It is recommended that you modify the password of the "admin" user prior to putting the Sambar Server on a public network. Simply click on the "admin" account, and enter a new password into the Password field. Then update the admin account.

Authenitication Mechanisms
Let's take a step back and view the authentication mechanisms:

• /session/login
• security.ini
• .htaccess (via require user or require group

• passwd
• SQL Authentication
• Radius Authentication
• LDAP Authentication
• NT Domain Authentication
• unix crypt (.htaccess use only)

Case Insensitive Usernames
Depending on the authentication facility used, usernames may be case insensitive (passwords are always case sensitive). The default passwd facility allows for case insensitive usernames; in all other facilities, usernames are case sensitive.

Adding new users via a script
All built-in user management is handled by the passwd file in the config directory. To add new users to this file, you simply add new lines to the passwd file. The format of a passwd line entry follows the format:
username:group:password:directory:privleges:ftp-max:symbolic-name
The password portion of the line can be generated using the bin/sacrypt.exe executable. In addition, the following schemes can be used to generate the password: MD5, SHA1, Unix crypt(). Passwords entries that use one of these schemes will be prepended with md5-, sha1-, and ux- respectively.

The only other element needed is for mail server users. To create a valid mailbox for a server user, you must create the appropriate path/file for the user: mail/mbox/username/inbox.fld If the zero-length file/path exists, it is assumed the user is a valid mail server user.

NT Authentication
To configure the server to use NT Domain authentication, you must configure two configuration parameters in the config/config.ini. The NT Domain name must be properly configured for your NT system:

NT Authentication = true
NT Domain = <domain-name>

Important! When using NT authentication, the user's root directory is defaulted to / unless Auto-provision Users is enabled (see below), group is defaulted to other and access privileges are defaulted to none. To change these default values, you an put an entry for the user in the config/passwd file or modify the Default User Privileges and Default User Max Content.

Radius Authentication
To configure the server to use Radius authentication, you must configure four configuration parameters in config/config.ini or config/vhosts.ini (as appropriate).

Radius Authentication = true
Radius Port = 1812
Radius Server = server-name
Radius Secret = secret

Important! When using Radius authentication, the user's root directory is defaulted to / unless Auto-provision Users is enabled (see below), group is defaulted to other and access privileges are defaulted to none. To change these default values, you an put an entry for the user in the config/passwd file or modify the Default User Privileges and Default User Max Content.

LDAP Authentication
To configure the server to use LDAP authentication, you must configure seven configuration parameters in config/config.ini or config/vhosts.ini (as appropriate).

LDAP Authentication = true
LDAP Port = 363
LDAP Server = server-name
LDAP Base = ou=corpauth,dc=sambar,dc=net
LDAP Timeout = 10
LDAP Version = 3
LDAP SSL = true

Important! When using LDAP authentication, the user's root directory is defaulted to / unless Auto-provision Users is enabled (see below), group is defaulted to other and access privileges are defaulted to none. To change these default values, you an put an entry for the user in the config/passwd file or modify the Default User Privileges and Default User Max Content.

SQL Authentication
To configure the server to use a SQL server for authentication, you must configure three configuration parameters in config/config.ini or config/vhosts.ini (as appropriate).

SQL Authentication = true
SQL AUTH Cache = dbcache-name
SQL AUTH Query = select grp, name, dir, privs, ftpmax FROM users WHERE username = '%N' and password = '%P'

The above select clause was issued against a SQL table "users" created with the following syntax:

create table users (username varchar(255), password varchar(255), grp varchar(64), name varchar(64), dir varchar(255), privs int, ftpmax int)
insert into users values ('admin', 'admin', 'root', 'Root User', '/docs/', 2, 0)


The SQL AUTH Cache must be a SQL datasource configured using the database cache configuration. Obviously, the database engine must be enabled in order to use the cache specified by the SQL AUTH Cache. The SQL AUTH Query string will be used by the authentication interface to build a SQL lookup query. The query string can be formatted with any argument available in custom log formating. If a row comes back from the query, the SQL authentication interface assumes a match and logs the user in.

Important! The privs column is an integer with the following possible values:

• 0 - No FTP or Document Manager Access
• 1 - Read-only FTP and Document Manager Access
• 2 - Read-Write FTP and Document Manager Access

Auto-provision Users
The Auto-provision Users boolean configuration in config/config.ini or config/vhosts.ini (as appropriate) is used in conjunction with NT, LDAP and Radius authentication, to speify the user's "Document Directory", access privileges, or storage quota. Access privileges and quota are configured via Default User Privileges (specified as 0, 1, 2 as shown above) and Default User Max Content (speficied in megabytes, i.e. 10). If enabled, each user will be assigned a private workspace under /users for file access. This flag should be used in conjunction with the User Directories boolean to enable the auto-access to any user's files via the http://machine/~user/ auto-alias.