Using SAMBA with users?

[rfoss]

Hi,

I want to use SAMBA in User rather than Share mode, with shares like:

[vfat] the FAT32 partition on my USB drive
[ext3] the ext3 partition

How do I add users?
I know about the smbpasswd program, but it looks like it requires the same user to be present in /etc/passwd. How do you add users there? (I have no idea how to generate those linux password hash keys)

[rfoss]

Ok, after a bit more research I found out how to do this.
Most of this is obvious to seasoned Linux users and administrators, but I think there are other WL-500g users out there that might benefit from this post.

(Basically what I am trying to achieve here is use the WL-500g as a poor man's multi-user Samba file server. I'd like several users to have each their user account and password, and to be able to access files from Windows using their credentials. Obviously heavy Samba use is out of the question for performance reasons.)


Adding Linux users to your WL-500g
This is really basic. Users and groups are stored in the files /etc/passwd and /etc/group. With the WL-500g small footprint for Linux, there are no useradd or groupadd commands, so you'll need to edit them by hand.

The /etc/passwd file format:
usernameasswordhash:UID:GID:comment:/home/dir:/bin/sh

the hash is usually generated by useradd command. To add a user, use echo or vi to add a line like this:

Code:

tcruise::1000:1000:Tom Cruise::/bin/sh

note the password hash is ommitted - we'll set the password later. The first 1000 refers to the numeric user ID, and the second 1000 refers to the users primary group ID, respectively.

Now add a group where users can belong to.

The /etc/group file format:
groupnameasswordhash:GID:member1,member2,...,member3

Use echo or vi to add a line like this:

Code:

users::1000:tcruise

Setting the user's password
Now that you've added the user and group, you can use the passwd command to set the password of the new user. While logged in as admin, type:

Code:

passwd tcruise
Changing password for tcruise
Enter the new password (minimum of 5, maximum of 8 characters)
Please use a combination of upper and lower case letters and numbers.
Enter new password: ****

Setting the user's Samba password
Now use smbpasswd to set the user's Samba password:

Code:

smbpasswd -a tcruise
New SMB password: ****

the -a option causes the user to be added to the Samba user list.

Now lets SAVE everything
Since we've changed a few files, we need to save and commit the changes as usual. At the prompt, type:

Code:

echo /etc/group >>/usr/local/.files
echo /etc/passwd >>/usr/local/.files
echo /etc/smbpasswd >>/usr/local/.files
flashfs save
flashfs commit
flashfs enable

At this point, we have a new user tcruise, which belongs to a primary group users, and with the same password in Linux and in Samba. You can now use it to authenticate to the WL-500G via ssh, telnet, etc.

Only thing left is to configure Samba for user-mode security
By default, Samba is still configured with share-level security, ie. one password per share.
We need to edit /etc/smb.conf to do this and use the global security = user setting.
However, I'm still experimenting with this, so i'll wait til I know more.

DISCLAIMER ETC
Although I use Linux all the time, I am not an expert. In fact I could be flat out wrong about lots of things. Also, adding users to the WL-500G could be a security issue for all I know. The WL-500G does not shadow passwords.
I am just trying things out and documenting here as I go along...

[strike-2]

Thank you for your concise, yet complete post.
I am now a proud WL500g Samba user that can browse SMB using his own account!

Regular Samba -can- use a different name from your Unix username, by using mapping tables.
http://www.oreilly.com/catalog/samba...k/ch06_02.html

I have to admit that I haven't tried this in wl500g Samba

[ant9]

Hi!
I've added a user like described, logon via ssh is possible.

But when I switch the share to "USER or SHARE" security, Vista (an probably also XP) prompts for a user and password.



I've tried several cominations (in form: router\username, username, FriendlyName, etc)

Perhaps somebody can help me ...

Thanks in advance!
Anton

[jvdp]

The problem may be in the protocol that Vista wishes to use. The default protocol is not supported by Samba. 2 Options to change the protocol (both copied from http://forums.2cpu.com/showthread.php?t=78202):

1) If any of you are having problems with Vista logon to NAS devices running Samba, try:
Run secpol.msc
Go to: Local Policies > Security Options

Find "Network Security: LAN Manager authentication level"
Change Setting from "Send NTLMv2 response only"
to
"Send LM & NTLM - use NTLMv2 session security if negotiated"
Vista defaults to only send the more secure NTLMv2 protocol, which these NAS devices / Samba do not support.

2) If you're running a version of Vista that cannot use secpol.msc, you can edit the registry instead. Just change the value of HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa\LMCompatibilityLevel from a 3 to a 1.

I have used option 1 and can now succesfully use my Samba shares on my router from Windows Vista with user access.