Problem with NT encryption to Linux Samba Server
Stephen L Arnold
arnold.steve at ensco.com
Wed May 19 00:46:03 GMT 1999
When the world was young, amulyon at ipass.net carved some runes like this:
> I'm using RedHat linux 6.0 and accessing it from windows NT 4.0 SP3.
[snip]
> --snip of smb.conf ----
>
> encrypt passwords = yes
> ;security = server
> hosts allow = all
> guest account = pcguest
> guest ok = yes
>
> [public]
> path = /home/pcguest
> public = yes
> guest ok = yes
> writable = yes
> printable = no
> --- end of smb.conf ----
>
> When I tried to access the public share from NT using pcguest%pcguest as a
> user and password I got an error message in /var/log/samba/log.sbm:
>
> [1999/05/17 17:43:38, 1] smbd/password.c:pass_check_smb(506)
> Account for user 'pcguest' was disabled.
> [1999/05/17 17:43:38, 1] smbd/password.c:pass_check_smb(506)
> Account for user 'pcguest' was disabled.
>
> I already created a unix user of pcguest in /etc/passwd and give a
> guest ok = yes permission.
>
> Even worse I can't access it from local machine using a command :
>
> host $ smbclient //cy25013-7/public -Upcguest%pcguest
> Added interface ip=166.34.21.214 bcast=166.34.23.255 nmask=255.255.248.0
> Got a positive name query response from 166.34.21.214 ( 166.34.21.214 )
> session setup failed: ERRSRV - ERRbadpw (Bad password - name/password pair
> in a Tree Connect or Session Setup are invalid.)
AFAIK, you shouldn't need a password at all for guest access (the
few times I've actually logged in as guest I didn't use a password,
and it seemed to work fine). That could be the error you're
getting.
Second, adding the guest account info to /etc/passwd might not be
enough; I would use an existing account on the linux box (eg,
nobody or ftp). Did you add your pcguest user to /etc/passwd
before or after you created smbpasswd? If you're concerned about
security at all, I would enable shadow passwords first, then create
smbpasswd, then add the actual passwords to /etc/smbpasswd (either
by hand or running with "update encrypted=yes" for a while).
Another thing to check is the guest user mapping in /etc/smbusers.
The default mapping for guest is:
# Unix_name = SMB_name1 SMB_name2 ...
root = administrator admin
nobody = guest pcguest smbguest
If you want to try your pcguest user, then make sure the above
mapping is commented out...
I've had some interesting behavior with username mapping when the
user existed in /etc/smbpasswd (depending on whether there was a
win95 NetBIOS name that matched a username or not).
Lastly, when using smbclient to connect to the same host smbclient
is running on, try just specifying the username, and let it prompt
you for the password (at least when troubleshooting).
Hope this helps, Steve
******************************************************************
Stephen L Arnold http://www.rain.org/~sarnold
#include <std_disclaimer.h>
******************************************************************
More information about the samba
mailing list