I'm running samba 3.0.14a-6 on Debian GNU/Linux 2.4. I believe that I should be using pdbedit to add or modify users and their passwords, but I want to double-check that. I'd also like to suggest the documentation could be clearer. I had earlier versions installed, and the upgraded seems to have migrated me to the new password scheme. smb.conf has "passdb backend tdbsam guest"; there is no smbpasswd file in the location designated in smb.conf or anywhere else according to locate; and there are various tdb files. First uncertainty: is the smbpasswd program a general front end, like pdbedit, or does it only work with the smbpasswd back end and file? The man page and other documentation (e.g., 10.3 of the How To) seem to provide evidence for both interpretations. Second uncertainty: the smb.conf man page, in the section "Note About Username/Password Validation" discusses authentication mechanisms. It doesn't look to me as if the samba backend figure in this discussion. The first item refers to "the UNIX system's password programs"; to me this means this means the usual Unix mechanisms for password verification and not SAMBA's special facilities. However, those may be programs, and they are on a UNIX system, so maybe that is intended. This is the only password matching mechanism discussed explicitly in the whole section. This section contains no hint of the issues with encrypted vs clear-text passwords. The simple fact that one needs to set up users and passwords, at least in some configurations (namely, the recommended ones for NT clients), was not something that was obvious to me from the man pages, the How To, and the cookbook. It was so unobvious that I began to doubt it was necessary, even though I had done it a few years ago (and since kind of forgotten). To summarize the question and the comment: Given "passdb backend = tdbsam guest", " encrypt passwords = true", and NT clients, does the smbpasswd command work on my system? Comment: the documentation on the use and setup of passwords was obscure to me. A few strategically placed sentences could help a lot to clarify things.
On Thursday 13 October 2005 02:36 pm, Ross Boylan wrote:> I had earlier versions installed, and the upgraded seems to have > migrated me to the new password scheme. smb.conf has "passdb backend > = tdbsam guest"; there is no smbpasswd file in the location > designated in smb.conf or anywhere else according to locate; and > there are various tdb files.Chapter 10 of the HOWTO: "tdbsam - The TDB based password storage backend. Takes a path to the TDB as an optional argument (defaults to passdb.tdb in the private dir directory." I don't think "guest" is a valid "passdb backend" value (at least "man smb.conf" does not list it).> Given "passdb backend = tdbsam guest", " encrypt passwords = true", > and NT clients, does the smbpasswd command work on my system?AFAIK there is no dependency on your supplied values (nor any others) for those parameters. If the values are not valid or correct for your environment the results may be less than satisfactory.
On Thursday 13 October 2005 12:36, Ross Boylan wrote:> I'm running samba 3.0.14a-6 on Debian GNU/Linux 2.4. I believe that I > should be using pdbedit to add or modify users and their passwords, > but I want to double-check that. I'd also like to suggest the > documentation could be clearer.Please direct me to the specific sections of the documentation that you referred to to help me to understand where I have messed up. Humble apologies if I have written bad documentation. Please help me to find my errors so I can fix them.> I had earlier versions installed, and the upgraded seems to have > migrated me to the new password scheme. smb.conf has "passdb backend > tdbsam guest"; there is no smbpasswd file in the location designated > in smb.conf or anywhere else according to locate; and there are > various tdb files. > > First uncertainty: is the smbpasswd program a general front end, like > pdbedit, or does it only work with the smbpasswd back end and file? > The man page and other documentation (e.g., 10.3 of the How To) seem > to provide evidence for both interpretations.The smbpasswd program uses the first argument (reading from left to right) that has been specified to the passdb backend parameter in the smb.conf file.> Second uncertainty: the smb.conf man page, in the section "Note About > Username/Password Validation" discusses authentication mechanisms. It > doesn't look to me as if the samba backend figure in this discussion. > The first item refers to "the UNIX system's password programs"; to me > this means this means the usual Unix mechanisms for password > verification and not SAMBA's special facilities. However, those may > be programs, and they are on a UNIX system, so maybe that is > intended. This is the only password matching mechanism discussed > explicitly in the whole section. This section contains no hint of the > issues with encrypted vs clear-text passwords. > > The simple fact that one needs to set up users and passwords, at least > in some configurations (namely, the recommended ones for NT clients), > was not something that was obvious to me from the man pages, the How > To, and the cookbook. It was so unobvious that I began to doubt it > was necessary, even though I had done it a few years ago (and since > kind of forgotten). > > To summarize the question and the comment: > > Given "passdb backend = tdbsam guest", " encrypt passwords = true", > and NT clients, does the smbpasswd command work on my system?Yes. If you execute "smbpasswd -a 'username'" it will add the SambaSAM account enttry to the tdbsam backend. This data will be written to the passdb.tdb file in the /etc/samba directory (Linux).> Comment: the documentation on the use and setup of passwords was > obscure to me. A few strategically placed sentences could help a lot > to clarify thingsOnce you figure this out please email me your corrections/clarifications to the documentation. When will you contribute this vital information? - John T.