3
I have set up a Linux system with its own user account administration. It is not part of any domain (other than DNS). Now I want to allow its users to mount their home directories on a Windows system.
One way of doing this is by keeping two user account administrations: one maintained with passwd
,
the other with smbpasswd
. This seems needlessly complicated. I want to maintain just one.
How can I best arrange this? The system is running Ubuntu 12.04 (Desktop).
To do what? To replace all use of /etc/passwd with the use of the password file managed by smbpasswd? – reinierpost – 2012-10-01T12:47:10.377
@reinerpost, I had in mind the opposite. Tell Samba to use /etc/passwd (via PAM). This seems a simpler proposition to me :-) The link in my answer points to Samba documentation, not to general Linux documentation. – RedGrittyBrick – 2012-10-01T13:35:31.677
I have tried to do that, but it seems to require the Windows client sending the password in cleartext (http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/pam.html#id2667015) or a password synchronization mechanism that appears to work only in one direction (http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/pam.html#id2667199), both rather suboptimal workarounds in my view.
– reinierpost – 2012-10-01T13:41:11.203@reinierpost: So far as I know, the most common solution for that set of requirements (encrypted credentials on wire, single point of user admin) is to authenticate through a Windows Domain Controller (or Samba acting as such). – RedGrittyBrick – 2012-10-01T13:50:46.743
That is also my impression, but it would be helpful to know for sure. Hence my question. – reinierpost – 2012-10-01T13:53:54.063
@reinierpost: There is little reason for sync to work in the other direction, since Windows does not support changing passwords over SMB if you're not in a domain (so a desync is next to impossible). – user1686 – 2012-10-01T15:50:03.970
Hm ... can I set up the box to be its own one-machine Windows domain without interfering with my organizations domain (on which this box, being a Linxu machine, is not allowed)? And to what extent can I get rid of /etc/passwd and /etc/shadow altogether? If I can use Samba passwords for everything (i.e. if all Ubuntu applications I use support PAM), that solution will be fine with me. – reinierpost – 2012-11-09T14:16:57.800
Would Winscp + public-key authentication be acceptable?
– RedGrittyBrick – 2012-11-09T15:10:29.087@RedGrittyBrick; Not really. I'm looking for a way to avoid having to ask my colleagues to use some special software on the Windows side. They know how to do scp, that's not the issue. – reinierpost – 2012-11-18T16:21:42.503