[mah@mhorton.net: update note]

Tim Potter tpot at samba.org
Tue Jan 1 12:42:07 GMT 2002 

----- Forwarded message from Mary Ann Horton <mah at mhorton.net> -----

From: Mary Ann Horton <mah at mhorton.net>
To: mailman-owner at va.samba.org
Subject: update note

Hi,

I just wanted to pass along to the maintainers of Samba (especially DIAGNOSE.txt
and the installation instructions) that there is an area that needs an update.

I just installed Solaris 8 2.2.2 pkgadd from the Samba.org site.  It installed
beautifully but would not accept any passwords except from itself.  After
several hours of frustration, I eventually figured out that I needed to turn on
encrypted passwords.  That fact doesn't seem to be part of the standard
documentation, which suggests that I have a version at least 2 years old, or at
least the documentation.

These days, almost everything requires encrypted passwords.  Win 2000, Xp, and
even Me do (I was using an Me client in my otherwise pristine Win2K
environment.)  This isn't obvious to the newbie setting up Samba.

Please add the step to create the smbpasswd file, an explanation that if your
UNIX box uses shadow passwords (as most do) that every password must be manually
changed (or if there is a procedure to automatically copy them all in, document
it.)  And then to turn on encrypted passwords.

The sample smb.conf file says not to turn this on without first reading
ENCRYPTION.txt, Win95.txt and WinNT.txt.  There is no ENCRYPTION.txt, it's an
HTML file.  The HTML file doesn't mention shadow passwords or the need to
uncomment the encryption line from smb.conf.  It would also be helpful if the
claim about mksmbpasswd keeping the passwd files from getting out of sync didn't
imply that the passwords would be kept in sync using this utility.  (Presumably
you just meant the list of valid users.)

DIAGNOSIS.txt apparently was last updated 2 years ago, and doesn't really take
encryption into account.  The encryption problem won't show up in test 7 (since
that's from a nonencrypted client) but is mentioned incorrectly there anyway.
It will come up in test 8, although the comment
about bad password refers to a nonexistent smbclient -L test (did you mean test
7?) and claims the problem must be hosts allow, which is a dead end I wasted a
lot of time on.  test 8 needs a section on encrypted passwords, as does test 9
and 11.  (test 11 finally does address it, sort of, although the hint isn't
useful if you got a precompiled distribution - how can you tell if it's been
compiled in?  Where do you go to enable it?)

Anyway, thanks for putting all this together and for making the approprate
updates!

    Mary Ann




----- End forwarded message -----

More information about the samba-technical mailing list