Installation guide

ManualsBrandsRed Hat ManualsSoftwareNETSCAPE MANAGEMENT SYSTEM 4.5 - CUSTOMIZATION GUIDE

101

102

103

104

105

106

107

108

109

110

108 Chapter 11. Samba

11.2.1. Samba Passwords

In Red Hat Linux 7.3 encrypted passwords are enabled by default because it is more secure. If

encrypted passwords are not used, plain text passwords are used, which can be intercepted

by someone using a network packet sniffer. It is recommended that encrypted passwords be

used.

The Microsoft SMB Protocol originally used plaintext passwords. However, Windows 2000

and Windows NT 4.0 with Service Pack 3 or higher require encrypted Samba passwords. To

use Samba between a Red Hat Linux system and a system with Windows 2000 or Windows

NT 4.0 Service Pack 3 or higher, you can either edit your Windows registry to use plaintext

passwords or conﬁgure Samba on your Linux system to use encrypted passwords. If you

choose to modify your registry, you must do so for all your Windows NT or 2000 machines

— this is risky and may cause further conﬂicts.

To conﬁgure Samba on your Red Hat Linux system to use encrypted passwords, follow these

steps:

1. Create a separate password ﬁle for Samba. To create one based on your existing

/etc/passwd ﬁle, at a shell prompt, type the following command:

cat /etc/passwd | mksmbpasswd.sh > /etc/samba/smbpasswd

If the system uses NIS, type the following command:

ypcat passwd | mksmbpasswd.sh > /etc/samba/smbpasswd

The mksmbpasswd.sh script is installed in your /usr/bin directory with the samba

package.

2. Use the command chmod 600 /etc/samba/smbpasswd to change permissions on the

Samba password ﬁle so that only root has read and write permissions.

3. The script does not copy user passwords to the new ﬁle. To set each Samba user’s pass-

word, use the command smbpasswd username (replace username with each user’s

username). A Samba user account will not be active until a Samba password is set for

it.

4. Encrypted passwords must be enabled in the Samba conﬁguration ﬁle. In the ﬁle

smb.conf, verify that the following lines are not commented out:

encrypt password = yes

smb passwd file = /etc/samba/smbpasswd

5. Make sure the smb service is started by typing the command service smb restart at

a shell prompt.

6. If you want the smb service to start automatically, use ntsysv, chkconfig, or service-

conf to enable it at runtime. Refer to Chapter 8 for details.

Tip

To learn more about encrypted passwords read /usr/share/doc/samba-

version /docs/htmldocs/ENCRYPTION.html (replace version with the version number of

Samba that you have installed).

The pam_smbpass PAM module can be used to sync users’ Samba passwords with their sys-

tem passwords when the passwd command is used. If a user invokes the passwd command,