problemos

John Blair jdblair at frodo.tucc.uab.edu
Sat Jan 24 03:24:12 GMT 1998 

> People have no problem connecting to their home directory using samba by
> typing \\host\userame in the map network drive box.  However, I can't
> set up any other services.  I mean, I can, but when I try to connect, I
> get "Password Incorrect".  The only way I can make it work is to set up
> a new username in Win95 Logon, and a corresponding usernname on my unix
> box.  My security is set to "share" and I was under the impression that
> this takes care of the fact that pc and unix userid's might not be the
> same.

The reason that connecting to \\host\username works but other services
don't has to do with how share level security works.  Share level security
on a Windows machine associates passwords with different levels of access
privilages, not with users.  Unfortunately, Samba must match each incoming
request with a username b/c it implements file access security by
switching the userid of the server process to the authenticated userid. 
As a result Samba has to *guess* a username that the password might be
associated with.  If the password is the correct password for the guessed
username, the client is granted access.

The reason \\host\username works is that one of the heuristics for
guessing a username is to see if a username exists that is the same as the
service name and see if the password is correct for this user.  Since the
service name in this case is the same as the username, it works.
Connections fail for the other services b/c Samba is unable to guess the
correct username.

Are you using share level security because your user's Windows and UNIX
usernames might not be the same?  If that is the reason there is a much
better solution.  Set 'security = share' and use a username map file to
map your user's Windows usernames to the correct UNIX username.  See the
'username map' parameter description in the smb.conf man page for details. 
If for some other reason you *must* continue to use share level security
you can use the 'username' config parameter to specify a list of users to
test the password against.  However, this is not a recommended solution. 

Further, the version of Samba that you are running is 2 versions out of
date.  It would be a very good idea to upgrade to the latest stable
release (1.9.18p1). 

 -john.

......................................................................
.                                                                    .
.....John.D.Blair...   mailto:jdblair at uab.edu   phoneto:205.975.7123 .
                   .   http://frodo.tucc.uab.edu  faxto:205.975.7129 .
 ..sys|net.admin....                                                 .
 .                     the university computer center            .....
 ..... g.e.e.k.n.i.k...the.university.of.alabama.at.birmingham....

More information about the samba mailing list