NT service problem (PR#19365) Help :) (fwd)

David Livingstone davidl at cn.ca
Thu Dec 9 14:33:39 GMT 1999 

 Thanks, I will try password encryption ...

 Yes I could run tcpdump or I could even connect up 
 a sniffer, however wouldn't it be better to have 
 "password exchange" added to the debug logging ?
 I'm sure this isn't the first time this has been
 an issue. For the network gifted it is a simple matter
 to run and decipher a sniffer/tcpdump. For the average
 person trying to install samba - especially those who
 are taking the plunge from the MS world - this is a
 large hurdle. Making samba simple to install/debug
 is key to it's success. 
 
 If this works an entry in the knowledge base would also
 be of benefit to other users. I couldn't find 
 anything on this in the docs or John Blair's book.

> 
> David Livingstone wrote:
> > 
> > workgroup = cad
> > security = user
> > encrypt passwords = no
> 
> I think you're going to have to use password encryption.
> IIRC the password you enter into the Service Control panel 
> for the account is stored in the LSAP secrets portion 
> of the registry.  The password hash is stored and not the 
> clear test.  Been a long time since I looked this though.
> 
> >      I attempted turning the debug level of smbd/nmbd higher as
> >      well as running strace from linux to try and see what was
> >      happening but no luck. What do I need to run see the
> >      password exchange ?
> 
> Use tcpdump (or netmon) and grab a packet trace.
> 
> > Question : Where is the guest account fully explained. 
> > I have read the John Blair book but still find it confusing.
> 
> In the 2.0.x code the compile time GUEST_SESSETUP was 
> changed to a "Map to Guest' parameter in smb.conf.  Check 
> out the man page and see if that helps.
> 
> > 3. Working config.
> >    I finally got things to work by adding the following two lines to the
> >    global section :
> >
> >    password server = filenet
> >    security = server
> >
> >    This avoids the problem by having the NT server(filenet) 
> > which is the primary domain controller do the authentication. 
> > However as noted it does not explain why the samba 
> > machine cannot authenticate.
> 
> Well it sort of does I think.  password = server uses 
> password encryption.
> 
> 
> 
> Hope this helps,
> jerry
> ________________________________________________________________________
>                             Gerald ( Jerry ) Carter	
> Engineering Network Services                           Auburn University 
> jerry at eng.auburn.edu             http://www.eng.auburn.edu/users/cartegw
> 
>        "...a hundred billion castaways looking for a home."
>                                   - Sting "Message in a Bottle" ( 1979 )
> 


-- 

David Kerr Livingstone 
Canadian National Railway, Signals & Communications
935 de La Gauchetiere St. West
12th Floor
Montreal, Quebec, Canada
H3B-2M9
Phone : (514)399-7731  Fax : (514)399-7503
Internet : davidl at cn.ca

More information about the samba mailing list