[Samba] plaintext backend

Discussion:

Karel Kulhavy

2004-08-31 18:16:24 UTC

Hello

I would like to use plaintext backend with a simple Samba 3.0.6
configuration to get rid of the system of double passwords and rely just
on the plain old unix /etc/passwd ones.

However I couldn't find any information about it in
1) man smb.conf
2) online Samba official HOWTO

I tried putting passdb backend = plaintext into a smb.conf file with
security=share and the Samba server doesn't seem to work at all:
***@oberon:~# smbclient -L oberon
protocol negotiation failed

However when the line passdb backend = plaintext is commented out, the
smbclient -L oberon normally runs - prints out the shares.

I have tried to put passdb backend = fuck into the config file and
testparm said the smb.conf if OK (!!!). So the I can't even determine
what should be put into smb.conf to get plaintext passdb backend:
1) the official HOWTO lacks this info
2) manpage lacks this info
3) testparm is broken

Please tell me what should be put into passdb backend to get a
security=share server and plaintext passdb backend.

Thanks,

Cl<

Paul Gienger

2004-08-31 18:27:13 UTC

Permalink

Post by Karel Kulhavy
I would like to use plaintext backend

plaintext is an authentication method, not a backend. The option is
//encrypt passwords/ = no/

Post by Karel Kulhavy
Please tell me what should be put into passdb backend to get a
security=share server and plaintext passdb backend.

You also want
security = share.

--
Paul Gienger Office: 701-281-1884
Applied Engineering Inc.
Information Systems Consultant Fax: 701-281-1322
URL: www.ae-solutions.com mailto: ***@ae-solutions.com

Karel Kulhavy

2004-08-31 18:33:47 UTC

Permalink

Post by Paul Gienger

Post by Karel Kulhavy
I would like to use plaintext backend

plaintext is an authentication method, not a backend. The option is

^^^^^^^^^^^^ ^^^^^^^^^^^^^

Post by Paul Gienger
//encrypt passwords/ = no/

No, according to Samba official HOWTO, plaintext is a password backend:
http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/passdb.html
grep "user information" - you'll see "Plaintext" heading listed under
the heading "Password Backends".

Also the table of contents implies that "Plaintext" is a "Password
Backend" (from the same URL):

Password Backends
Plaintext
smbpasswd Encrypted Password Database
tdbsam
ldapsam
MySQL
XML

Post by Paul Gienger

Post by Karel Kulhavy
Please tell me what should be put into passdb backend to get a
security=share server and plaintext passdb backend.

You also want
security = share.
--
Paul Gienger Office: 701-281-1884
Applied Engineering Inc.
Information Systems Consultant Fax: 701-281-1322

Gerald (Jerry) Carter

2004-08-31 18:41:40 UTC

Permalink

Karel Kulhavy wrote:

| No, according to Samba official HOWTO, plaintext is
| a password backend:

The documentation there is wrong. At misleading at best.
Trust me on this one ok.

cheers, jerry
- ---------------------------------------------------------------------
Alleviating the pain of Windows(tm) ------- http://www.samba.org
GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc
"If we're adding to the noise, turn off this song"--Switchfoot (2003)

Gerald (Jerry) Carter

2004-08-31 18:34:37 UTC

Permalink

Paul Gienger wrote:

| You also want
| security = share.

Paul, Why do people keep recommending 'security = share' ?
Is there somewhere in the documentation that we suggest this ?

cheers, jerry
- ---------------------------------------------------------------------
Alleviating the pain of Windows(tm) ------- http://www.samba.org
GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc
"If we're adding to the noise, turn off this song"--Switchfoot (2003)

Paul Gienger

2004-08-31 18:40:19 UTC

Permalink

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
| You also want
| security = share.
Paul, Why do people keep recommending 'security = share' ?
Is there somewhere in the documentation that we suggest this ?

I was about to go on an issue that it's not desired, but I didn't feel
like getting into a flamewar about it this early in the morning. Karel
seems to be just fine going down the road of strange and frowned upon
options so I wasn't going to get into it.

cheers, jerry
- ---------------------------------------------------------------------
Alleviating the pain of Windows(tm) ------- http://www.samba.org
GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc
"If we're adding to the noise, turn off this song"--Switchfoot (2003)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBNH4+IR7qMdg1EfYRAjqfAKDjsuFyKQSv9qcLLxz2s8dCzTtDnACfePCN
j1Ff9ZE/7NYmq3FMwh6Ob20=
=Q+Xi
-----END PGP SIGNATURE-----

--
Paul Gienger Office: 701-281-1884
Applied Engineering Inc.
Information Systems Consultant Fax: 701-281-1322
URL: www.ae-solutions.com mailto: ***@ae-solutions.com

Paul Gienger

2004-08-31 18:43:32 UTC

Permalink

Post by Paul Gienger
I was about to go on an issue that it's not desired, but I didn't feel
like getting into a flamewar about it this early in the morning.
Karel seems to be just fine going down the road of strange and frowned
upon options so I wasn't going to get into it.

