Linux--Samba user authentication

User authentication

As a powerful file server software, Samba provides a rich user authentication method for managing users who access their shared resources.

When the client accesses, the Samba server chooses the appropriate authentication method and the authentication user source for authentication according to the parameters in the global configuration. The Samba server authentication user source can be based on the user information of the Samba server itself, or based on the user information in the Windows Active Directory.

Although the Samba server is running on the Linux platform, the Samba server authentication user source does not directly read the user and password information in the/etc/passwd. Users who want the Samba server to authenticate user information from their system need to add the system user to the Samba service through the SMBPASSWD (see 6.8) command. Figure 6-23 shows that the existing user Tonyzhang in the system is added to the Samba authenticated user through the SMBPASSWD command, and the user added here must be present in the system, that is, the user already in the/etc/passwd. If a user does not exist on a system, the error shown in 6-24 appears. When using SMBPASSWD, you need to set a password for the user, which is only valid when the client accesses the Samba server, regardless of the user's login system password.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/49/99/wKiom1QWYwqhpaMAAAJ0VCN8KN0283.png "title=" Sam23-24. PNG "alt=" Wkiom1qwywqhpamaaaj0vcn8kn0283.png "/>

If you want someone to have access to the Samba server's shared resources, you must let him know the user and password to access Samba, which is a security risk from a system security standpoint. Because he knows at least one user name in a Linux system (the password to access Samba is set using SMBPASSWD, not the user's password to log on to the system). Samba servers also take this into account, and the user mapping functionality provided by the Samba server can be a good solution to this problem.

The user mapping function is actually to give the system user an alias in the Samba server, and when accessing the Samba server, the user enters an actual alias so that the user name in the Linux system is not known. The following two steps are required to configure a user mapping feature.

(1) Set the user mapping relationship through the/etc/samba/smbusers file. The Smbusers file has been configured with root, nobody user mappings by default when installing the Samba server side, as shown in 6-25. The syntax for the file is indicated in the comments in the first line of the file. Suppose you already have two system users Tonyzhang and Tomyang added to the Samba server through SMBPASSWD, want to map Tonyzhang to Tony or Zhangqin, map Tomyang to Tom, Add the following two lines to the Smbusers file.

Tonytonyzhang = tony Zhangqin Tomtomyang = Tom

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/49/9B/wKioL1QWYzrjrqiFAAWyd_3x25Y375.png "title=" Sam25-26. PNG "alt=" Wkiol1qwyzrjrqifaawyd_3x25y375.png "/>

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/49/9B/wKioL1QWY0uxb7WQAAI_NgVal2o219.png "title=" Sam27. PNG "alt=" Wkiol1qwy0uxb7wqaai_ngval2o219.png "/>

Reference: http://book.51cto.com/art/201108/282441.htm

This article is from the "--" blog, please be sure to keep this source http://57388.blog.51cto.com/47388/1552799

Linux--Samba user authentication