"Go" Samba configuration file detailed

First, the customer order:

1. smbclient
The smbclient command is used to access resources on a remote samba server, and its interface is still text-like, in command form and FTP.
The syntax of the smbclient command is:
Smbclient <servicename> [Password] [options]
Where servicename is the name of the resource to connect to, the name of the resource is as follows://server/service
Where server is the NetBIOS name of the remote server, which is the name they appear in the Network Neighborhood for Windows servers.
The service is the name of the resource provided by each server, and is also the name that appears in the Network Neighborhood.
Password is the password required to access the resource.
If neither the password parameter is given nor the-n option is used. Smbclient prompts the user to enter a password, and if the target resource does not require a password, the user can skip directly to the carriage.
The-n option prevents Smbclient from prompting the user for a password, which can be used when connecting to a resource that does not require a password.
Use the-l option to list all resources provided by the remote server. If you do not know the NetBIOS name of the server, you can use the-I option to specify its IP address, such as:
Smbclient//unknown/service-i 192.168.1.2
After using the-I option, the NetBIOS name portion of ServiceName is ignored.
After the Smbclient command is run, the following prompt appears (similar to the DOS prompt):
Smb:\>
The user enters various commands at this prompt. Its commands are similar to FTP, such as CD, LCD, GET, mget, put, mput, etc., and other commonly used commands are as follows:
1.? [Comand]
Displays help information about the command, and lists all possible commands without a command parameter.
2.! [Shell command]
Executes the shell command locally and, if no shell command is given, runs a shell locally. The user can execute various commands in the shell and return to smbclient with exit.
3. Lowercase
Close or open the file name lowercase conversion. If turned on, Smbclient automatically names the files retrieved by the GET and Mget commands in the appropriate lowercase file name.
4. Print <filename>
Prints the file filename on the remote server.
5. Queue
Displays the print queue.
6. Quit or exit
Exit Smbclient.
Smbclient's mget and Mput commands can use wildcard characters "*" and "?", and they can also work in recursive mode. When working in recursive mode, they will process the current directory and all subdirectories specified by the Mask command.
Use the recurse command to turn recursive mode on or off.
The Mask command specifies a pattern with wildcard characters that, when Mget and mput work in recursive mode, will only handle directories that match that pattern, or ignore the pattern if it is not working in recursive mode.
The Mask command is used in the following ways:
Mask <expr>
Expr is a pattern with a wildcard character. Smbclient can also send a WinPopup message by:
Smbclient-m NetBIOS_name
NetBIOS_name is the NetBIOS name of the target computer. After the connection is established, type the message that you want to send, ending with the ctrl-d key combination.
Smbclient's working mode and FTP have a little resemblance: when we are dealing with the vast majority of files (such as executing a file at the far end), you must first download to the local system before you can perform the appropriate operation.
This method of operation has its own advantages, such as the comparison of network resources, but also cause file re-access.
The smbclient command can take advantage of remote file resources without first downloading.

Available Smbclient switches:

ShareName: The full share name path. such as \\server\share.
-u username: The user name of the login.
Password: Login with password.
-L: Lists all known servers and shared resources.

Connect to the NT Server comet to access the shared directory Dir1, and the login username and password are separated by%:
Smbclient \\\\comet\\dir1-u Gugong%password

Smbclient-l Comet
Switch-L queries the available shared resources in Server Comet.
It also queries the system (Comet) browser to discover other shared resources that the server (comet) has discovered on the web.

