Authentification problems
Tim Oakley
t.oakley at mailhost.maury-imprimeur.fr
Wed Jan 23 09:31:29 GMT 2002
I am a very new user of Samba on VMS and have a problem which i am
certain is related to my not having a full understanding of the SMB
security model implementation under VMS.
I have created 'guest only' shares very satisfactorarily with 'security
= share'.
When i configure 'security = user' and create 'private' shares with
named 'valid users =' I am unable to connect to the share as all the
possible password combinations that i have tried are refused.
The included output from the 'smbtestparm' command shows the current
config. but i'll explain briefly the scenario.
A. SMB 'security = user' has been configured for my VMS server named
'axptoa'. This VMS server is running VMS v7.2-2, TCPIP services v5.1 and
Samba v2.0.3
B. a share named public (silly name but it's only for testing) has been
configured with 'valid users = toakley'.
C. the vms user 'toakley' exists with a password of 123456 and a valid
hime directory.
D.on my laptop called 'toa-laptop' & running W98, I connect to the
company LAN and logon onto an NT domaine called 'Bureautique' as
'toakley' via a vanilla NT4 server(the VMS server is SMB configured to
be in work group 'Bureautique').
E.in the explorer i select to connect to a network drive and input the
UNC '\\axptoa\public'. The 'logon' box is displayed and i input
'toakley' as the user and '123456' as the password. The connection is
refused with a password failure message.
F.I have tried multiple combinations of 'toakley' 'toa-laptop' and
'123456' as the user/pass combination but authentication never succeeds.
G.I have tried connections from the DOS prompt ('net use'), but to no
avail.
I can only think that i have missed something fundamental or that the
server config is 'suspect'.
Any advice would me appreciated, as I stated earlier 'guest only'
connections work fine.
Best regards
*******************************************************************************
(in the output below i receive a warning regarding protections on the
'locks' directory. I have tried setting the protection mask to
(s:rwed,o:rwed,g:re,w:re) and (s:rwed,o:rwed,g:rwed,w:rwed) for this
directory but still get the warning (??).
Output from SMBTESTPARM :
AXPTOA > smbtestparm
Load smb config files from /samba_root/lib/smb.conf
Processing section "[PUBLIC]"
Loaded services file OK.
WARNING: lock directory /dka0/sambav203/var/locks should have
permissions 0755 f
or browsing to work
Press enter to see a dump of your service definitions
# Global parameters
workgroup = BUREAUTIQUE
netbios name = AXPTOA
netbios aliases =
server string = Samba 2.0.3
interfaces =
bind interfaces only = No
security = USER
encrypt passwords = No
update encrypted = No
use rhosts = No
min passwd length = 5
map to guest = Never
null passwords = No
password server =
smb passwd file = /samba_root/private/smbpasswd.dat
hosts equiv =
root directory = /
passwd program = /samba_exe/passwd.exe
passwd chat = *old*password* %o\n *new*password* %n\n
*new*password* %n\
n *changed*
passwd chat debug = No
username map =
password level = 0
username level = 0
unix password sync = No
log level = 2
syslog = 1
syslog only = No
log file = /dka0/sambav203/var/log.%m
max log size = 5000
timestamp logs = Yes
protocol = NT1
read bmpx = Yes
read raw = Yes
write raw = Yes
nt smb support = Yes
nt pipe support = Yes
nt acl support = No
announce version = 4.2
announce as = NT
max mux = 50
max xmit = 65535
name resolve order = host wins bcast
max packet = 65535
max ttl = 259200
max wins ttl = 518400
min wins ttl = 21600
time server = No
change notify timeout = 60
deadtime = 0
getwd cache = Yes
keepalive = 300
lpq cache time = 10
max disk size = 0
max open files = 10000
read prediction = No
read size = 16384
shared mem size = 1048576
socket options =
stat cache size = 50
load printers = Yes
printcap name = /etc/printcap
printer driver file = /samba_root/lib/printers.def
strip dot = No
character set =
mangled stack = 50
coding system =
client code page = 850
stat cache = Yes
domain groups =
domain admin group =
domain guest group =
domain admin users =
domain guest users =
machine password timeout = 604800
add user script =
delete user script =
logon script =
logon path = \\%N\%U\profile
logon drive =
logon home = \\%N\%U
domain logons = No
os level = 0
lm announce = Auto
lm interval = 60
preferred master = No
local master = Yes
domain master = No
browse list = Yes
dns proxy = Yes
wins proxy = No
wins server = 89.135.200.200
wins support = No
kernel oplocks = Yes
ole locking compatibility = Yes
smbrun = smbrun
config file =
preload =
lock dir = /dka0/sambav203/var/locks
default service =
message command =
dfree command =
valid chars =
remote announce =
remote browse sync =
socket address = 0.0.0.0
homedir map =
time offset = 0
unix realname = No
NIS homedir = No
panic action =
comment =
path =
alternate permissions = No
revalidate = No
username =
guest account = TCPIP$NOBODY
invalid users =
valid users =
admin users =
read list =
write list =
force user =
force group =
read only = Yes
create mask = 0744
force create mode = 00
directory mask = 0755
force directory mode = 00
guest only = No
guest ok = No
only user = No
hosts allow = localhost, 89.135.
hosts deny =
status = Yes
max connections = 0
min print space = 0
strict sync = No
sync always = No
print ok = No
postscript = No
printing = bsd
print command = lpr -r -P%p %s
lpq command = lpq -P%p
lprm command = lprm -P%p %j
lppause command =
lpresume command =
queuepause command =
queueresume command =
printer name =
printer driver = NULL
printer driver location =
default case = lower
case sensitive = No
preserve case = Yes
short preserve case = Yes
mangle case = No
mangling char = ~
hide dot files = Yes
delete veto files = No
veto files =
hide files =
veto oplock files =
map system = No
map hidden = No
map archive = Yes
mangled names = Yes
mangled map =
browseable = Yes
blocking locks = Yes
fake oplocks = No
locking = Yes
oplocks = Yes
strict locking = No
share modes = Yes
copy =
include =
exec =
postexec =
root preexec =
root postexec =
available = Yes
volume =
fstype = NTFS
set directory = No
wide links = Yes
follow symlinks = Yes
dont descend =
magic script =
magic output =
delete readonly = No
dos filetimes = No
dos filetime resolution = No
fake directory create times = No
[PUBLIC]
comment = sys$sysdevice:[tmp.public]
path = /dka0/tmp/public
valid users = toakley
write list = toakley
create mask = 0765
guest ok = Yes
AXPTOA >
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Tim OAKLEY
MAURY-Imprimeur,
Z.I, Route d'Etampes
45330 MALESHERBES Cedex
France
voice: (33) 02.38.32.34.38
fax: (33) 02.38.32.37.72
email: toakley at maury-imprimeur.fr
"The whole problem with the world is that fools
and fanatics are always so certain of themselves,
and wiser people so full of doubts."
More information about the samba-vms
mailing list