Holy broken english batman...

I was about to go on *a rant* that it's not desired,

Thanks what you get for editing your posts inline

Post by Paul Gienger

Post by Gerald (Jerry) Carter
cheers, jerry
- ---------------------------------------------------------------------
Alleviating the pain of Windows(tm) ------- http://www.samba.org
GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc
"If we're adding to the noise, turn off this song"--Switchfoot (2003)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBNH4+IR7qMdg1EfYRAjqfAKDjsuFyKQSv9qcLLxz2s8dCzTtDnACfePCN
j1Ff9ZE/7NYmq3FMwh6Ob20=
=Q+Xi
-----END PGP SIGNATURE-----

--
Paul Gienger Office: 701-281-1884
Applied Engineering Inc.
Information Systems Consultant Fax: 701-281-1322
URL: www.ae-solutions.com mailto: ***@ae-solutions.com

Gerald (Jerry) Carter

2004-08-31 18:32:20 UTC

Permalink

Karel Kulhavy wrote:
| Hello
|
| I would like to use plaintext backend with a
| simple Samba 3.0.6 configuration to get rid of
| the system of double passwords and rely just
| on the plain old unix /etc/passwd ones.

The just set 'encrypt passwords = no'. It should
be pretty simple really.

|
| However I couldn't find any information about it in
| 1) man smb.conf
| 2) online Samba official HOWTO

There's a reason why you can't find any
information about it. There's no such thing as
a 'plaintext' passdb backend.

$ grep smb_register_passdb *.c | grep -v ^NT
pdb_guest.c: return smb_register_passdb(PASSDB_INTERFACE_VERSION,
"guest", pdb_init_guestsam);
pdb_interface.c:NTSTATUS smb_register_passdb(int version, const char
*name, pdb_init_function init)
pdb_ldap.c: if (!NT_STATUS_IS_OK(nt_status =
smb_register_passdb(PASSDB_INTERFACE_VERSION, "ldapsam", pdb_init_ldapsam)))
pdb_ldap.c: if (!NT_STATUS_IS_OK(nt_status =
smb_register_passdb(PASSDB_INTERFACE_VERSION, "ldapsam_compat",
pdb_init_ldapsam_compat)))
pdb_mysql.c: return smb_register_passdb(PASSDB_INTERFACE_VERSION,
"mysql", mysqlsam_init);
pdb_pgsql.c: return smb_register_passdb( PASSDB_INTERFACE_VERSION,
"pgsql", pgsqlsam_init ) ;
pdb_smbpasswd.c: return
smb_register_passdb(PASSDB_INTERFACE_VERSION, "smbpasswd",
pdb_init_smbpasswd);
pdb_tdb.c: return smb_register_passdb(PASSDB_INTERFACE_VERSION,
"tdbsam", pdb_init_tdbsam);
pdb_xml.c: return smb_register_passdb(PASSDB_INTERFACE_VERSION,
"xml", xmlsam_init);

| I tried putting passdb backend = plaintext into a
| smb.conf file with security=share and the Samba server
| doesn't seem to work at all:

My recommendation is to never use 'security = share'.
99% of the the time, it is better to use 'security = user'
and 'map to guest = bad user'

cheers, jerry
- ---------------------------------------------------------------------
Alleviating the pain of Windows(tm) ------- http://www.samba.org
GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc
"If we're adding to the noise, turn off this song"--Switchfoot (2003)

Karel Kulhavy

2004-08-31 18:40:48 UTC

Permalink

Post by Gerald (Jerry) Carter
|
| However I couldn't find any information about it in
| 1) man smb.conf
| 2) online Samba official HOWTO
There's a reason why you can't find any
information about it. There's no such thing as
a 'plaintext' passdb backend.

According to Samba official HOWTO, plaintext is a password backend:
http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/passdb.html
grep "user information" - you'll see "Plaintext" heading listed under
the heading "Password Backends".

Also the table of contents implies that "Plaintext" is a "Password
Backend" (from the same URL):

Password Backends
Plaintext
smbpasswd Encrypted Password Database
tdbsam
ldapsam
MySQL
XML

Cl<

Karel Kulhavy

2004-08-31 19:23:06 UTC

Permalink

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
| Hello
|
| I would like to use plaintext backend with a
| simple Samba 3.0.6 configuration to get rid of
| the system of double passwords and rely just
| on the plain old unix /etc/passwd ones.
The just set 'encrypt passwords = no'. It should
be pretty simple really.

Thanks, it works now. Even the authentication seems to work
as I expected - it lets me in if I supply a user/password from
/etc/passwd/ - /etc/shadow

Cl<