2. Smbmount
To install the Samba file system using Smbclient, the Linux kernel must contain SMBFS support modules. In Turbolinux, the default kernel contains the module. You need to be aware of it unless you recompile the new kernel yourself. The syntax for the Smbmount command is:
Smbmunt <servicename> <mount-point>
where servicename is the resource name and Mount-point is the mount point.
Smbmount Common options are:
1)-C Smbmount the password is converted to uppercase by default, and the-C option is used to prohibit the conversion.
2)-n This option should be used when connecting to a resource that does not require a password.
3)-p password specifies the password. If the-N or-p option is not specified, Smbmount prompts the user for a password.
4)-S server-name
Smbmount behaves differently from Smbclient by using the server's Internet host name (the host name given by the hostname command) to obtain its IP address instead of using the server's NetBIOS Name. If the server uses different NetBIOS and Internet names, the-s option should be used to specify its NetBIOS name and the Internet host name in ServiceName.
5)-C command-string executes the specified relatively independent command.
6)-I hostname/ip
This option is the opposite of the-s option, which allows the server's NetBIOS name to be used in servicename, and the Internet host name or IP address of the server is specified after-I. The effect of
-I and-S is the same, and Smbmount always looks for hosts using the Internet host name. , and then log on with the NetBIOS name of the server (some servers require the client to give their NetBIOS name).
7)-u username
If the user's account number on the server differs from the local computer, you should use this option to specify the account number on the server.

If you are loading an SMB file system, it is recommended to use the "-C" option to make the Smbmount
Executes the mount command. For example:
Smbmount "\\\\server\\tmp"-C ' mount/mnt-u 123-g 456 '

This allows you to load the contents of the shared resource "TMP" of the computer named "Server" into the local/mnt directory and assign a local UID (UserID) 123 and GID (Group ID) 456 to the directory and all the files under it. After this is done correctly (that is, the user entered the correct path and password), the reader can see the contents of the remote computer in the/MNT directory, and can do the same as the local files to do a variety of allowed operations, which saves local system resources.
Uninstall an already mounted SMB file system with the Smbumount command. The format of the Smbumount command is simple, as long as you specify the mount point to unload.

Available Smbmount switches:

ShareName: The share name entered in//server/share format.
Mount point: The directory where you want to attach the shared file.
-I server: A server that contains shared resources.
-u username: The user name to use when logging in. (Similar to-N, but more effective than-n!)
-p Password: password used when logging in.
-N: A login without a password, without prompting for a password.
-H: Lists simple help information for the available switches.

You want to install the shared file "\\comet\dir1" to the Directory "/mnt/comet" using the Login "Gugong" and the password "123"
Smbmount \\\\comet\\dir1/mnt/comet-i comet-u gugong-p 123

3. Smbumount

To remove the shared installation created in the previous example, you can enter:
Smbumount/mnt/comet

Second, the service

In addition to the customer service feature, SAMBA allows UNIX systems to publish file and print shares.
There are three files that provide this connectivity:
NMBD (/USR/SBIN/NMBD)
SMBD (/USR/SBIN/SMBD)
Smb.conf (/etc/smb.conf)

1. NMBD
The NMBD utility controls the NetBIOS communication of the system.
It runs as a daemon and is responsible for listening for NetBIOS ports that are used for name service requests.
When a name service request is received, NMBD responds with the system's IP address.
Responsible for keeping the browser able to communicate in a known workgroup which member is writing the NetBIOS name directory.
Available NMBD switches:
-D tells NMBD to run as a background process.
The path name of the-H lmhost_file path and NetBIOS host name file.
-D number tells NMBD to run at the debug level specified by number. 0~5 effective.
-L log_file_base Specifies the library name of the log file.
-N netbios_name Specifies the NetBIOS name of the system under the condition that the hostname is not suitable.
-P port_number Change the default listening port number.
-S Config_file if the smb.conf is not in the/etc directory, specify its location.

2. SMBD
The SMBD utility is a background process that is responsible for all file and print sharing services.
Once a customer is addressed to a SAMBA server via NMBD, SMBD is responsible for the client's file and print requests.
Available SMBD switches:
-D tells SMBD to run as a background process.
-O socket_option Adjust the communication parameters.
-a rewrite the log file, which is added by default.
-D number tells SMBD to run at the debug level specified by number. 0~5 effective.
-L log_file_base Specifies the library name of the log file.
-P port_number Change the default listening port number.
-S Config_file if the smb.conf is not in the/etc directory, specify its location.

