Samba accounts

sh at linux2go.dk wrote:
> Hi!
> 
> A few days ago, I had a chat with someone on #ubuntu about Samba.
> He was wondering how to connect to samba on his Ubuntu box. He was used
> to running Gentoo, where he could just use his regular username and
> password. AFAICS that can be achieved in two ways: 
>  * Using unencrypted passwords 
>  * by integrating something like smbpasswd -L -a to adduser and the
>    smbpasswd PAM module to the passwd PAM stack, we can automagically
>    keep the samba user database in sync with the system one.  
> 
> 
> Using unencrypted passwords is a really bad idea.
> If we want adduser to add a samba account we either need to rewrite
> adduser to call smbpasswd directly or add some sort of mechanism for
> calling hook scripts from adduser. The former would add a hard 
> dependency on Samba which is less than elegant, while the latter 
> method also would allow for other system specific stuff to happen
> upon account creation, like sending a welcome mail to the user or what-
> ever you want. Obviously the security implications need to be carefully
> reviewed as the hook scripts will be passed the password of the newly
> created user.
> 
> Thoughts?

The most elegant way to do this always seemed to be libpam-smbpass. It 
is a PAM password module that stores the user's password in the 
smbpasswd file. So after installing it, the user changes his password 
and can then log in via Samba.

See 
<http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/pam.html#id2647348> 
for more information.

-- 
Sam Morris
http://robots.org.uk/

PGP key id 5EA01078
3412 EA18 1277 354B 991B  C869 B219 7FDB 5EA0 1078