samba - Jun 2020 - SAMBA using existing users and passwords on Linux

This is very problematic for me!
In this LINUX VM I have registered more than 40 users for over 10 years.
I wouldn't even bother having to register everyone on SAMBA, the question
is the passwords of these users.

Em seg., 1 de jun. de 2020 ?s 20:09, Andrew Bartlett <abartlet at
samba.org>
escreveu:
> On Mon, 2020-06-01 at 19:02 -0300, Fernando Gon?alves via samba wrote:
> > Good afternoon.
> > I really need some help.
> > I have a VM running Oracle Linux version 7 and samba version 4.10.4.
> > I want samba to use local Linux users and passwords (/ etc / passwd
> > and /
> > etc / shadow).
> > As I researched on the internet it would be enough to configure samba
> > to
> > not encrypt passwords, through the item:
> >
> > encrypt passwords = no
>
> This option very rarely works and requires SMB1 when it does.  Most
> clients refuse to send a plaintext password, and when they do they
> refuse the reconnect transperently so the user experience is horrible.
>
> Sorry, but you essentially must use encrypted passwords or Kerberos.
>
> Andrew Bartlett
>
> --
> Andrew Bartlett                       https://samba.org/~abartlet/
> Authentication Developer, Samba Team  https://samba.org
> Samba Developer, Catalyst IT
> https://catalyst.net.nz/services/samba
>
>
>
>

Am 02.06.20 um 16:47 schrieb Fernando Gon?alves via
samba:
> This is very problematic for me!
> In this LINUX VM I have registered more than 40 users for over 10 years.
> I wouldn't even bother having to register everyone on SAMBA, the
question
> is the passwords of these users.
how does that matter?
smbpasswd -a username

you are asked for a samba-password which has no link to the unix
password at all and you are done, the unix user just needs to exist for
a uid

it's the same for over 10 years, at least 12
> Em seg., 1 de jun. de 2020 ?s 20:09, Andrew Bartlett <abartlet at
samba.org>
> escreveu:
> 
>> On Mon, 2020-06-01 at 19:02 -0300, Fernando Gon?alves via samba wrote:
>>> Good afternoon.
>>> I really need some help.
>>> I have a VM running Oracle Linux version 7 and samba version
4.10.4.
>>> I want samba to use local Linux users and passwords (/ etc / passwd
>>> and /
>>> etc / shadow).
>>> As I researched on the internet it would be enough to configure
samba
>>> to
>>> not encrypt passwords, through the item:
>>>
>>> encrypt passwords = no
>>
>> This option very rarely works and requires SMB1 when it does.  Most
>> clients refuse to send a plaintext password, and when they do they
>> refuse the reconnect transperently so the user experience is horrible.
>>
>> Sorry, but you essentially must use encrypted passwords or Kerberos.

On 02/06/2020 15:47, Fernando Gon?alves via samba wrote:
> This is very problematic for me!
> In this LINUX VM I have registered more than 40 users for over 10 years.
> I wouldn't even bother having to register everyone on SAMBA, the
question
> is the passwords of these users.
>
As Andrew has said, using 'encrypt password = no' isn't a good idea,
what he didn't say was that it had been deprecated at 4.11.0 and could 
be removed at 4.13.0. This means that you need to find another way of 
doing things before this happens. It might be a good idea to post your 
present smb.conf, we should then be able to point you in the best 
direction to go.

Rowland

I apologize for forgetting to pass on all the information.
In fact, this problem is occurring because of the migration from a VM with
Oracle SunOS to another VM with Oracle Linux 7.
This old VM is for production and runs the CACH? database, so we decided to
create a new VM and migrate everything to it.
We have already migrated the database and users without problems.
Only on each machine of these more than 40 users there is a script pointing
to a SAMBA map of the old machine, passing username and password.
With a change in the DNS we will point to the new VM, solving the name
resolution problem.
But if I register each user on SAMBA with a different password, these
mappings will not work.
I would have to go through each user's machine and change this script.

Em ter., 2 de jun. de 2020 ?s 11:54, Reindl Harald <h.reindl at
thelounge.net>
escreveu:
>
>
> Am 02.06.20 um 16:47 schrieb Fernando Gon?alves via samba:
> > This is very problematic for me!
> > In this LINUX VM I have registered more than 40 users for over 10
years.
> > I wouldn't even bother having to register everyone on SAMBA, the
question
> > is the passwords of these users.
>
> how does that matter?
> smbpasswd -a username
>
> you are asked for a samba-password which has no link to the unix
> password at all and you are done, the unix user just needs to exist for
> a uid
>
> it's the same for over 10 years, at least 12
>
> > Em seg., 1 de jun. de 2020 ?s 20:09, Andrew Bartlett <abartlet at
samba.org
> >
> > escreveu:
> >
> >> On Mon, 2020-06-01 at 19:02 -0300, Fernando Gon?alves via samba
wrote:
> >>> Good afternoon.
> >>> I really need some help.
> >>> I have a VM running Oracle Linux version 7 and samba version
4.10.4.
> >>> I want samba to use local Linux users and passwords (/ etc /
passwd
> >>> and /
> >>> etc / shadow).
> >>> As I researched on the internet it would be enough to
configure samba
> >>> to
> >>> not encrypt passwords, through the item:
> >>>
> >>> encrypt passwords = no
> >>
> >> This option very rarely works and requires SMB1 when it does. 
Most
> >> clients refuse to send a plaintext password, and when they do they
> >> refuse the reconnect transperently so the user experience is
horrible.
> >>
> >> Sorry, but you essentially must use encrypted passwords or
Kerberos.
>
>