Anybody using Samba authentication?

This implementation holds some drawbacks and my intention is to simply kill it.
Generally speaking:
If somebody wants to authenticate against a Samba/Windows server there is an AD right next to it where
an integration via LDAP would be of greater use.

  • Kill it with :fire:
  • Save it! :fire_engine:


Most of my Samba servers are running with security = user and they don't support Active Directory. As far as I know I can't use LDAP authentication in ownCloud without AD, so I've been using OC_User_SMB.

Could you tell us about your use case? I don't see the point of authenticating against a samba server if it isn't to access to files inside it, and if this is the case, the external storage app can take care of it.

We are accessing the files inside the Samba server. Samba is configured for a workgroup. There's no Active Directory, only local accounts maintained with smbpasswd. When staff are in the office on the same network as the Samba server, they access their files through mapped drives.

When staff are out of the office, they use WebDrive on Windows to access their files on the Samba server through ownCloud. We're using external storage in ownCloud to provide access to the Samba shares. All of the shares are set to authentication: Log-in credentials, save in session, so no passwords are saved in the external storage configuration.

Using OC_User_SMB lets us maintain one password for each user. Any user that has a Samba account gets an ownCloud account, the first time they sign on to ownCloud. When a user changes their Samba password, they are effectively changing their ownCloud password at the same time.

We're slowly transitioning to direct storage in ownCloud and the desktop client, but that's going to take time.

The short version: OC_User_SMB gives us authentication like LDAP even though our Samba server doesn't support LDAP.

If you can afford the ownCloud Enterprise Edition (or you're using it) the WND storage comes with "user-provided credentials". This means that the admin can set up a mount such as "/home/$user" (omitting server and shares parameters here) and then let the users provide their own credentials, which will be saved encrypted in the DB. Then it's the user's responsability update their own credentials to access to that storage if he changes them in the SMB server.
This is probably the best match for your case.

Another option is to allow the users mount their own mount points, but this might not be a good one specially if your users aren't technical.

I hope it isn't a common setup

1 Like

no need for an AD. opanldap works just fine

Actually, we do not use smb authentification yet. However, we are just migrating the old Novell server to recent samba implementation and we are going to offer owncloud to allow users to access or share their files using the www. (Hopefully we find a way how to automatically configure external share for each user using identical credentials.) Letting users to update their credentials in owncloud is against our "single passwor" target.

The samba users are authenticated against local mysql database, however, I prefer to use stable OC_User_SMB than some third party addon. LDAP is not an option for us.


1 Like