understanding samba

[Garrett85]

I'M reading "Linux + Guide to Linux Certification" and I've come to samba and I'M having trouble understanding a few things. The book says I need to add a username and password on the Linux system that corresponds to the username and password on the Windows clients? And then another samba password that's the same as the Windows password. This raises a few questions with me. If a lot of the servers out there are Linux servers I doubt they all have a username and password for the millions of clients they get per day/month. I'M setting all this up in part just to learn Linux, networking, and servers and I may use it as a local media server for my house. So how would a devices like my D-Link media streamer or my WD TV Live Plus take advantage of such a server being that they don't have usernames or passwords? Also, Linux wants usernames to start with a lowercase letter and all my Windows usernames start with a capital, how's all this to work out? Thanks.

[arespi]

Hi

I am not an expert on SAMBA , but i have played with it some times. Remember SAMBA is basically about shared folders and their access permissions. Authentication can be setup in many different ways with different behaviors each one of them. You can set it to depend on a DOMAIN, in this case, you need a Wndows domain controller (which also can be a samba server). In this case you create an user in linux the same as in windows and the password is matched against the data in the windows domain controller.

If you set it up as SERVER or USER, you set up the shared folders access permissions over the linux usernames, each one of them it their own password, if a Windows user need to access those shared folder , it will need to supply a valid username and password , and to make the things easier is best to use the same user names and passwords for linux and windows or the user will have to type the linux username and password each time he access the shared folders.

About what you say about the linux servers and the millions of users, well, yes, but I doubt most of them use SAMBA, and if they do, there are tools to replicate the data from the windows active directory users to the linux servers.

Also you can have shared folders open for all, not very secure at all , but useful for the kind of devices you mention. About the linux user names rules I think they can be customized , look for PAM rules.

what I just posted may be somewhat outdated and I hope not too inaccurate.

Good luck

[jawbrkr]

This is a very loaded question, because they're many ways to skin a cat.

So Samba has five major authentication methods;

user = local database, using smbpasswd
ads = windows domain
domain = legacy windows domain
kerberos = windows or ldap or kerberos (windows active directory uses kerberos by default)
ldap = ldap directory

So first thing, all of these methods is a user repository, you can create users in it and have samba 'authenticate' and use these databases to validate users. User is by far the easiest method if you are new, I can certainly write a book but many people before me have written howtos and docs so I will stop here. I hope this will give you a better understanding on what needs to be done.

So in short.

1. Match workgroup to windows domain or workgroup
2. Based upon which user directory you use, match windows to users in samba (security = users is the easiest)

I hope this helps.

[rcgreen]

If you have the statement security = share in your configuration,
anonymous Windows clients can access the shares. This is what I do,
but would not be secure in a business environment.