3. smb.conf
The smb.conf is used to configure NMBD and SMBD during initialization.
/ETC/RC.D/INIT.D/SMB stop
/ETC/RC.D/INIT.D/SMB start

The

[Global]
Global Setting is used to configure the overall SAMBA environment relative to the configuration-specific share. The global settings are listed under section heading [Global].
The parameters in this section apply to the entire Samba server, or to the default values for other sections.
Guest Account=username allows you to specify a valid customer account that is available when browsing shared resources. The account must be a valid account name and can have minimal system rights. Typically, this setting for FTP will allow access to shared resources.
Workgroup=workgroup allows you to specify the workgroup name that the system should join. Workgroup are similar to domains because they all represent a suite of NetBIOS systems. The Workgroup differs from the domain in that there is no account management in the suite-all logins and passwords are managed by each individual system.
Home Directories
After the user has been certified to samba, there is an option to allow users to access the Samba home directory as a share. The location of the directory can be queried only from the/etc/smbpasswd file, which is used to define the login name and password on a system-wide scale. The home directory settings are listed together with smb.conf under the segment heading [homes]. （？
Other Shares You can set any part of the file system to be shared. When you create a share, you enclose the shared name of the square brackets as the beginning of the shared section, for example [public]. After the share name, each line with one of the commands listed, you specify any parameters that you want to apply to the shared part.
Share Setting The following is a short list of some commands that you can use to work with shared resources:
Browseable=yes/no It indicates whether the share is visible to the customer that is browsing, or that the share is accessible by using a UNC (Universal naming convention). For example, to access the share name public and its browsing capability has been closed (no), you must access it by entering Unc\\server\pubic. It does not appear in the browse list (that is, it is not visible in the browser).
creat mode=number When creating files under Samba sharing conditions, allow the values assigned to these files to default permissions to use the same number format as the chmod command. The opposite of Create mask.

Only guest=yes specifies that the user's access to the shared resource is client-level only. If the file permission is set correctly, the user can only see the files in the directory, but not read and write operations. Path=share directory path defines a directory that can be accessed when a user accesses a shared name that has already been published. For example, if you create a shared resource named public and specify path equals/usr/expense/template, access to the shared public will go directly to the template directory, and the system will not allow access to the directory structure at the top level. And can only go to the next level.

Public= Yes/no defines whether a share is open to public access. When set to Yes, users who do not have an account on the system receive access based on the properties of the customer account that is defined.
Valid users=username specifies that only users with a specific login name can access the share. You can specify multiple logins separated by a space. (all means all)

Writable=yes/no defines whether a share can be accessed using a read/write license, or whether a file system can be considered to be read-only instead. Define what the user receives to the access level is this setting and the combination of some licenses assigned to the user's UNIX account, regardless of which one is lower. For example, if a user accesses a share marked as writable, but his UNIX account has a read-only permission, the user can only get read-only access to the share.

[Home]
If the section is included in the configuration file, the server can dynamically provide the user with a share that is connected to its private directory.
If a user asks to connect to a share that does not exist in a profile, the server assumes that the user provides the share name as an account, and then finds the account in the local password file. If the account exists and the user provides the correct password, the server copies the [at home] section to create a new share. Also make the following changes:
1> change the share name to the account name.
2> If you do not specify a directory to share in the [Home] section, use that account's private directory.
3> If you want to specify the path parameter in the [Home] section, then the macro%s is useful, which represents the name of the current share. For example: path=/data/%s
This approach allows for a different private directory for PC users and Linux users.
This shows that using the [Home] section allows a large number of users to access their private directories simply and quickly. If the share name requested by the user is homes, the server will also create a share for it dynamically, except that the name of the new share is still homes.

[Printers]
This section is somewhat similar to the [Homes] section, except for printers. If the configuration file contains [homes],
Users can connect to any printer defined in the local printcap file. If a user requests to connect to a share that does not exist in a profile, if the [Homes] section exists, the server processes the request as described in the previous section, or the server treats the shared name of the request connection as a printer name. And in the Printcap file, find out if there are printers that can match, and if they do, copy the [Printers] section to create a new share.
Note: The [Printers] section must be printable, or the server will refuse to mount the configuration file, for example:
[Printers]
Path =/home/samba/print/public
writeable = no
Guest OK = yes
printable = yes

Macro substitution:
Macro substitution is allowed in the configuration file, "Note case".

