NTDOM: Windows NT logon and browsing errors

Andre Gerhard andre at lme.usp.br
Mon Jan 12 18:05:11 GMT 1998


I have installed the latest version of the BRANCH_NTDOM Samba code (from CVS).
It compiled OK (my server machine is a Pentium PC Linux RedHat 4.1), but I am
not able to:

1. Browse the server from a NT Workstation or NT Server computer
   (it works if I browse from Win95, and if I issue commands like:
     net use x: \\server_name\share

2. Set the domain of the NT Workstation to the Samba Server.

I really want to know if my setup was done correctly; in particular, I didn't
understand very well how to configure the 'guest' account, so this is the first
suspect for me ...
Is it necessary to have a guest account in the NT workstation ? What is the
password of this account ?

My smb.conf file:

; The global setting for a default install
; Copyright(C) John H Terpstra - 1997
;======================= Global Settings =====================================

; workgroup = NT-Domain-Name or Workgroup-Name, eg: REDHAT4
   workgroup = PROCECM

   encrypt passwords = yes

; comment is the equivalent of the NT Description field
   comment = Samba Server - Pro Aluno

; printing = BSD or SYSV or AIX, etc.
   printing = bsd
   printcap name = /etc/printcap
   load printers = yes

; Uncomment this if you want a guest account, you must add this to /etc/passwd
  guest account = nobody
   log file = /usr/local/samba/var/log.%m

; Put a capping on the size of the log files (in Kb)
   max log size = 50

; Options for handling file name case sensitivity and / or preservation
; Case Sensitivity breaks many WfW and Win95 apps
;   case sensitive = yes
    short preserve case = yes
    preserve case = yes

; Security and file integrity related options
   lock directory = /usr/local/samba/var/locks
   locking = yes

   share modes = yes

; Security modes: USER uses Unix username/passwd, SHARE uses WfW type passwords
;        SERVER uses an other SMB server (eg: Windows NT Server or Samba)
;        to provide authentication services
   security = user
; Use password server option only with security = server
;   password server = <NT-Server-Name>

; Configuration Options ***** The location of this entry in your smb.conf
; heirachy determines  which parameters are overwritten - please watch out!
; Where %m is any SMBName (machine name, or computer name) for which a custom
; configuration is desired
;   include = /usr/local/samba/lib/smb.conf.%m

; Performance Related Options
; Before setting socket options read the smb.conf man page!!
   socket options = TCP_NODELAY 
; Socket Address is used to specify which socket Samba
; will listen on (good for aliased systems)
;   socket address = aaa.bbb.ccc.ddd
; Use keep alive only if really needed!!!!
;   keep alive = 60
; Configure Samba to use multiple interfaces
;        Samba will auto-detect network interfaces - only use this if
;        the auto-detection does not deliver the needed results
;   interfaces =

; Browser Control Options:
; Local Master set to True causes Samba to participate in browser elections
;       the default setting is true, this causes Samba to behave like a
;       Windows NT server. Setting this to false turns off all browser
;       election participation.
   local master = yes

; OS Level gives Samba the power to win browser elections. Windows NT = 32
;	Any value < 32 means NT wins as Master Browser, > 32 Samba gets it
;	default = 0, this ensures that Samba will NOT win the browser election.
   os level = 33

; Domain Master specifies Samba to be the Domain Master Browser
;	Only ever set this if there is NO Windows NT Domain Controller on the
;	network
   domain master = yes 

; Preferred Master causes Samba to force a local browser election on startup
   preferred master = yes

; Use with care only if you have an NT server on your network that has been
; configured at install time to be a primary domain controller.
;   domain controller = <NT-Domain-Controller-SMBName>

   domain sid = S-1-5-21-123-456-789-123

; Domain Logon Service Options:
; Domain logon control can be a good thing! See [netlogon] share section below!
;	Do NOT set this to yes if there is an Windows NT domain controller
;	on the network

   domain logons = yes
   domain admin users = root admin
   domain guest users = nobody
   domain hosts allow =

