Aug 062000

Samba authentication of Windows users

Rick Oliver wrote in with this article.  Thanks.

Rick writes:

I’ve gotten samba to authenticate a user based on the windows login name.  Here are the steps (you must have su powers to do any of this).

Create the samba users

vi your smbpasswd file in (/usr/local/private/smbpasswd) and make sure that the accounts you want to use are in there. If not (let’s say you want user "ironchef" in there and it isn’t), then copy an entire line to a new one, change the username and UID to the name you wish to set, leave the encryption alone, then save and exit.

BEWARE: there are two "smbpasswd" files. The one above is editable, the other (in "/usr/local/bin/smbpasswd") is the binary executable — do not edit that one.

Make the passwords the same

Change the samba password to match your windows password. Run /usr/local/bin/smbpasswd with the username as the argument; i.e.

/usr/local/bin/smbpasswd ironchef

It will reset your password to whatever you type in.

The steps

  • Edit the Samba configuration file /usr/local/etc/smb.conf in two places: Make sure that the "security" option is set to "user"; i.e.

security = user

  • Set password encryption to "yes"; i.e.

encrypt passwords = yes

  • Make extra special sure that your windows UN and PW match the Unix and Samba accounts.
  • Restart both your smbd and nmbd daemons to take the new configuration into effect; i.e.

ps -ax | grep smbd kill -1 [pid]

  • Log out of Windows and log back in.  It should work.

  3 Responses to “Samba authentication of Windows users”

  1. ‘smbpasswd -a newuser’ should create a new entry.
    may be nicer than editing the smbpasswd file.

  2. I have search the web for help on automatically having the computer trust accounts created when joining the domain and could not find much info for FreeBSD. Here is the script I use in my smb.conf:

    add user script =/usr/sbin/pw useradd -d /dev/null -g machines -s /bin/false -n %u

    I hope this helps someone.