43.14. Configuring Authentication

The SMB protocol allows users to change their passwords for a server from a client system. For a Samba server, this causes the encrypted passwords file to be updated, assuming one is in use (as is usually the case). You can also configure the server to change the user's UNIX password as well, which makes sense if they are being kept synchronized.

Another authentication-related feature supported by Webmin is username mapping. This allows you to map fake client login names to real UNIX usernames, and can be useful if users prefer to use their full names to log in (like Jamie Cameron instead of jcameron) or if you have a client that is regularly moved between two different networks, each of which has different SMB accounts.

To set these global authentication options using this module, follow these steps:

1.
On the module's main page, click on the Authentication icon.

2.
As explained in Section 43.3 “Managing Samba Users”, the Use encrypted passwords? field determines if Samba uses its own separate password file or the standard UNIX user database. Because all recent versions of Windows use a password encryption format that is incompatible with the UNIX format, this field should generally be set to Yes.

3.
To allow logins by users who have no password set, select Yes for the Allow null passwords? field.

4.
The Password program field sets the program that Samba will use to change a user's UNIX password if synchronization is enabled. If Default is selected, /bin/passwd will be used, which is correct for most UNIX systems. You can enter a different command by selecting the second radio button and filling in the text box with something like /usr/bin/yppasswd %u. The %u code is replaced with the name of the user whose password is being changed, and is required because the command is run as root.

5.
To have Samba change a user's UNIX password when his SMB password is changed over the network, set the Change UNIX password as well? field to Yes. Synchronization in the other direction is unaffected, though (see Section 43.3 “Managing Samba Users” for more details on how that works).

6.
To define “fake” SMB accounts, select Listed below in the Username mapping field. In the table below it, each row specifies a mapping—the first field must contain a valid UNIX username, and the second an SMB login name of your choice. Clients logging in with one of these made-up account names must of course provide the correct password for the associated UNIX user.

7.
Hit the Save button at the bottom of the page to activate your new authentication settings.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.116.67.177