[Samba] Linux server, Win2k client: Almost works, what am I missing?
Joel Hammer
Joel at HammersHome.com
Wed May 15 18:52:02 GMT 2002
I don't use NT or win2000, but, this sounds like you are failing Test #10 in
DIAGNOSIS.txt in the source documents.
It suggests you enable encrypted passwords on the samba server.
Maybe you didn't do the hack properly. I would look at tcpdump during the
log on to see if you are really sending passwords in the clear. (BTW, I have
never tried this particular trick, but, it sounds easy.)
Joel
On Wed, May 15, 2002 at 07:35:32PM -0500, Kris Kelley wrote:
> Hello all.
>
> A couple of days back I posted a question about how I could get a Win2K
> client to mount a share from my linux Samba server. I was getting the
> familiar "account is not authorized to log in from this station" error
> on the Win2K box, despite a set-up that supposedly allowed guest logins
> *and* implemented the registry hack for clear-text passwords on the
> Win2k box.
>
> While I didn't find a direct solution, Herb Lewis in particular was very
> helpful in offering suggestions. I decided to abandon the RPM approach
> and install from the source package instead, if only to have better
> control over what extra features were enabled (bye-bye, PAM!).
>
> I've made some progress since then. I am certain that the stumbling
> block I'm facing now is a real stupid one, but I'm brain-dead on finding
> the solution.
>
> My set up: Red Hat Linux 7.1 (kernel 2.4.9) running Samba 2.2.4. I
> compiled and installed using all the defaults, with one exception: I
> enabled the smbmount feature.
>
> My configuration is pretty basic at the moment. This is my smb.conf
> file:
>
> [global]
> workgroup = DEVGROUP
> security = user
> netbios name = skunkworx
> [test]
> comment = test share
> path = /export/samba/test
> read only = no
> guest ok = yes
>
> /export/samba/test does exist, and has 777 permissions.
>
> At first, this is the only configuration of any kind that I did; I
> didn't even use smbpasswd to set up any Samba-specific user passwords.
>
> Once I fired up Samba, I tried to access it from a Win2k box, on which
> I'm logged in as DEVGROUP/skunk (user "skunk" also exists on the linux
> box, and the passwords are the same in both environments). This failed
> with the usual "account is not authorized to log in from this station"
> error (clear text passwords are enabled on the Win2K box), and I only
> saw this in Samba's logs (level 2):
>
> [2002/05/15 19:17:57, 2] smbd/reply.c:reply_special(91)
> netbios connect: name1=SKUNKWORX name2=WIN2KBOX
> [2002/05/15 19:17:57, 2] smbd/reply.c:reply_special(110)
> netbios connect: local=skunkworx remote=nfstest
>
> However, when I used the "net use" CLI command to log in with user
> "nobody", supplying "nobody"'s password, it worked! The share was
> successfully mounted, and I saw these entries in the Samba log:
>
> [2002/05/15 19:18:29, 2] smbd/reply.c:reply_sesssetup_and_X(973)
> Defaulting to Lanman password for nobody
> [2002/05/15 19:18:29, 1] smbd/service.c:make_connection(651)
> nfstest (172.16.4.100) connect to service test as user nobody
> (uid=99, gid=99) (pid 15247)
>
>
> I then tried putting "skunk" into Samba's user database using this
> command:
>
> smbpasswd -a skunk <skunk's password>
>
> I still couldn't access the share as user "skunk", though; I got the
> same error message on the Win2K side and the same Samba log entries on
> the linux side.
>
> I should note that when I use smbclient, I can access the test share
> just fine as user "skunk" on the linux box.
>
> So, what obvious thing am I missing? What allows user "nobody" to
> access the share from a Win2k box, but then denies all other users?
> There is no Win2k user "nobody" within the DEVGROUP domain, if that
> provides any clue.
>
> Please let me know if more information is needed. Any and all help is
> greatly appreciated!
>
> ---Kris Kelley
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list