NTDOM: Windows NT logon and browsing errors
Luke Kenneth Casson Leighton
lkcl at switchboard.net
Tue Jan 13 13:25:36 GMT 1998
hi andre,
first thing is to read docs/NTDOMAIN.txt. this makes recommendations that
you set up the latest _non_ NTDOMAIN server with encrypted passwords and
domain logons to a Win95 client.
then use _exactly_ the same smb.conf file except add "domain sid"
parameter, and use an NT workstation (or NT server configured as a
stand-alone server) as the client.
luke
On Tue, 13 Jan 1998, Andre Gerhard wrote:
> I have installed the latest version of the BRANCH_NTDOM Samba code (from CVS).
> It compiled OK (my server machine is a Pentium PC Linux RedHat 4.1), but I am
> not able to:
>
> 1. Browse the server from a NT Workstation or NT Server computer
> (it works if I browse from Win95, and if I issue commands like:
> net use x: \\server_name\share
> )
>
> 2. Set the domain of the NT Workstation to the Samba Server.
>
> I really want to know if my setup was done correctly; in particular, I didn't
> understand very well how to configure the 'guest' account, so this is the first
> suspect for me ...
> Is it necessary to have a guest account in the NT workstation ? What is the
> password of this account ?
>
>
>
> My smb.conf file:
>
> ; The global setting for a default install
> ; Copyright(C) John H Terpstra - 1997
> ;======================= Global Settings =====================================
> [global]
>
> ; workgroup = NT-Domain-Name or Workgroup-Name, eg: REDHAT4
> workgroup = PROCECM
>
> encrypt passwords = yes
>
> ; comment is the equivalent of the NT Description field
> comment = Samba Server - Pro Aluno
>
> ; printing = BSD or SYSV or AIX, etc.
> printing = bsd
> printcap name = /etc/printcap
> load printers = yes
>
> ; Uncomment this if you want a guest account, you must add this to /etc/passwd
> guest account = nobody
> log file = /usr/local/samba/var/log.%m
>
> ; Put a capping on the size of the log files (in Kb)
> max log size = 50
>
> ; Options for handling file name case sensitivity and / or preservation
> ; Case Sensitivity breaks many WfW and Win95 apps
> ; case sensitive = yes
> short preserve case = yes
> preserve case = yes
>
> ; Security and file integrity related options
> lock directory = /usr/local/samba/var/locks
> locking = yes
>
> share modes = yes
>
> ; Security modes: USER uses Unix username/passwd, SHARE uses WfW type passwords
> ; SERVER uses an other SMB server (eg: Windows NT Server or Samba)
> ; to provide authentication services
> security = user
> ; Use password server option only with security = server
> ; password server = <NT-Server-Name>
>
> ; Configuration Options ***** The location of this entry in your smb.conf
> ; heirachy determines which parameters are overwritten - please watch out!
> ; Where %m is any SMBName (machine name, or computer name) for which a custom
> ; configuration is desired
> ; include = /usr/local/samba/lib/smb.conf.%m
>
> ; Performance Related Options
> ; Before setting socket options read the smb.conf man page!!
> socket options = TCP_NODELAY
> ; Socket Address is used to specify which socket Samba
> ; will listen on (good for aliased systems)
> ; socket address = aaa.bbb.ccc.ddd
> ; Use keep alive only if really needed!!!!
> ; keep alive = 60
> ; Configure Samba to use multiple interfaces
> ; Samba will auto-detect network interfaces - only use this if
> ; the auto-detection does not deliver the needed results
> ; interfaces = 192.168.12.2/24 176.16.111.22/19 10.11.13.14/255.255.252.0
>
> ; Browser Control Options:
> ; Local Master set to True causes Samba to participate in browser elections
> ; the default setting is true, this causes Samba to behave like a
> ; Windows NT server. Setting this to false turns off all browser
> ; election participation.
> local master = yes
>
> ; OS Level gives Samba the power to win browser elections. Windows NT = 32
> ; Any value < 32 means NT wins as Master Browser, > 32 Samba gets it
> ; default = 0, this ensures that Samba will NOT win the browser election.
