Second, the SAMBA password file action and maintenance.
When talking about Server security level, I talked to use ban enabled SAMBA password file to limit the system security level from the Server down to User level. Why can this treatment? This is mainly because the SAMBA server's account number and password and the Linux operating system account number and password files are not common. In other words, the client time with a Linux operating system user name and password, without SAMBA Server user name and password, the client still does not connect to the Linux operating system. For this reason some system administrators often have similar questions, in the authentication window to enter the correct account number and password Linux, but the system still prompts password error and refuse to sign in. Why enter the correct username password still unable to log on to the SAMBA server? this is mainly because the SAMBA server password file and the password file for the Linux operating system is not universal. To this end the client uses the Linux operating system of the account password data are not able to log on to the SAMBA server. But if the system administrator needs to maintain two sets of passwords (SAMBA server password and the Linux operating system password), you will be in trouble. So if you could change their passwords? the answer is Yes. Otherwise, the Samba server availability will greatly decrease. In fact, the principle is very simple, only need to put a Linux operating system accounts and then reestablish the SAMBA server. So, take advantage of Linux system account and the password you can log on to the SAMBA server (in fact they are still using password file is different, just two servers in the same username and password). However the manual creation of the user name and password information, clearly more time and effort. In fact, the designer of the SAMBA server has been taken into account. In establishing the SAMBA password file does not need to manually enter the account information. Here I'll give you a small tool, this tool's name is called "mksmbpasswd.sh". This is a script, the main purpose is to read the password file for the Linux operating system, and then put the password file in the user name, password, information according to certain rules to SAMBA password file. In using this script, you need to consider that a permission problem. As a result of work habits in the deployment of the Samba server, we tend to be habitual specialized sets a user name and the group, such as SAMBA. Then use the username and group to deploy SAMBA server. This key is used to differentiate from other applications, independent of management. But at this point to use this script, because you need to access the Linux operating system password file. To do this you will need to root privileges to the user's identity to perform the command. Without the ability to run of SAMBA. Some of the first deployment of the SAMBA server's system administrator might often make this mistake. For this reason I remind you, be sure to take root privileged user to execute the command, otherwise the system will prompt an error message, you cannot establish a SAMBA password file. Also note that the password file, do not have to restart the Samba server, the password file is effective immediately. But for clients, is different. If the test, the system administrator find cannot take advantage of Linux system account name and password to log on to the SAMBA server. Subsequent examination found the password file mentality. So he'll be on this password file is maintained, has joined the Linux operating system of the account and password information. But at this point, the client still cannot log on to the SAMBA server. While the need to restart the client is able to log in. The specific reasons why I am not very clear, we have time to research exchanges. Finally it should be pointed out that the Samba server password file and the Linux operating system password files are not the same file, but they will not be synchronized with each other. To do this if in Linux operating system to a new home for a staff account, you still need to use the above script in the SAMBA password file for a manual synchronization. Or manual creation of a same account number. However according to my understanding, in a subsequent version of SAMBA server, its designers might direct uses Linux system user name password file as a SAMBA server password files. This let us wait and see!
No comments:
Post a Comment