Table of Contents
Advertisement
Note
It is highly recommended to not use this mode since there are numerous security
drawbacks.
In
, the following directives enable Samba to operate in server security mode:
smb.conf
[GLOBAL]
...
encrypt passwords = Yes
security = server
password server = "NetBIOS_of_Domain_Controller"
...
5. Samba Account Information Databases
The latest release of Samba offers many new features including new password database
backends not previously available. Samba version 3.0.0 fully supports all databases used in
previous versions of Samba. However, although supported, many backends may not be suitable
for production use.
5.1. Backward Compatible Backends
Plain Text
Plain text backends are nothing more than the
text backend, all usernames and passwords are sent unencrypted between the client and
the Samba server. This method is very insecure and is not recommended for use by any
means. It is possible that different Windows clients connecting to the Samba server with
plain text passwords cannot support such an authentication method.
smbpasswd
A popular backend used in previous Samba packages, the
plain ASCII text layout that includes the MS Windows LanMan and NT account, and
encrypted password information. The
NT/2000/2003 SAM extended controls. The
because it does not scale well or hold any Windows information, such as RIDs for NT-based
groups. The
tdbsam
but is still not an enterprise-class solution.
smbpasswd
backend solves these issues for use in a smaller database (250 users),
Samba Account Information Databases
type backends. With a plain
/etc/passwd
smbpasswd
backend lacks the storage of the Windows
backend is not recommended
smbpasswd
backend utilizes a
263
Advertisement
Table of Contents
