Samba Notes

May 15th, 2007

"Global parameter min protocol found in service section!" - what does this mean? I had this in one of my share configurations:

max protocol = NT1

min protocol = lanman2

Can't connect to Samba server from Mac and have it prompt for username and password for some reason. I am able to supply username and password as part of the address, but that is pretty lame. This is the error:"Could not connect to the server because the name or password is not correct."

Looks like this happens from time to time, might be a restart issue? Oh my gosh it was!

Did a bunch of research on samba encrypted passwords and auth backends:

Samba will not authenticate to a backend like MySQL, because the passwords it receives are already encrypted. The samba developers used to support mysql and postgres back ends (which I'm not sure would work with Windows clients), but no longer. It is also possible to use pam_mysql with samba, but you cannot do so with encrypted passwords, so it won't work with Windows clients.

The only remaining possibility for our situation is using an LDAP backend. However, since the passwords are pre-encrypted with lanman and nt encryption schemes, they would not match up against the more common crypt passwords. No matter what, when integrating linux and windows fileshares, you need to use the lanman or nt encryption schemes. This is pretty annoying, because this authentication setup is cleartext equivalent.

Other alternatives are to use sftpdrive, or use ssl enabled dav drives.

Another resource:

Good explanation of Samba compared to Windows:

Or, you could simply have two password fields in the database:

This would obviously require stricter password change code. For PHP, this includes:

Yearly Indexes: 2003 2004 2006 2007 2008 2009 2010 2011 2012 2013 2015 2019 2020 2022