Sambar Server Documentation

User Authentication


User Management
Unless an external authentication mechanism is used (i.e. SQL Auth, Radius or NT Authentication), user management is performed from the User Management icon found in the System Administration main page. After clicking on the User Management icon, a list of users will be displayed. From these forms, you can add, delete or update user profiles. Changes to user accounts take effect immediately.

It is recommended that you modify the password of the "admin" user prior to putting the Sambar Server on a public network. Simply click on the "admin" account, and enter a new password into the Password field. Then update the admin account.

Adding new users via a script
All built-in user management is handled by the passwd file in the config directory. To add new users to this file, you simply add new lines to the passwd file. The format of a passwd line entry follows the format:
username:group:password:directory:privleges:ftp-max:symbolic-name
The password portion of the line can be generated using the bin/sacrypt.exe executable.

The only other element needed is for mail server users. To create a valid mailbox for a server user, you must create the appropriate path/file for the user: mail/mbox/username/inbox.fld If the zero-length file/path exists, it is assumed the user is a valid mail server user.

NT Authentication
To configure the server to use NT Domain authentication, you must configure two configuration parameters in the config/config.ini. The NT Domain name must be properly configured for your NT system:

NT Authentication = true
NT Domain = <domain-name>

Important! When using NT authentication, the user's root directory is defaulted to /, group is defaulted to other and access privileges are defaulted to none. To change these default values, you have an entry for the user in the config/passwd file.

Radius Authentication
To configure the server to use Radius authentication, you must configure four configuration parameters in the config/config.ini.

Radius Authentication = true
Radius Port = 1812
Radius Server = server-name
Radius Secret = secret

Important! When using RADIUS authentication, the user's root directory is defaulted to /, group is defaulted to other and access privileges are defaulted to none. To change these default values, you have an entry for the user in the config/passwd file.

SQL Authentication
To configure the server to use a SQL server for authentication, you must configure three configuration parameters in the config/config.ini.

SQL Authentication = true
SQL AUTH Cache = dbcache-name
SQL AUTH Query = select grp, name, dir, privs, ftpmax FROM users WHERE username = '%N' and password = '%P'

The SQL AUTH Cache must be a SQL datasource configured using the database cache configuration. Obviously, the database engine must be enabled in order to use the cache specified by the SQL AUTH Cache. The SQL AUTH Query string will be used by the authentication interface to build a SQL lookup query. The query string can be formatted with any argument available in custom log formating. If a row comes back from the query, the SQL authentication interface assumes a match and logs the user in.

Important! The privs column is an integer with the following possible values:

  • 0 - No FTP or Document Manager Access
  • 1 - Read-only FTP and Document Manager Access
  • 2 - Read-Write FTP and Document Manager Access

© 2001 Sambar Technologies. All rights reserved. Terms of Use.