OPC oota
2009-Sep-10 02:23 UTC
[Samba] TOSHAG-Passdb.xml translate finished and some typo found
Now, TOSHARG-Passdb.xml translate to Japanese finished(3.4.0 base).
And some typo found.
Many people ask why Samba cannot simply use the UNIX password database. Windows
requires
passwords that are encrypted in its own format. The UNIX passwords can't be
converted to
---- Windows?
UNIX-style encrypted passwords. Because of that, you can't use the standard
UNIX user
database, and you have to store the LanMan and NT hashes somewhere else.
<indexterm><primary>challenge/response
mechanis</primary></indexterm>
-------- mechanism
<indexterm><primary>clear-text</primary></indexterm>
<indexterm><primary>encrypted</primary></indexterm>
<indexterm><primary>negotiate</primary></indexterm>
All current releases of Microsoft SMB/CIFS clients support
authentication via the
Some people are confused when reference is made to
<literal>smbpasswd</literal> because the
name refers to a storage mechanism for SambaSAMAccount information, but it is
also the name
of a utility tool. That tool is destined to eventually be replaced by new
functionality that
is being added to the <command>net</command> toolset (see <link
linkend="NetCommand">the Net
Command</link>.
- forgot )
The <command>smbpasswd</command> utility is similar
to the <command>passwd</command>
and <command>yppasswd</command> programs. It
maintains the two 32 byte password
fields in the passdb backend. This utility operates
independently of the actual
account and password storage methods used (as specified by the
<parameter>passdb
backend</parameter> in the &smb.conf; file.
- forgot )
The POSIX and sambaSamAccount components of computer (machine) accounts
are both used by Samba.
Thus, machine accounts are treated inside Samba in the same way that
Windows NT4/200X treats
them. A user account and a machine account are indistinquishable from
each other, except that
-----------------
indistinguishable
the machine account ends in a $ character, as do trust accounts.
Domain global policy controls available in Windows NT4 compared with Samba
is shown in <link linkend="policycontrols">NT4 Domain v's
Samba Policy Controls</link>.
--vs ?
<itemizedlist>
<listitem><para>Login
ID.</para></listitem>
<listitem><para>UNIX
UID.</para></listitem>
<listitem>
<para>Microsoft LanManager password hash
(password converted
to upper-case thenhashed.</para>
_ need )
</listitem>
The first problem is that all lookups must be performed sequentially. Given that
there are approximately two lookups per domain logon (one during intial logon
validation
------ initial
and one for a session connection setup, such as when mapping a network drive or
printer
), this
is a performance bottleneck for large sites. What is needed is an indexed
approach
such as that used in databases.
<para><quote>I've installed Samba, but now I
can't log on with
my UNIX account! </quote></para>
<para>Make sure your user has been added to the current
Samba
<smbconfoption name="passdb backend"/>.
Read the <link linkend="acctmgmttools">Account
Management Tools,</link> for
unnecessary thing -
details.</para>
--
--- Oota Toshiya --- t-oota at dh.jp.nec.com
NEC Computers Software Operations Unit Shiba,Minato,Tokyo
Open Source Software Platform Development Division Japan,Earth,Solar system
(samba-jp/ldap-jp Staff,mutt-j/samba-jp postmaster)
Reasonably Related Threads
- TOSHAG-NetworkBrowsing.xml translate finished and some typo/question found
- TOSHAG-Winbind.xml translate finished and some bug found
- TOSHAG-TheNetCommand.xml translate finished and some TYPO found
- TOSHARG-DomainMember.xml translate finish and some bug found
- TOSHAG-ChangeNotes.xml translate finished and some typo found
Wisdom of the Ancients
