It is recommended that you modify the password of the "admin" user prior to putting the Sambar Server on a public network. Simply click on the "admin" account, and enter a new password into the Password field. Then update the admin account.

Authenitication Mechanisms
Let's take a step back and view the authentication mechanisms:

• /session/login
• security.ini
• .htaccess (via require user or require group

• passwd
• SQL Authentication
• Radius Authentication
• NT Domain Authentication
• unix crypt (.htaccess use only)

Case Insensitive Usernames
Depending on the authentication facility used, usernames may be case insensitive (passwords are always case sensitive). The default passwd facility allows for case insensitive usernames; in all other facilities, usernames are case sensitive.

Adding new users via a script
All built-in user management is handled by the passwd file in the config directory. To add new users to this file, you simply add new lines to the passwd file. The format of a passwd line entry follows the format:
username:group:password:directory:privleges:ftp-max:symbolic-name
The password portion of the line can be generated using the bin/sacrypt.exe executable.

The only other element needed is for mail server users. To create a valid mailbox for a server user, you must create the appropriate path/file for the user: mail/mbox/username/inbox.fld If the zero-length file/path exists, it is assumed the user is a valid mail server user.

NT Authentication
To configure the server to use NT Domain authentication, you must configure two configuration parameters in the config/config.ini. The NT Domain name must be properly configured for your NT system:

NT Authentication = true
NT Domain = <domain-name>

Important! When using NT authentication, the user's root directory is defaulted to /, group is defaulted to other and access privileges are defaulted to none. To change these default values, you have an entry for the user in the config/passwd file.

Radius Authentication
To configure the server to use Radius authentication, you must configure four configuration parameters in the config/config.ini.

Radius Authentication = true
Radius Port = 1812
Radius Server = server-name
Radius Secret = secret

Important! When using RADIUS authentication, the user's root directory is defaulted to /, group is defaulted to other and access privileges are defaulted to none. To change these default values, you have an entry for the user in the config/passwd file.

SQL Authentication
To configure the server to use a SQL server for authentication, you must configure three configuration parameters in the config/config.ini.

SQL Authentication = true
SQL AUTH Cache = dbcache-name
SQL AUTH Query = select grp, name, dir, privs, ftpmax FROM users WHERE username = '%N' and password = '%P'

The above select clause was issued against a SQL table "users" created with the following syntax:

create table users (username varchar(255), password varchar(255), grp varchar(64), name varchar(64), dir varchar(255), privs int, ftpmax int)
insert into users values ('admin', 'admin', 'root', 'Root User', '/docs/', 2, 0)


The SQL AUTH Cache must be a SQL datasource configured using the database cache configuration. Obviously, the database engine must be enabled in order to use the cache specified by the SQL AUTH Cache. The SQL AUTH Query string will be used by the authentication interface to build a SQL lookup query. The query string can be formatted with any argument available in custom log formating. If a row comes back from the query, the SQL authentication interface assumes a match and logs the user in.

Important! The privs column is an integer with the following possible values:

• 0 - No FTP or Document Manager Access
• 1 - Read-only FTP and Document Manager Access
• 2 - Read-Write FTP and Document Manager Access