• Launchpad Entry: simplesamba

  • Created: 2007-03-31

  • Contributors:

  • Packages affected: authtool, pam, base-config

  • See also:


Eliminates the need to explicitly create samba users. Allows users to share their home directories from the Shared Folders utility.

Use Cases

  1. John wants to give his wife, who already has an account on the local machine, access to his Documents directory from her Microsoft Windows machine. John uses the Shared Folders utility to share out the folder. Along the way, Ubuntu assists him in each of the key tasks that must be performed so it appears to John as only one simple action:
    • Create a Samba User: lib-smbpass silently created his wife's samba user when the account was first created by pam, and updated her password every time her password was updated (again, through pam; needs to be implemented, see design section)
    • Install Samba: Ubuntu prompts John to install Samba when he visits the Shared Folders utility (already implemented)
    • Select a Share: Ubuntu provides the Shared Folders utility or John to use to add the share (already implemented)
  2. Jane wants her family to be able to access their home directories away from home. Jane uses the Shared Folders utility to share all home directories by checking the share home directories check box.


This specification contains two technically unrelated parts designed to allow non-technical users to share files using Samba. Successful implementation of this specification will allow a user to login, install Samba through Add/Remove Programs, run the Shared Folders utility, and then immediately connect to smb://localhost/username with their user name and password through the Connect to Server dialog or from any other device capable of accessing SMB.

1. The first section creates samba users before samba is installed, so that users can immediately log into samba as soon as it is installed with the user name and password they already have.

2. The second section provides a method by which a special file share, [homes], may be enabled. This share allows users to use their username as a sharename and access their home directory.


password sync

This will allow samba to Just Work with new Gutsy installs and installs upgraded to Gutsy as long as the users change/reset their password. Users can log into samba as soon as it is installed with their username and password and never need to use the terminal.

  • libpam-smbpass should be a dependency of ubuntu-desktop
  • common-password should include a managed-passwordsync by default
  • managed-passwordsync should include libpam-smbpass by default
  • authtool should set managed-passwordsync appropriately when authentication type changes

gui home directory sharing

Checking this box will make home directories shareable read/write by adding the [homes] share to smb.conf with writable=yes.


Implementation Checklist

  1. wait for sharma's patch to hit gutsy bug #116846

  2. file bug to add file for /etc/pam.d/common-*/libpam-smbpass files to libpam-smbpass package
  3. find out who to bug to get libpam-smbpass added as a dep of -minimal
  4. talk to ajmitch about getting some support in authconfig for removing it on real directory servers
  5. implement checkbox for sharing out homes

Outstanding Issues

  • purging samba shouldn't clobber /var/lib/samba if libpam-smbpass is installed, causing passwd not to work

BoF agenda and discussion

Discussed at UDS but I haven't heard any feedback.


sharama patched pam to support /etc/pam.d/common-auth.d/


MartinPitt: The Implementation section is actually a Design section, and the implementation bits are missing completely:

  • What is the semantics of /etc/pamd./foo.d/? Is it included implicitly (when?) or explicitly (breaks upgrades)? (My proposal is to support the semantics "foo.d/* is included implicitly after evaluating foo; this will not break upgrades and is not a terrible special case for common-auth).

    • implicit sounds good
  • What is "managed-passwordsync"? How is that added to the default configuration? (NB that modifying pam configuration files on upgrades is not something that we can reliably support).
    • managed-passwordsync would be a pam.d snippet that would be included by the aforementioned patch, would be present by default in a base install, and would include the needed pam entries for smbpass to function. Its contents would be edited only by authtool. It's primary purpose is to make it easy to remove the smbpass module so that samba users are not automatically created for users on machines that are set up as directory clients. This file would never be touched unless authtool was run interactively, although we might need to elaborate on what happens if a module's package is removed...
  • When the checkbox is triggered, what happens? Who writes the configuration file, how is that done to ensure that nonstandard configurations are not broken?
    • first, the checkbox shouldn't even be there unless samba is installed
    • system-tools-backends should do the dirty work of writing the config file, this requires some work in liboobs as well
    • nonstandard configurations should break no more or less frequently than they currently do with the shares admin util

CategorySpec CategorySpec

SimpleSambaIntegrationSpec (last edited 2008-08-06 16:29:06 by localhost)