samba.org] > Sent: Monday, May 26, 2003 11:43 AM > To: Ow Mun Heng > Cc: Ryan Novosielski; Samba Mailing List > Subject: RE: [Samba] X flag in smbpasswd? > > > On Mon, 26 May 2003, Ow Mun Heng wrote: > > > If that is the case, then what should be used to migrate currentpasswords> > into smbpasswd? > > What current passwords are you trying to migrate? What form are they in > now? > > - John T. > > > > > Cheers, > > Mun Heng, Ow > > H/M Engineering > > Western Digital M'sia > > DID : 03-7870 5168 > > > > > > -----Original Message----- > > From: John H Terpstra [mailto:jht@samba.org] > > Sent: Friday, May 23, 2003 11:39 PM > > To: Ryan Novosielski > > Cc: Samba Mailing List > > Subject: Re: [Samba] X flag in smbpasswd? > > > > > > On Thu, 22 May 2003, Ryan Novosielski wrote: > > > > > mksmbpasswd.sh does not create accounts with the X flag in thepassword> > > flags field. Does this X matter, and if so, what does it mean? It'snot> in > > > the man page. > > > > The 'X' flag is not used at this time, but please note that with Samba-3 > > there can be many passwd back ends - only smbpasswd (a legacy database)is> > plain text based. Use of mksmbpasswd.sh should be discouraged. > > > > - John T. > > > >-- John H Terpstra Email: jht@samba.org