The secrets of OSX Samba password handling
Oct 01, '03 09:53:00AM
Contributed by: Helge33
I have set up a G4 with OS X to serve as a file server in a mixed environment. For PCs with Win98, XP and NT to access the server, I had quite some config work to do with the Samba setup. Everything was smooth, but some PC users could still not authenticate with the OS X Samba server. While investigating the problem, I discovered some discrepancies with the generic Samba docs and the OS X Samba version with respect to password handling. Effectively, I had three options to change passwords for users on the OS X server:
- Directly change the Unix password from a telnet session with asswd
- Using the samba tool smbpasswd
- Using an external Mac(!) with AppleShare and using the "change password" dialog there.
It turns out that the smbpasswd command had no effect at all, even if a /var -> db -> samba -> smbpasswd was there, it was ignored.
The method via AppleShare changed the Unix password and the Samba password stored as a hash code in /var -> db -> samba -> hash -> Username. It is this hash-file (and not the smbpasswd file) which controls the access to the server. The command smbpasswd however, does not change this hash file, only the AppleShare dialog was successful.
[robg adds: I haven't tested Samba connectivity from anything other than Win2K and WindowsXP boxes, so I can't verify these claims, but thought they might be useful to someone.]
Comments (5)
Mac OS X Hints
http://hints.macworld.com/article.php?story=20030930084454653