samba users and passwords. Where are they? how authentication works?

After an upgrade to 42.3 I’m having some issues with samba users
I have an user named “fernando” that is not listed in samba users list but who can access through samba from a Win10 machine
I have other user “maria” listed in the samba database but who can’t … but I can access with user maria from another Opensuse 42.3 machine using smb://aldebaran from dolphin


aldebaran:/home/fernando # pdbedit -L
Unknown parameter encountered: "printer admin"
Ignoring unknown parameter "printer admin"
root:0:root
nobody:65534:nobody
maria:1008:maria
aldebaran:/home/fernando # 


I thought maybe samba was using the linux database instead of the samba database, so I have created a linux user test (useradd -m test) and I tried to access his home directory from the W10 machine… no luck.
The I added him with pdbedit -a test … still no luck.
I deleted him with pdbedit -x test and added again with smbpasswd -a test … now I can access from the W10 machine to \aldebaran est
Then I deleted user maria from the database (pdbedit -x maria) and added again with smbpasswd -a maria … now I can access from the W10 machine to \aldebaran\maria

But what I can’t understand is

  1. Why had I to delete maria and insert her in the database again?
  2. Why I can acess to \aldebaran\fernando with user fernando if he is not in the samba database?

regards

I think the information is in “/var/lib/samba/private”, and probably in some binary encoded format.

For clarity, here are some of the rules.
Only valid Linux users can have samba passwords.
Samba passwords do not have to be the same as the user’s login password.
Users do not get samba passwords by default, you have to actively attach a password to a user.
You can access samba shares without being a member of the samba database if the share is configured to allow “guests”.

To find out the existing samba users, run this command:

sudo pdbedit -L

If you find a samba user ethel and you forgot her samba password, or you do know ethel’s samba password but want to change it, or you find that ethel is not a Samba user at all, then do this command:

sudo smbpasswd -a ethel

[footnote: I put this here for passing people who might find it all a bit confusing]

That’s what I thought, but one of my users wasn’t show running pdbedit -L but I can access his home (and I have disabled guest access)
I have discover taht this was because some problems with smb.conf file. I was using a very old one (it was generated with swat :\ ). So I recover the smb.conf.rpmnew and reset configuration and now all my samba users appears with pdbedit -L.

And I can access their homes from a windows10 machine but not from a XP machine … I will continue researching

regards

The Windows XP access problem is because XP uses NTLMv1, and last samba version has NTLMv1 disabled by default, as described hereand here.
The solution is enable ntlm auth (can be done in yast), as it is reported to be a security breach.
Maybe is possible to make the windows XP machine use NTLMv2.

For the moment I have enabled ntlm auth and it works … **almost… **all the users can access their homes from the XP except one. This user (maria) can access other shares in the samba server (aldebaran) but when she tries to access his home dir \aldebaran\maria she receives an error “access denied, maybe you don’t have the correct permisions…”. But when maria access \aldebaran\maria from the W10 machine she access without problem… I’m puzzled!

Edited: I found the problem.
I had a share docsmaria pointing to \aldebaran\maria\docs
In previous versions of samba both shares \aldebaran\maria and \aldebaran\maria\docs may be actives, but it seems that in this new version of samba they can’t, so enabling the last one disable the former.

What a journey. Congrats that you found those issues and fixed most of them :slight_smile: