Automate (w/ Scripting?) Samba To Match Linux Users Preferrably in Caja-Share (sync linux and samba users)

[Mad_Man_Moon]

I was spurred on by this thread to see if this was a thing, and that is to have samba keep up with the users on the OS.

Put more basically:
When I add a user, or change a user password/group/level on Linux Mint, I would like Samba to match that.

Similarly, if I change the permissions to a folder in Linux Mint, I'd like the bare minimum sharing level to be at that of the persmissions involved. Obviously I'd not want that to overwrite existing samba share details, but you get the picture.

I will be researching this, but if there's a simple way to do this, it'd be cool to know.

It's not essential for this to happen in Caja-Share itself (I'm not asking for a feature addition there) just saying that if there's ways of configuring that which I don't know, that would be preferrable. If there's a one-time command that I can enter in the command line, that's just ask cool.

All that said, these are features I'd like to see in Caja-Share, to make it even more usable for the layman. (I am *so* lay)

---
Apologies for the long title, it's for search purposes.
---

EDIT:
This answer on stack appears to be a starting point, but it's not totally clear if the users are already made on Samba by default. Like, when I installed Samba, did it create a user the same as my main Linux Mint user?

man smb.conf

Code: Select all

   unix password sync (G)

       This boolean parameter controls whether Samba attempts to synchronize the
       UNIX password with the SMB password when the encrypted SMB password in
       the smbpasswd file is changed. If this is set to yes the program
       specified in the passwd program parameter is called AS ROOT - to allow
       the new UNIX password to be set without access to the old UNIX password
       (as the SMB password change code has no access to the old password
       cleartext, only the new).

       This option has no effect if samba is running as an active directory
       domain controller, in that case have a look at the password hash gpg key
       ids option and the samba-tool user syncpasswords command.

       Default: unix password sync = no

That was the first answer in my startpage search , however, in checking those settings, my config file has that automatically set to 'yes' (see the edited contents below). So theoretically if I try to connect to that folder, as the linux/samba user, it should work. However it doesn't, which says to me more things need to happen.

Code: Select all

   unix password sync = yes

# ... the following parameters must be set ... BLAH
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .

[altair4]

unix password sync does the opposite of what you want. It makes the unix password match the samba password when the samba password is changed. It is already set to Yes in most distros so samba will allow it but pam will not.

There used to be a package that does what you want but it was removed back in 2015 for security reasons and was generally considered to be a bad idea in the first place.

[Mad_Man_Moon]

Cheers, mate ... so ... it's ... *not* a good idea to set the same accounts / passwords?

I find this puzzling ... but OK.

This topic can be closed, in that case, then.

... and I'll look around for a SAMBA GUI, then, to manage SAMBA separately.

unix password sync does the opposite of what you want. It makes the unix password match the samba password when the samba password is changed. It is already set to Yes in most distros so samba will allow it but pam will not.

There used to be a package that does what you want but it was removed back in 2015 for security reasons and was generally considered to be a bad idea in the first place.

[altair4]

There were two problems with the old package that was eventually removed:

[1] It was a dependent of the samba package itself so it would install automatically.

[2] Generally samba isn't used this way.

If I create a share that allows only credentialed users I don't want to create those users with their own home directories and login ( unix ) passwords. So I create them without it. If I have a package that sets the samba password for those users to the unix password it won't work since they don't have any.

If I did want the samba and unix passwords to match there is no way to prevent that user from accessing the physical local server itself.

Without that package I could create a share that allows only me access but make my samba password different from my unix password. Then I could give that password to others in the network to use to access the share but would be unable to access the physical server itself. Now I don't have to create any other users.

etc...

And there is no samba GUI that isn't destructive ... like gadmin-samba for example. That will create a samba server set to version 2/3 of samba and no one in any forum will help you if you have problems.

[RowlandP]

Sounds to me that the OP needs to to run a Samba AD domain.

As for stopping Samba users logging in locally, this is easy, just set their shell to /bin/false