Join Log in
Score:0
H. Weirauch avatar Server

Authenticate to samba server with host machine (Linux) credentials

cn flag
H. Weirauch

I have a Linux server, on which several users are present (all members of the group users). They already can connect to this server via the standard means of accessing the machine (tty login, SSH etc.).

I want to know if it is possible or not for them to access a SMB share on the same server with the system username/password, without setting up any NIS/LDAP/AD/Winbind detours, and without a separate user/password database for samba.

The only source that I could locate, that went remotely into this direction, is this forum thread (German) (the replying person over there, even points out that this setup is so easy that it's hard to find advice on). I'd love to follow these instructions, but they do not work for me.

For test purposes, I have set up the simplest imaginable server (to explore the situation before moving on to the production server). I am trying to access the local server with a regular Linux user account (member of the group users).

My /etc/samba/smb.conf looks like this:

[global]
   workgroup = WG
   log file = /var/log/samba/log.%m

[tmp]
  path = /tmp
  comment = tmp on localhost
  valid users = +users

and smbclient -N -L localhost replies

smbclient -N -L localhost
Anonymous login successful

    Sharename       Type      Comment
    ---------       ----      -------
    tmp             Disk      tmp on localhost
    IPC$            IPC       IPC Service (Samba 4.15.13-Ubuntu)
SMB1 disabled -- no workgroup available

So the shares are there. But how to access them? Any attempt with smbclient //localhost/tmp replies:

Password for [WG\myusername]:
Anonymous login successful
tree connect failed: NT_STATUS_ACCESS_DENIED

When I add -U <anything> to the command, with <anything> being any existing or non-existing user name, or username@WG, with correct or incorrect password, the Anonymous login successful disappears, but the tree connect failed: NT_STATUS_ACCESS_DENIED stays.

No reaction whatsoever in the server logs.

Access rights on /tmp are 1777/drwxrwxrwt.

(This is a duplicate of Configure samba server for Unix group in case it is proven to be technically impossible for samba to use Unix accounts for authentication.)

44
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.