Home » Questions » Computers [ Ask a new question ]

What does Ubuntu's Samba use for authentication?

What does Ubuntu's Samba use for authentication?

First of all, I'm fairly new to Linux & Samba.

Asked by: Guest | Views: 365
Total answers/comments: 1
Guest [Entry]

"Welcome to the wonderful world of Samba! I've been using it for years, and it's well worth learning about. It's a bit of a learning curve, however. I highly recommend becoming intimately familiar with your /etc/samba/smb.conf and the smb.conf(5) manpage, and keep the Samba How-To Collection link handy. These are your best resources for how your server is configured and what it means.

First off, you need to understand something about how Windows XP connects to servers. In Windows, once you establish a connection to a certain server with one username, you can't establish another connection with the same server with a different username. (At the same time, Windows recognizes these connections by how you address the server, so while \\ServerName and \\X.X.X.X are the same machine, to Windows they're different connections.)

Second, you need to understand something about Samba and guest access. Samba can be configured to allow guest access for any user whose authentication fails. Under this configuration, if you attempt to login from Windows and the login fails for some reason (say, Samba doesn't recognize the username), Samba will establish the connection with guest account privileges.

Since Ubuntu is preconfigured for ease-of-access, it uses the map to guest = bad user directive to automatically allow guest access to unknown users. It also allows guest access to public shares created through the GUI (the usershare allow guests = yes directive). I think Ubuntu uses PAM for user authentication by default -- the default server configuration uses encrypt passwords = no, which means the passdb backend = tdbsam isn't actually used.

So, to answer your questions:

You logged in either because Samba authenticated you to your unix account via PAM, or because it didn't recognize the username at all and mapped you to the guest account. As to why Win Explorer failed, I can only speculate. My best guess is that it thought you were trying to connect as a different user (did you see error 1219?).
No, and yes. Guest access is provided for automatically for users that Samba doesn't recognize; with unencrypted passwords, PAM is used, so I think your Unix accounts are automatically recognized; but if you want encrypted SMB authentication, you'll need to create Samba users and passwords in the tdbsam database."