-----------------------------------------------------------------------
Macro Description
-----------------------------------------------------------------------
%s The name of the current service or share
%P the current service or shared directory
%u user name used by current service or share
The name of the group in which%g%u resides
%u the user name (login name!!) used by the current session, which is the user name that the client expects, can be different from the user name that the client actually obtains.
The name of the group in which%G%u resides
%H%u's Private directory (home directory)
Version number of%v Samba
%h the NetBIOS name of the Samba server
%m Client's NetBIOS hostname (Win9x's machine name)
NetBIOS name of the%l server
The%N server (????? ) name
%M client's Internet host name
%I The IP address of the client
%T Current date and time
%d current server process ID
%a remote client architecture, currently only recognized wfwg,nt, and Win 95, 98, and not 100% reliable, other systems are marked as UNKNOWN
-----------------------------------------------------------------------

Third, user authentication:

The account number is important to samba, and the user must have a valid account to connect to a non-guest-nature Samba service, and that account determines his or her privileges. Even if a share is a guest share, Samba needs a specific account to provide the service.
There are many ways that users can connect to SABMA services. The server follows the steps below to decide whether to allow a connection, deny the connection if all the steps fail, and if one of them succeeds, no subsequent steps are taken.
1> if the shared request connection contains a "Guest only = yes" parameter, the user is connected as the "Guest account =" parameter, regardless of the password it provides.
2> If the client provides an account/password pair, and the account/password pair passes the authentication of the Linux system, the user connects to the account. Note This includes account numbers provided in the form "\\server\service\%username".
3> checks the NetBIOS name of the client (that is, the computer name that Windows uses on the network) and other accounts that have been used, and if one can match the supplied password, the connection is allowed.
4> If the client has already passed the account \ Password verification and the authentication flag (validation token) is sent to the server, the user is connected to the account.
5> If the requested share contains a "user =" parameter, and the client provides a password, and the password can match one of the accounts in the account list, the user connects to the account. If an account in the user = parameter starts with "@", it is treated as a user group name. All user accounts in this group are included in the "user =" list.

Iv. Security level for Samba
Samba has four security levels, defined by the parameter security, which can only appear in [global] and is a global parameter.
These four security levels are share,user,server,domain, of which the latter three are in Safe mode, which focuses on share and user security levels.

1) Security = Share
When a client connects to a share security-level server, it does not need to provide the correct account and password to log on to the server before the connection is shared (although clients such as Windows 95/98/NT issue a login request when connecting to a share-level server, which contains only the account number) Instead, the client only needs to provide a password when connecting to a specific share.
Note: The server always uses a valid Linux account to provide services, even if it is working at the share security level.
Because the client does not provide an account to the share server, the server uses the following techniques to determine what account to use for service:
1> If the share contains a "Guest only =yes" parameter, use the guest account specified by the "guest account=" parameter, ignoring the following steps.
2> If the connection request provides an account at the same time, then the account is considered a potential account.
3> If a client has made a login request before, the account that the request contains is also considered a potential account.
The share name of the 4> client requesting a connection is considered a potential account.
The NetBIOS name of the 5> client is considered a potential account.
6> the account number in the "user =" list is considered a potential account.
If the "Guest only" parameter is false, check all potential accounts and use the first account that matches the password. If the guest only "parameter is true, or if the share allows" Guest account ", then the connection is denied. Visible, share service The process of determining the account is very complex.

2) Security = user

This is the security level that Samba uses by default. When using the user security level, the server requires the client to first sign in with the correct account and password (which can map the account). Parameters such as "user =" and "Guest only" may change the user's identity only after the user has successfully logged in.

Note: The share name of the client request connection is passed to the server only after login, so no authenticated user can access any shares (including guest sharing). You use the map to guest option to map unknown users to guest users to allow access to the guest share.

