NT service problem (PR#19365) Help :) (fwd)
David Livingstone
davidl at cn.ca
Thu Dec 9 14:33:39 GMT 1999
Thanks, I will try password encryption ...
Yes I could run tcpdump or I could even connect up
a sniffer, however wouldn't it be better to have
"password exchange" added to the debug logging ?
I'm sure this isn't the first time this has been
an issue. For the network gifted it is a simple matter
to run and decipher a sniffer/tcpdump. For the average
person trying to install samba - especially those who
are taking the plunge from the MS world - this is a
large hurdle. Making samba simple to install/debug
is key to it's success.
If this works an entry in the knowledge base would also
be of benefit to other users. I couldn't find
anything on this in the docs or John Blair's book.
>
> David Livingstone wrote:
> >
> > workgroup = cad
> > security = user
> > encrypt passwords = no
>
> I think you're going to have to use password encryption.
> IIRC the password you enter into the Service Control panel
> for the account is stored in the LSAP secrets portion
> of the registry. The password hash is stored and not the
> clear test. Been a long time since I looked this though.
>
> > I attempted turning the debug level of smbd/nmbd higher as
> > well as running strace from linux to try and see what was
> > happening but no luck. What do I need to run see the
> > password exchange ?
>
> Use tcpdump (or netmon) and grab a packet trace.
>
> > Question : Where is the guest account fully explained.
> > I have read the John Blair book but still find it confusing.
>
> In the 2.0.x code the compile time GUEST_SESSETUP was
> changed to a "Map to Guest' parameter in smb.conf. Check
> out the man page and see if that helps.
>
> > 3. Working config.
> > I finally got things to work by adding the following two lines to the
> > global section :
> >
> > password server = filenet
> > security = server
> >
> > This avoids the problem by having the NT server(filenet)
> > which is the primary domain controller do the authentication.
> > However as noted it does not explain why the samba
> > machine cannot authenticate.
>
> Well it sort of does I think. password = server uses
> password encryption.
>
>
>
> Hope this helps,
> jerry
> ________________________________________________________________________
> Gerald ( Jerry ) Carter
> Engineering Network Services Auburn University
> jerry at eng.auburn.edu http://www.eng.auburn.edu/users/cartegw
>
> "...a hundred billion castaways looking for a home."
> - Sting "Message in a Bottle" ( 1979 )
>
--
David Kerr Livingstone
Canadian National Railway, Signals & Communications
935 de La Gauchetiere St. West
12th Floor
Montreal, Quebec, Canada
H3B-2M9
Phone : (514)399-7731 Fax : (514)399-7503
Internet : davidl at cn.ca
More information about the samba
mailing list