[Samba] Re: Windows 2000 Authentication

Net Warrior netwarrior863 at gmail.com
Tue Oct 17 13:18:20 GMT 2006 

Of course.

Something I forgot to mention is that, my windows XP machines can log in,
the machine I cannot log in is a windows 2000 SP4, do I have to modify
something in the registry to make it connect?
The windows 2000 client is a fresh install with the SP4 to make the tests.

Thanks, sorry for the noise.


2006/10/16, jds <santosjd at gmail.com>:
> add the password to samba:
>
> smbpasswd username
> Enter password: XXXX
> Confirm:   XXXX
>
>
>
> smbuser
>
> 2006/10/13, Net Warrior <netwarrior863 at gmail.com>:
> >
> > Hi community.
> > Let me tell you what happed to me.
> > I configure samba to authenticate to an LDAP server, everything wokrs
> > perfect, I got rid of the /etc/passwd file, now all
> > my users reside in the LDAP database, I can connect via ssh for example
> > without any problem, getent passwd returns the
> > information as expected, till here just like a sharm.
> >
> > No, I connect from a windows 2000 client as root/administrator, no problem
> > with that, now I try to connect as a regular user
> > and a pop up displays saying that I have not have access to logon to this
> > session.
> > This is my smb.conf
> > Any help will be apreciated..
> >
> > [global]
> >
> > workgroup = NETWARRIOR
> > netbios name = PDC Server
> > server string = Net Warrior PDC Server
> > smb ports = 139
> > printing = cups
> > printcap name = cups
> > printcap cache time = 750
> > cups options = raw
> > ;printer admin = decoder
> > username map = /etc/samba/smbusers
> > map to guest = Never
> > logon path = \\%L\profiles\%U
> > logon home = \\%L\%U
> > logon drive = P:
> > logon script = netlogon\logon.bat
> > interfaces = eth0, lo
> >
> > bind interfaces only = Yes
> >
> > ;passdb backend = tdbsam
> >
> > passdb backend = ldapsam:ldap://127.0.0.1
> >
> > pam password change = Yes
> > passwd program = /usr/bin/passwd %u
> > passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
> > *Retype\snew\sUNIX\spassword:* %n\n .
> >
> > unix password sync = no
> > log file = /var/log/samba/%m
> > log level = 2
> > syslog = 0
> > time server = Yes
> > domain logons = Yes
> > preferred master = Yes
> > wins support = yes
> > ;invalid users = root
> >
> > ;utmp = Yes
> > map acl inherit = Yes
> > ;veto files = /*.eml/*.nws/*.{*}/
> > ;veto oplock files = /*.doc/*.xls/*.mdb/
> > dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
> > # Inactividad ?
> > ;deadtime = 10
> >
> > # Virus Scanning Definition
> > ;vfs object = vscan-clamav
> > ;vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
> >
> > # Por si quiero LDAP
> > ldap suffix = dc=netwarrior,dc=com
> > ldap machine suffix = ou=Computers
> > ldap user suffix = ou=Users
> > ldap group suffix = ou=Groups
> > ldap idmap suffix = ou=Users
> > ldap admin dn = cn=Manager,dc=netwarrior,dc=com
> > ldap ssl = no
> > ldap passwd sync = Yes
> > idmap uid = 15000-20000
> > idmap gid = 15000-20000
> >
> > # Path to IDEALX scripts
> > add user script = /usr/local/sbin//smbldap-useradd -m "%u"
> > delete user script = /usr/local/sbin/smbldap-userdel "%u"
> > add machine script = /usr/local/sbin/smbldap-useradd -t 0 -w "%u"
> > add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
> > delete group script = /usr/local/sbin/smbldap-groupdel "%g"
> > add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
> > delete user from group script = /usr/local/sbin/sbin/smbldap-groupmod -x
> > "%u" "%g"
> > set primary group script = /usr/local/sbin/sbin/smbldap-usermod -g '%g'
> > '%u'
> > #add machine script = /usr/bin/smbpasswd -a -m %u
> >
> > [homes]
> > comment = Home Directories
> > valid users = @"Domain Users" @"Domain Admins"
> > browseable = no
> > read only = No
> > inherit permissions = Yes
> >
> > [netlogon]
> > comment = Network Logon Service
> > path = /var/lib/samba/netlogon
> > guest ok = Yes
> > locking = No
> > browsable = No
> >
> > [profiles]
> > comment = Network Profiles Service
> > path = %H
> > browsable = No
> > read only = No
> > store dos attributes = Yes
> > create mask = 0600
> > directory mask = 0700
> > valid users = @"Domain Users" @"Domain Admins"
> >
> > [printers]
> > comment = All Printers
> > path = /var/tmp
> > printable = Yes
> > create mask = 0600
> > browseable = No
> >
> >
> > [print$]
> > comment = Printer Drivers
> > path = /var/lib/samba/drivers
> > write list = @ntadmin root
> > force group = ntadmin
> > create mask = 0664
> > directory mask = 0775
> >
> > [Data]
> > comment = Shared
> > path = /opt/data
> > valid users = @"Domain Users" @"Domain Admins"
> >
> >
> > This is what the log shows, nothing else, no errors.
> >
> > check_ntlm_password: authentication for user [netwarrior] -> [netwarrior]
> > ->
> > [netwarrior] succeeded
> > [2006/10/12 23:21:48, 2]
> > rpc_server/srv_samr_nt.c:_samr_lookup_domain(2670)
> > Returning domain sid for domain NETWARRIOR ->
> > S-1-5-21-2088455510-1489263592-2722087797
> > [2006/10/12 23:21:48, 2] passdb/pdb_ldap.c:init_sam_from_ldap(640)
> > init_sam_from_ldap: Entry found for user: netwarrior
> >
> >
> > When I log as administrator I can see connecting to share resource,
> > profile
> > resource and so on.
> >
> > Thanks guys for your time.
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/listinfo/samba
> >
>
>

More information about the samba mailing list