Old user cannot access samba shares

(Davide Principi) #1

Continuing the discussion from Add webserver "apache" user to other groups

Add webserver "apache" user to other groups
(Rob Bosch) #2

Isn’t this default behaviour? It is the same as having some samba accounts, then enable PAM on a server and create more samba accounts. Only the new accounts will have PAM access (local accounts)

(Stéphane de Labrusse) #3

Hi Robb

Indeed, it is probably an explanation, but with the esmith layer you have the concept of migrate fragment, (script launched to modify the databases) and it should be used for this case. I must admit I have not tried to reproduce what I saw, I need to take a new VM, but with my conception of KISS, the end user must do nothing, the developer is here for this purpose.

(Davide Principi) #4

I think users created before the nethserver-samba installation should be enabled manually to Samba from the Users page.

Moreover, their password must be set again, because Samba has its own password field in LDAP. This applies also to the admin user, and a yellow banner remind us to do it.

I’m reading the manual but cannot find a sentence about this. Where do you think we need to add a note?

(Stéphane de Labrusse) #5

I did it manually, obviously here we cannot have a migrate fragment, the sysadmin must choose which users will use a samba share.

Does it is possible to have an action here…for few users we can imagine it, but for a company it is more difficult. I suppose that the password is crypted somewhere and we cannot retrieve it ?

(Stéphane de Labrusse) #6

I would propose these two chapters, even if I would prefer a patch to solve this issue.

(Davide Principi) #7

Yes, we cannot convert the encrypted Unix password field to NTLM. I see no way other than accepting this limitation :sob:

(Artem Fedai) #8

Hi @davidep , maybe it is better to store all user passwords in ldap from every beggining , almoust all apps have ldap support.

(Davide Principi) #9

All Unix passwords (except for root user) are in LDAP from the beginning. If nethserver-samba is installed from the beginning this limitation does not apply.