3) Security = Server

Under server security, Samba uses a remote SMB server (such as a Windows NT server) for authentication and, if it fails, automatically switches to the user security level. The server security level and the user security level are not different for clients.

4) Security = Domain
In this mode, you must use the SMBPASSWD program to add the Samba server to a Windows NT domain and use the "Encrypted password (Encrypted passwords)". Under this security level, Samba uses the Windows NT master server (W indows NT Primary), or a backup domain controller, takes the same behavior as a Windows NT Server for authentication.

***************************************************************************
Comparison of share and user security levels

The share security level is resource-oriented, and users need to provide a password for each connection to a non-guest share. If the guest share is primarily provided, the share security level should be used.
User security level for users, the user login, there is no need to provide a separate password for sharing, more convenient. If the user's account on the PC is the same as the account on Linux, then using the user security level is very appropriate.
***************************************************************************

Five, common parameters

1) Global Parameters:
1>netbios Name
Set the NetBIOS name of the samba server, which the client uses to identify it, and the default is the first part of the host DNS name.
2>workgroup
Set up the workgroup where the Samba server resides.
3>server string
Set the server description information, the value can be arbitrarily set.
4>security
Set the security level of the server, the valid value is Share,user (default), Server,doamin.
5>announce as
Typically, the Samba server declares itself to be a Windows NT Server, which can be used to change this setting. The valid values are "NT", "Win95" or "WfW", which represent Windows NT, Windows 95, and Windwos for Workgroups.
6>log file
Specifies the log file for the Samba server.
7>max Log Size
Sets the maximum length of the log file, whose value is an integer, in kilobytes. If the log file exceeds the specified length, samba adds a suffix. Old to the file name, and then creates a new file. If the value is 0, there is no limit, and the default value is max log size = 5000.
8>map to Guest
Guest user mappings, valid values are "never", "Bad User", "Bad Password".
9>username Map
The user mapping, whose value is a file name.
10>load Printers
Boolean value that determines whether all printers in the Printcap file are loaded for browsing. The default value is load
Printers = yes.

2) Other parameters
Some parameters have "synonyms", which are placed in parentheses behind them.
1>path (or directory)
Set the directory you want to share. %u that appears in the path is replaced with the Linux account used by the client, and%m is replaced with the client's NetBIOS name.
2>comment
Comment Information.
3>guest OK (or public)
If this parameter is yes, the corresponding share is allowed to be accessed in guest mode. The default value is No.
4>guest Account
To specify a Linux account for guest access, Samba uses that account to provide the service, and its permissions are the privileges that the guest user enjoys.
5>guest only
Boolean value that determines whether the share is allowed to be accessed in guest mode. This parameter has no effect if the guest OK or public parameter has been specified. The default value is No.
6>browsable (browseable)
Boolean value that determines whether the share is browsable. If the value is yes, the corresponding share appears in Network Places.
7>read only
Boolean value that determines whether the share is shared as read-only.
8>writeable (or write OK)
Boolean value that determines whether the user is allowed to modify the corresponding share.
9>user (or username users)
Specify a list of potential accounts for the share.
10>invalid Users
The list of users who are forbidden to access the share.
11>valid Users
A list of users allowed to access the share.
12>writelist
A list of users with write permissions. Users in this list can modify the corresponding share, even if the shared Read Only option is set to true.
13>readlist
A list of users with read-only permissions. Users in this list have read-only permissions, regardless of whether the share has the Read Only option set.
14>admin Users
A list of super users. Users in this list have all permissions on the corresponding share.
15>force User
Specify a Linux account that all users can use to access the appropriate share. This helps to share files between users. This account only works after you connect (! ), so the client still needs to provide the correct account and password to connect to the share. Once the connection is established, the client will perform any file operation with that account, regardless of the account used to connect it.
16>force Group (or group)
Similar to force user, except that the user group is mandatory.
17>available
This option allows the user to turn off a share whose default value is yes.
18>allow host (or hosts allow)
Allows access to the corresponding shared host list, separated by commas, spaces, or tabs. You can use the IP address and host name to identify the host.
19>deny hosts (or hosts Deny)
Disable access to the list of hosts that are shared.
20>preexec
Specifies the commands that are executed after the connection is established, for example:
Preexec = echo \ "%u connected to%s from%m (%l) \" >>/tmp/log
Appends a record to the log file when the connection is established.
21>postexec
Specifies the command to execute after the connection is broken.
22>root preexec
Similar to preexec, but the command specified here is run with root privileges. This is usually used to install a file system, such as CDROM.
23>root postexec
Similar to postexec, but the command specified here is run with root privileges. Can be used to unmount the file system.