; run a specific logon batch file per workstation (machine)
;   logon script = %m.bat
; run a specific logon batch file per username
;   logon script = %u.bat

; Where to store roving profiles (only for Win95 and WinNT)
;        %L substitutes for the SMB name we are called, %U is username
;        You must uncomment the [Profiles] share below
;   logon path = \\%L\Profiles\%U

; Windows Internet Name Serving Support Section:
; WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
;	the default is NO. If you have an Windows NT Server WINS use it!
;	Samba defaults to wins support = no
   wins support = yes

; WINS Server - Tells the NMBD components of Samba to be a WINS Client
;	Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
;   wins server = w.x.y.z

; WINS Proxy - Tells Samba to answer name resolution queries on behalf of a non
;	WINS Client capable client, for this to work there must be at least one
;	WINS Server on the network. The default is NO.
;   wins proxy = yes

;============================ Share Definitions ==============================
   comment = Home Directories
   browseable = yes
   writable = yes

; Un-comment the following and create the netlogon directory for Domain Logons
   comment = Samba Network Logon Service
   path = /usr/local/samba/lib/netlogon
; Case sensitivity breaks logon script processing!!!
   case sensitive = no
   guest ok = no
   locking = no
   writable = no
;   For browseable say NO if you want to hide the NETLOGON share
   browseable = yes

; Un-comment the following to provide a specific roving profile share
; the default is to use the user's home directory
;    path = /usr/local/samba/profiles
;    browseable = no
;    printable = no
;    guest ok = yes

; NOTE: There is NO need to specifically define each individual printer
   comment = All Printers
   path = /usr/spool/samba
   browseable = no
   printable = yes
; Set public = yes to allow user 'guest account' to print
   guest ok = no
   writable = no
   create mask = 0700

; A publicly accessible directory, but read only, except for people in
; the staff group
   comment = Public Stuff
   path = /home/samba
   public = yes
   writable = yes
   printable = no
   write list = @users

   comment = Win95.NET directory
   path = /home/admin/win95.net
   public = yes
   browseable = yes
   available = yes
   writable = yes
   printable = no
   create mask = 0765

   comment = Win95.MAC directory
   path = /home/admin/win95.mac
   public = yes
   browseable = yes
   available = yes
   writable = yes
   printable = no
   create mask = 0765

   comment = IPC$ share
   browseable = yes
   available = yes
   public = yes
   path = /tmp

   comment = the garbage dump
   browseable = yes
   available = yes
   public = yes
   read only = no
   printable = no
   path = /tmp
   create mask = 0777

My /etc/passwd file:

ftp:x:14:50:FTP User:/home/ftp:
epellini:x:500:500:Usuario pro TUDA 8),somewhere.in.time,011-1406,011-1406,:/home/epellini:/bin/tcsh
andre:x:501:501:Andre Gerhard,,,,:/home/andre:/bin/tcsh
admin:x:502:502:Windows 95 Administrator:/home/admin:/bin/tcsh
guest:x:503:503:RHS Linux User:/home/guest:/bin/bash

My /etc/shadow file (edited):"


My smbpasswd file (edited):

# SMB password file.
epellini:500:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:Usuario pro TUDA 8),somewhere.in.time,011-1406,011-1406,:/home/epellini:/bin/tcsh
admin:01234567890123456789012345678901:01234567890123456789012345678901:Windows 95 Administrator:/home/admin:/bin/tcsh
guest:503:01234567890123456789012345678901:01234567890123456789012345678901:Guest User,,,,:/home/guest:/bin/tcsh

The guest account in the smb.conf points to the nobody account. In the smbpasswd file I tried first 'as is', i.e, with X in the place of the password.
Then a decided to use NO PASSWORD, but it didn't work. I also tried to use
the guest account, with no success.

Thanks in advance,

Andre Gerhard
Network administrator
University of Sao Paulo - SP - Brazil

More information about the samba mailing list