Samba authentication of Windows users
Rick Oliver wrote in with this
article. Thanks.
Rick writes:
I’ve gotten samba to authenticate a user based on the windows login name. Here
are the steps (you must have su powers to do any of this).
Create the samba users
vi your smbpasswd file in (/usr/local/private/smbpasswd) and make sure that
the accounts you want to use are in there. If not (let’s say you want user
"ironchef" in there and it isn’t), then copy an entire line to a new one, change
the username and UID to the name you wish to set, leave the encryption alone, then save
and exit.
BEWARE: there are two "smbpasswd" files. The one above is
editable, the other (in "/usr/local/bin/smbpasswd") is the binary
executable — do not edit that one.
Make the passwords the same
Change the samba password to match your windows password. Run /usr/local/bin/smbpasswd
with the username as the argument; i.e.
/usr/local/bin/smbpasswd ironchef
It will reset your password to whatever you type in.
The steps
- Edit the Samba configuration file /usr/local/etc/smb.conf in two places: Make
sure that the "security" option is set to "user"; i.e.
security = user
- Set password encryption to "yes"; i.e.
encrypt passwords = yes
- Make extra special sure that your windows UN and PW match the Unix and Samba accounts.
- Restart both your smbd and nmbd daemons to take the new configuration into effect; i.e.
ps -ax | grep smbd kill -1 [pid]
- Log out of Windows and log back in. It should work.
‘smbpasswd -a newuser’ should create a new entry.
may be nicer than editing the smbpasswd file.
I have search the web for help on automatically having the computer trust accounts created when joining the domain and could not find much info for FreeBSD. Here is the script I use in my smb.conf:
add user script =/usr/sbin/pw useradd -d /dev/null -g machines -s /bin/false -n %u
I hope this helps someone.
Adding this line to the [global] section of my smb.conf finally got my samba fileserver to recoginize my windows user account.
Thank you Randy!