The secrets of OSX Samba password handling

Oct 01, '03 09:53:00AM

Contributed by: Helge33

I have set up a G4 with OS X to serve as a file server in a mixed environment. For PCs with Win98, XP and NT to access the server, I had quite some config work to do with the Samba setup. Everything was smooth, but some PC users could still not authenticate with the OS X Samba server. While investigating the problem, I discovered some discrepancies with the generic Samba docs and the OS X Samba version with respect to password handling. Effectively, I had three options to change passwords for users on the OS X server:

  1. Directly change the Unix password from a telnet session with asswd
  2. Using the samba tool smbpasswd
  3. Using an external Mac(!) with AppleShare and using the "change password" dialog there.
It turns out that the smbpasswd command had no effect at all, even if a /var -> db -> samba -> smbpasswd was there, it was ignored.

The method via AppleShare changed the Unix password and the Samba password stored as a hash code in /var -> db -> samba -> hash -> Username. It is this hash-file (and not the smbpasswd file) which controls the access to the server. The command smbpasswd however, does not change this hash file, only the AppleShare dialog was successful.

[robg adds: I haven't tested Samba connectivity from anything other than Win2K and WindowsXP boxes, so I can't verify these claims, but thought they might be useful to someone.]

Comments (5)


Mac OS X Hints
http://hints.macworld.com/article.php?story=20030930084454653