Vi. Using User Mappings

The user mapping mechanism provided by Samba includes both "Guest user mapping" and "User mapping":

1) Guest User mapping
The Guest user mapping is only available in Safe mode (User,server and domain security level). If a user is not authenticated, it can be mapped to a guest user, allowing him to access the guest share. Here the guest user is provided by the Guest account = "parameter specified.
The Guest user mapping is controlled by the global parameter "map to Guest", which can only be placed in the [Global] section, with the following three values:
1>map to Guest = Never
Does not map, denying illegal users access to any resource. This is the default behavior.
2>map to Guest = Bad User
If the user logs on with a nonexistent account, it is mapped to the guest user, and the connection is disabled if the account provided is correct and the password is incorrect.
3>map to Guest = Bad Password
The user who logged on with the error password is mapped to the guest user. This setting creates the problem that if the user accidentally types in the wrong password, the server "secretly" maps him to the guest user without any error messages, so that the user unknowingly receives various access restrictions.

2) User Mapping
The Global parameter "username map" is used to control user mappings, which allows the administrator to specify a mapping file that contains information about user mappings between the client and server, such as:
Username map =/usr/local/samba/lib/users.map User mappings are often used to map between Windows and Linux hosts, as users may be in two departments
have different accounts on the system, and another purpose is to map several users to a user so that they can share files more easily.

Here is an example of a mapping file:
# Map Windows admain to Linux Root
Root = Admin Administrator
; Map all the members of the group system (user group) to SYS
SYS = @system

The left side of the equals sign is a separate Linux account, and the right side of the equals sign is the list of accounts to be mapped. The server parses the mapping file line by row, replacing it with an account on the left of the equals sign if it matches the account number in the list on the right side of the line.
If there is no "!" in front of the line Symbol, the following line continues to be parsed, or the analysis is not continued.
The "@" symbol indicates that it is followed by a user group, and all users in that group are mapped to the appropriate Linux account.
The symbol "*" is a wildcard character that can match any user account.
With "#" or ";" The line that begins is the comment line.
If you want to map an account that contains spaces (spaces are allowed in your Windows account), you can enclose them in quotation marks, such as:
# Map A Windows account to the LInux account
Tridge = "Andrew Tridgell"
The following example maps the account Fred and Mary to account SYS and maps the other accounts to the Guets account.
!sys = Mary Fred
Guest = *

Note: The server maps accounts that appear in any location. For example, if you connect to \\server\fred and Fred is mapped to Mary, then the actual connection is \\server\mary, and the user should provide Mary's password instead of Fred's password. Samba does not provide user mappings by default.

Seven. Using an encrypted password

Starting with Windows NT 4.0 Service Pack 3, Microsoft decided not to pass unencrypted passwords across the network, but only to pass encrypted passwords (encripted Password), and the new version of Windwos 95 and Windows98 also adopted this An agreement. These clients encounter great difficulties in communicating with a Samba server that does not support cryptographic passwords and runs at the user security level. In order to communicate successfully with these clients, Samba has also added support for cryptographic passwords.

