NT service problem (PR#19365) Help :) (fwd)
David Livingstone
davidl at cn.ca
Wed Dec 8 17:06:18 GMT 1999
Here is a re-post of PR#19365 which was originally post back in
Aug.. If anyone can help I am still looking for a solution !
Forwarded message:
>
> Hi Jeremy !
>
> Don't know if you remember this one but it is definetely turning
> my hair grey :) I have left your original reply at the end.
>
> I finally have a configuration which works with Bentley's
> software but it is more of a workaround then a fix.
> Once I finally talked to Bentley directly(as opposed to the
> VAR ha!) I did get a good response. They setup a server and
> we both tried to find a configuration that would work.
>
> Here is what was tried :
>
> 1. As per your suggestion we tried user level authentication.
> However we did not use encrypted passwords as I had already
> applied the registry fix on the NT server. So on the Linux
> side(Samba 2.0.4) we set the smb.conf file as :
> workgroup = cad
> security = user
> encrypt passwords = no
>
> [homes]
> guest ok = no
> read only = no
>
> [root]
> comment = Access for the NT server
> path = /
> valid users = bentley
> public = no
> writeable = yes
>
> Still no go. As before when we attempt to connect to the samba
> share we get(after ~5 seconds) a dialog stating :
> "Incorrect password or unknown username for \\Cadsc"
> We are then prompted for "Connect As" and "Password". If
> we then enter the bentley info(ie user bentley, pass xxxx)
> we do see the share and can map the drive. As backgroud
> there are two Bentley services which we have set to start
> and run as the user "bentley" with the same password. The
> third Bentley app. asks for the path name of the mounted
> share(ie K:\dir - does not recognise \\cadsc nominclature).
> In this example the app. replies with a very informative
> error informing us that the drive can not be accessed and
> we are stuck.
>
> I attempted turning the debug level of smbd/nmbd higher as
> well as running strace from linux to try and see what was
> happening but no luck. What do I need to run see the
> password exchange ?
>
> 2. At this point we tried a guest account login(share level)
> which Bnetley(Robert Hartley) had working on their
> setup. Unfortunatley we received exactly the same error.
> Here is the conf file :
>
> [global]
> workgroup = cad
> server string = filenet
> guest account = ftp
>
> [homes]
> path = /home
> browseable = yes
> writable = yes
>
> [root]
> comment = Bentley Directories
> path = /
> public = yes
> browseable = yes
> writable = yes
> guest ok = yes
> force user = bentley
>
> Question : Where is the guest account fully explained. I have read the John
> Blair book but still find it confusing.
>
> 3. Working config.
> I finally got things to work by adding the following two lines to the
> global section :
>
> password server = filenet
> security = server
>
> This avoids the problem by having the NT server(filenet) which is the
> primary domain controller do the authentication. However as noted
> it does not explain why the samba machine cannot authenticate.
>
> In desperation I had also tried adding the hosts equiv config line to global
> to see if I could allow access with no restrictions :
>
> ie
> hosts equiv = /usr/local/samba/lib/hosts.equiv
>
> , and in hosts.equiv is the dns name of the NT server
>
> ie filenet
>
> This also resulted in the now common error message.
>
> I also looked at changing the GUEST_SESSSETUP(p 70 of John Blair's book)
> to 3 but I couldn't figure how to do this in 2.0.4. Would this
> have helped and if so how is it done. The doc's with 2.0.4 were no help
> other then to tell me not to do it :)
>
> Anyway sorry for the long involved story. Do you have any
> suggestions or insights ?
>
> Thanks.
>
> # hosts allow = 165.115.0.0-165.115.255.255
> > davidl at cn.ca wrote:
> >
> > > A "service" on an NT 4 server cannot connect to a samba
> > > share on my linux machine. The specific versions are given
> > > below. From the NT machine I have no problem as the administrator
> > > to login to samba server and view the target share. The
> > > supplier's service however cannot seem to do the same. The
> > > service does have a config for a user/password but as it gives
> > > no verbose error message I am stuck. Also the supplier(Bentley)
> > > is about as useful as the IRS - in their opinion I should be
> > > using NT and that's the end of the story. I disagree :)
> > > The service starts automatically at boot time but even if I
> > > stop and then restart it after I have logged into the share
> > > I have no luck.
> > >
> > > Does anyone have any ideas ? From what I have gleamed from the
> > > John Blair book I have setup share level authentication. I have
> > > also applied the patch to NT to use plaintext passwords.
> >
> > Don't use share level auth. Use user auth with encrypted
> > passwords and add a username/password logon to the Linux
> > box that matches the username/password of the service.
> >
> > This does work with Samba and has for about 4 years or
> > so (as I did the original work to fix this when I was
> > making the Vantive service on NT use a Samba drive so
> > I could get at the log files I needed :-). It's just
> > a matter of configuring it correctly. Use the Samba logs
> > if the Bently logs are no use.
> >
> > Once you have this working I'd recommend you send a
> > tech note to Bently explaining how to do this. Many
> > app vendors don't support Samba due to ignorance. If
> > they saw it increased the compatibility (and hence
> > demand :-) of their products they might get more
> > accommodating.
> >
> > AutoDesk has been very good about doing this, and AutoCAD
> > now works well against a Samba server.
> >
> > Regards,
> >
> > Jeremy Allison,
> > Samba TEam.
> >
--
David Kerr Livingstone
Canadian National Railway, Signals & Communications
935 de La Gauchetiere St. West
12th Floor
Montreal, Quebec, Canada
H3B-2M9
Phone : (514)399-7731 Fax : (514)399-7503
Internet : davidl at cn.ca
More information about the samba
mailing list