password stuff

[Anthony Ord]

On Tue, 3 Nov 1998 05:15:01 +1100, "Stephen L Arnold"
<arnold.steve at ensco.com> wrote:

>Greetings All:
>
>I hope everyone had a fun Halloween weekend (I carved 4 big 
>pumpkins and gave out a bucket full of rubber eyeballs and stuff).

You didn't give me any! :-(

>I'm hoping somebody can explain the password behavior I've been 
>seeing (and a couple of other things).  Here's my setup:
>
>An isolated LAN (most clients have modems for dialling out) with 
>one linux/samba machine (RedHat 4.2, kernel 2.0.30, samba 1.9.18p8) 
>and ~20 win95 (OSR/2.1) clients.  We used to have Netware 4.11 
>until the new PC/lan guy decided we didn't it any more (our old 
>server now runs win95 -ugh).  Most clients now run NetBEUI and 
>TCP/IP (except for the PC/lan guy, who's afraid of everything).  
>Some still have the (now useless) IPX/SPX stack loaded; when I 
>removed it from some of the clients, we got this "Netware shell is 
>not available" error which takes a little effort to get rid of, so 
>he just left the IPX stack loaded on most of the machines.

It doesn't remove cleanly and so leaving it in is probably the best
option.

>Anyway, I've given everyone accounts on my linux box (with the same 
>user names as their win95 machine names), but the PC/lan guy won't 
>let me enable PDC, browse master, or WINS stuff.
>
>Question 1)  Why am I the only one who can browse the samba shares 
>without entering a password?  Here's what I think (please give me 
>some feedback).  When we had Netware, everyone was set to Network 
>Login.  Now, some people still have it set (but there's nothing to 
>validate the login), while others have it set to Windows Login.  

Set "Primary Network Login" as "Client for Microsoft Networks" with
the Client for M$ Networks having the option of "Logon and restore
Network Connections" It doesn't matter nothing will validate it. The
password will be used as an en/decryption key.

>AFAIK, I'm the only one who uses their linux password as the 
>Network Login password for windoze (and that's why I can browse the 
>samba shares without entering a password again).  Would that be 
>more or less correct?  

It is the reason why, but is not necessary. See .pwl file below.

>Also, when others try and load an html doc 
>on the linux box (from windoze), it won't work until they browse 
>there and enter their password.  

If you did the above, they will have to "log in" every time they want
to use their machine. (They can have a null password if you allow that
sort of thing). This will create a <name>.pwl file - i.e. mine is
called Anthony.pwl because I log in as Anthony.

When they have logged in to 95 it will restore all the network drives.
The first time they will have to type a password (if their Win95 one
is different to the Linux one), but if they leave the "Remember
Password" box checked Win95 will store this password in their .pwl
file (encrypted - but not well) and they won't have to type it again.
This will (incidently) save their password for Windows DUN.

If you do not select "Logon and restore Network Connections", then
they will have to manually browse with explorer to restore the
connection.

If you do not select "Client for M$ Networks", then Win95 will not
remember their password, and they will have to type it in each time.

>When I get my other linux box up, 
>this one will be running Apache, but for now the html docs are just 
>static (which should take care of the latter behavior?).

What's stopping you from running Apache now? The response is pretty
snappy over ethernet and the performance hit is so negligible on my
machine that it doesn't even stutter in the middle of playing an MP3.
This is a 486 machine running Linux, SAMBA and various other things.

>Question 2)  It doesn't happen on my windoze box (of course), but 
>on most everyone else's machine, windoze launches the autodial box 
>(either MS or Netscape) when they try and telnet to the linux box.  
>Anyone know how to stop it from doing that?  Something in the TCP 
>keys in the registry perhaps?

It should be in the routing tables. If you try to go for an "unknown"
(not accessible through your network card)  IP address, then dial-up
networking will kick in. Check the following...

1/Every machine calls the internal network the same thing. The IP of
the network should be the same for every machine and the netmask
should be the same (unless you have a more complicated set-up) For
example if your netmask is 255.255.255.0, then all your machines IPs
should have the same first three numbers, with only the fourth
changing between machines. 

2/Beware of a hardcoded nameserver in a dial-up machines
configuration. If you supply an unknown name (not in c:\windows\hosts
or lmhosts??), then windows will go for the name server. If the name
server is not on your local network (it's your ISP's for example),
then the dial-up box will pop-up.

3/You can disable this box, but that would disable it even when trying
to access real internet addresses. It is in "Control
Panel/Internet/Connection/Connect to the Internet as needed"

>Question 3)  What would be the advantage of making samba the browse 
>master?  It seems like we're always having little network problems 
>now with NetBEUI (where IPX was very stable), eg, machines and 
>shares randomly disappear and then reappeared later, or some 
>machines can see some resources but not others, while other 
>machines can see things the first group can't.  I get the feeling 
>that windoze sends a lot of unnecessary network traffic, and when 
>something doesn't respond right away, clients hang, etc (I may be 
>ignorant, but a network design that allows one goofy client to take 
>down other clients seems like a bad thing).

It is bad design, but I don't know anything about Browsing apart from
that it's crap ;-), so I'll allow others to respond.

>I'm no expert, but I get the feeling that if I enabled some of the 
>samba features, things would get better, such as security (PDC 
>stuff), browsing (browse master stuff), and WINS.  Can anyone give 
>me some arguments to present to the PC/lan guy (or my boss) on why 
>it would be better to use those samba features?

'Fraid not again. Other will know more than I do about these.

>Thanks in advance, Steve Arnold

Hope the above helps in some way.

>****************************************************************
>Stephen L. Arnold                        Senior Systems Engineer
>ENSCO Inc.                        email:  arnold.steve at ensco.com
>P.O. Box 5488                         www:  http://www.ensco.com
>Vandenberg AFB, CA  93437             voice: 805.734.8232 x68838
>                                               fax: 805.734.4779
>#include <std_disclaimer.h>
>****************************************************************
Regards

Anthony
===============================================================
|'All kids love log!'                                         |
|                                              Ren & Stimpy   |
===============================================================