1) Samba password file
In order to use the encrypted password, Samba needs a copy of its own password file, and the file should be synchronized with the linux/etc/passwd file, you can use the mksmbpasswd.sh script to make this file:
Cat /etc/passwd | mksmbpasswd.sh >/ETC/SMBPASSWD
where smbpasswd is the required password file, its permissions should be set to 0600, the owner is the record in the Root.samba password
file, and/etc/smbpasswd Record one by one of the file corresponds to. The format of each line is as follows:
Username:uid:xxx...xxx:xxx...xxx:logname:user home Dir:user Shell
It's basically the same format as the/etc/passwd file , only the password fields are different. The password field consists of two parts, each of which is 32 "X". These are the cryptographic passwords used by samba, the first part used for communication with LanManager, and later for Windows NT communication. The password of Linux cannot be deciphered, so all the users in the newly created password file do not have the correct password and are represented by 32 "X". The root user can use the SMBPASSWD command to set an initial password for each user. This allows the user to change their samba password using the SMBPASSWD command. SMBPASSWD is used in a similar way to the passwd command. The root user can also set the password to null by manually modifying the password file and changing the first 11 "X" to
"no PASSWORD":
No passwordxxx...xxx:xxx...xxx
This way, when the SMBPASSWD command asks the user for the old password, you can simply press ENTER to skip.

2) specify that Samba uses an encrypted password
For Samba to use an encrypted password, the following parameters must be added to the [Global] section in the/etc/ssmb.conf file:
Encrypt passwords = yes
SMB passwd file =/etc/smbpasswd
The first line informs Samba to use an encrypted password. The second line gives the path to the export order file. If the user is allowed to use a null password, the following parameters should be used:
Null passwords = yes
But this poses a security problem.

3) SMBPASSWD command
In addition to modifying the user's password, the SMBPASSWD command can also help root users add and remove users. SMBPASSWD command if run by the root user, it will directly modify the password file, without the help of SMBD, if run by a normal user, smbpasswd in the client/server mode, it is connected to SMBD to complete the necessary modifications. Client/server mode makes SMBPASSWD unnecessary to be a SUID program to avoid creating security holes.

Common options for the SMBPASSWD command are:
1>-A adds a user account that must appear in the/etc/passwd file, which is a legitimate Linux account, and only root can use this option.
2>-D disables a user account and does not delete it for root use only.
3>-e restores a disabled user account for root use only.
4>-N Sets the password for the account to NULL, and the first 11 characters of the password field are changed to "NO PASSWORD".
For root use only.
5>-R remote_machine_name This option allows the user to specify a remote host, and if this option is not present, SMBPASSWD modifies the password on the local Samba server by default. Remote-machine-name is the NetBIOS name of the remote host.
6>-u username this option can only be used with the-r option. When modifying a password on a remote host, the user can use this option to specify the account to be modified. This allows users with different accounts in different systems to modify their passwords.
7>-S This option enables SMBPASSWD to work in silent (silent) mode, in which smbpasswd reads data from the standard input instead of the default/dev/tty, which helps the user write scripts that call SMBPASSWD.

4) How can I not use encrypted passwords
As mentioned above, the use of encrypted passwords is primarily intended to be able to communicate successfully with clients such as Windows NT. For this purpose, you can also modify the Windows NT registry to force it to use an unencrypted password (Plain Password).
The Turbolinux/usr/doc/samba-2.0.3/docs directory has two registry files that can be used to automatically modify the Windows NT 4 and Windows 95 registries, and users simply double-click their icons on Windows systems. These two files are: Nt4_plainpassword.reg and Win95_plainpassword.reg.

It's old on the top . The new SAMBA 2.2.1a, 2.2.2a is not the same as the above.
specific in Smbmount and Smbclient commands . The rest is about the same.
Now, the shared folder for Windows can be written directly in/etc/fstab, for example:
2000_server/gugong/mnt/smb/2000 Smbfs Username=gugong,password=123,rw,noauto 0 0

In the shell, Mount with Mount [-t Smbfs]/mnt/smb/2000 (as above is noauto; if auto, it will be loaded automatically when the system starts).

The/etc/samba/smb.conf of the domain login service is mainly added as follows:
Domain Master = yes
Preferred Master = Yes
Domain logons = yes
This is mainly the "Domain logons = yes" Function!

the specific/etc/samba/smb.conf please look at this file.

"Go" Samba configuration file detailed