> os level = 33
>
> ; Domain Master specifies Samba to be the Domain Master Browser
> ; Only ever set this if there is NO Windows NT Domain Controller on the
> ; network
> domain master = yes
>
> ; Preferred Master causes Samba to force a local browser election on startup
> preferred master = yes
>
> ; Use with care only if you have an NT server on your network that has been
> ; configured at install time to be a primary domain controller.
> ; domain controller = <NT-Domain-Controller-SMBName>
>
> domain sid = S-1-5-21-123-456-789-123
>
> ; Domain Logon Service Options:
> ; Domain logon control can be a good thing! See [netlogon] share section below!
> ; Do NOT set this to yes if there is an Windows NT domain controller
> ; on the network
>
> domain logons = yes
> domain admin users = root admin
> domain guest users = nobody
> domain hosts allow = 143.107.70.104
>
>
> ; run a specific logon batch file per workstation (machine)
> ; logon script = %m.bat
> ; run a specific logon batch file per username
> ; logon script = %u.bat
>
> ; Where to store roving profiles (only for Win95 and WinNT)
> ; %L substitutes for the SMB name we are called, %U is username
> ; You must uncomment the [Profiles] share below
> ; logon path = \\%L\Profiles\%U
>
> ; Windows Internet Name Serving Support Section:
> ; WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
> ; the default is NO. If you have an Windows NT Server WINS use it!
> ; Samba defaults to wins support = no
> wins support = yes
>
> ; WINS Server - Tells the NMBD components of Samba to be a WINS Client
> ; Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
> ; wins server = w.x.y.z
>
> ; WINS Proxy - Tells Samba to answer name resolution queries on behalf of a non
> ; WINS Client capable client, for this to work there must be at least one
> ; WINS Server on the network. The default is NO.
> ; wins proxy = yes
>
> ;============================ Share Definitions ==============================
> [homes]
> comment = Home Directories
> browseable = yes
> writable = yes
>
> ; Un-comment the following and create the netlogon directory for Domain Logons
> [netlogon]
> comment = Samba Network Logon Service
> path = /usr/local/samba/lib/netlogon
> ; Case sensitivity breaks logon script processing!!!
> case sensitive = no
> guest ok = no
> locking = no
> writable = no
> ; For browseable say NO if you want to hide the NETLOGON share
> browseable = yes
>
> ; Un-comment the following to provide a specific roving profile share
> ; the default is to use the user's home directory
> ;[Profiles]
> ; path = /usr/local/samba/profiles
> ; browseable = no
> ; printable = no
> ; guest ok = yes
>
> ; NOTE: There is NO need to specifically define each individual printer
> [printers]
> comment = All Printers
> path = /usr/spool/samba
> browseable = no
> printable = yes
> ; Set public = yes to allow user 'guest account' to print
> guest ok = no
> writable = no
> create mask = 0700
>
>
> ; A publicly accessible directory, but read only, except for people in
> ; the staff group
> [public]
> comment = Public Stuff
> path = /home/samba
> public = yes
> writable = yes
> printable = no
> write list = @users
>
>
> [win95.net]
> comment = Win95.NET directory
> path = /home/admin/win95.net
> public = yes
> browseable = yes
> available = yes
> writable = yes
> printable = no
> create mask = 0765
>
> [win95.mac]
> comment = Win95.MAC directory
> path = /home/admin/win95.mac
> public = yes
> browseable = yes
> available = yes
> writable = yes
> printable = no
> create mask = 0765
>
> [IPC$]
> comment = IPC$ share
> browseable = yes
> available = yes
> public = yes
> path = /tmp
>
> [tmp]
> comment = the garbage dump
> browseable = yes
> available = yes
> public = yes
> read only = no
> printable = no
> path = /tmp
> create mask = 0777
>
>
> My /etc/passwd file:
>
> root:x:0:0:root:/root:/bin/bash
> bin:x:1:1:bin:/bin:
> daemon:x:2:2:daemon:/sbin:
> adm:x:3:4:adm:/var/adm:
> lp:x:4:7:lp:/var/spool/lpd:
> sync:x:5:0:sync:/sbin:/bin/sync
> shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
> halt:x:7:0:halt:/sbin:/sbin/halt
> mail:x:8:12:mail:/var/spool/mail:
> news:x:9:13:news:/var/spool/news:
> uucp:x:10:14:uucp:/var/spool/uucp:
> operator:x:11:0:operator:/root:
> games:x:12:100:games:/usr/games:
> gopher:x:13:30:gopher:/usr/lib/gopher-data:
> ftp:x:14:50:FTP User:/home/ftp:
> nobody:x:99:99:Nobody:/:
> epellini:x:500:500:Usuario pro TUDA 8),somewhere.in.time,011-1406,011-1406,:/home/epellini:/bin/tcsh
> andre:x:501:501:Andre Gerhard,,,,:/home/andre:/bin/tcsh
> admin:x:502:502:Windows 95 Administrator:/home/admin:/bin/tcsh
> guest:x:503:503:RHS Linux User:/home/guest:/bin/bash
>
> My /etc/shadow file (edited):"
>
> root:AAAAAAAAAAAAAAA:-1:-1:-1:-1:-1:-1
> bin:*:10165:-1:-1:-1:-1:-1:-1
> daemon:*:10165:-1:-1:-1:-1:-1:-1
> adm:*:10165:-1:-1:-1:-1:-1:-1
> lp:*:10165:-1:-1:-1:-1:-1:-1
> sync:*:10165:-1:-1:-1:-1:-1:-1
> shutdown:*:10165:-1:-1:-1:-1:-1:-1
> halt:*:10165:-1:-1:-1:-1:-1:-1
> mail:*:10165:-1:-1:-1:-1:-1:-1
> news:*:10165:-1:-1:-1:-1:-1:-1
> uucp:*:10165:-1:-1:-1:-1:-1:-1
> operator:*:10165:-1:-1:-1:-1:-1:-1
> games:*:10165:-1:-1:-1:-1:-1:-1
> gopher:*:10165:-1:-1:-1:-1:-1:-1
> ftp:*:10165:-1:-1:-1:-1:-1:-1
> nobody:*:10165:-1:-1:-1:-1:-1:-1
> epellini:BBBBBBBBBBBBBBB:10165:-1:-1:-1:-1:-1:-1
> andre:CCCCCCCCCCCCCCCc:10165:-1:-1:-1:-1:-1:-1
> admin:DDDDDDDDDDDDDDD:10172:-1:-1:-1:-1:-1:-1
> guest:EEEEEEEEEEEEEEe:10233:-1:-1:-1:-1:-1:-1
>
> My smbpasswd file (edited):
>
> #
> # SMB password file.
> #
> root:0:01234567890123456789012345678901:01234567890123456789012345678901:root:/root:/bin/bash
> bin:1:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:bin:/bin:
> daemon:2:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:daemon:/sbin:
> adm:3:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:adm:/var/adm:
> lp:4:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:lp:/var/spool/lpd:
> sync:5:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:sync:/sbin:/bin/sync
> shutdown:6:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:shutdown:/sbin:/sbin/shutdown
> halt:7:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:halt:/sbin:/sbin/halt
> mail:8:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:mail:/var/spool/mail:
> news:9:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:news:/var/spool/news:
> uucp:10:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:uucp:/var/spool/uucp:
> operator:11:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:operator:/root:
> games:12:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:games:/usr/games:
> gopher:13:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:gopher:/usr/lib/gopher-data:
> ftp:14:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:FTP User:/home/ftp:
> nobody:99:NO PASSWORDXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:Nobody:/:
> epellini:500:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:Usuario pro TUDA 8),somewhere.in.time,011-1406,011-1406,:/home/epellini:/bin/tcsh
> andre:501:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:Andre Gerhard,,,,:/home/andre:/bin/tcsh
> admin:01234567890123456789012345678901:01234567890123456789012345678901:Windows 95 Administrator:/home/admin:/bin/tcsh
> guest:503:01234567890123456789012345678901:01234567890123456789012345678901:Guest User,,,,:/home/guest:/bin/tcsh
>
> The guest account in the smb.conf points to the nobody account. In the smbpasswd file I tried first 'as is', i.e, with X in the place of the password.
> Then a decided to use NO PASSWORD, but it didn't work. I also tried to use
> the guest account, with no success.
>
>
> Thanks in advance,
>
> Andre Gerhard
> Network administrator
> University of Sao Paulo - SP - Brazil
>
>
>
>
<a href="mailto:lkcl at switchboard.net" > Luke Kenneth Casson Leighton </a>
<a href="http://mailhost.cb1.com/~lkcl"> Samba Consultancy and Support </a>
More information about the samba
mailing list