Samba authentication of Windows users

Samba authentication of Windows users

Rick Oliver wrote in with this
article.  Thanks.

Rick writes:

I’ve gotten samba to authenticate a user based on the windows login name.  Here
are the steps (you must have su powers to do any of this).

Create the samba users

vi your smbpasswd file in (/usr/local/private/smbpasswd) and make sure that
the accounts you want to use are in there. If not (let’s say you want user
"ironchef" in there and it isn’t), then copy an entire line to a new one, change
the username and UID to the name you wish to set, leave the encryption alone, then save
and exit.

BEWARE: there are two "smbpasswd" files. The one above is
editable, the other (in "/usr/local/bin/smbpasswd") is the binary
executable — do not edit that one.

Make the passwords the same

Change the samba password to match your windows password. Run /usr/local/bin/smbpasswd
with the username as the argument; i.e.

/usr/local/bin/smbpasswd ironchef

It will reset your password to whatever you type in.

The steps

  • Edit the Samba configuration file /usr/local/etc/smb.conf in two places: Make
    sure that the "security" option is set to "user"; i.e.

security = user

  • Set password encryption to "yes"; i.e.

encrypt passwords = yes

  • Make extra special sure that your windows UN and PW match the Unix and Samba accounts.
  • Restart both your smbd and nmbd daemons to take the new configuration into effect; i.e.

ps -ax | grep smbd kill -1 [pid]

  • Log out of Windows and log back in.  It should work.

3 thoughts on “Samba authentication of Windows users”

  1. I have search the web for help on automatically having the computer trust accounts created when joining the domain and could not find much info for FreeBSD. Here is the script I use in my smb.conf:

    add user script =/usr/sbin/pw useradd -d /dev/null -g machines -s /bin/false -n %u

    I hope this helps someone.

Leave a Comment

Scroll to Top