samba security levels and NT browsing

Stephen L Arnold arnold.steve at ensco.com
Thu Jan 7 17:23:58 GMT 1999 

When the world was young, Anand Rao carved some runes like this:

> SECURITY = SERVER 				
> 
> PASSWORD SERVER =  < MY PDC SERVER >   < OTHER SERVER >   < ANOTHER 
> SERVER >
> 
> WINS SERVER = 10.10.10.10
> 
> NAME RESOLVE ORDER = HOSTS WINS
> 
> SHARE MODES = YES

> But with these paramter set.. as mentioned above... I can see the share 
> on the Windows PC.. but cannot access any of the shares.... even public 
> ones !! If I double-click on the share names...Windows asks for a 
> username and password... and it does not accept the Windows 
> Identification.... nor the root password of the Samba server ( running 
> on Solaris)... nor any identification.
> 
> If I enter the Root password... Windows gives me an error... saying " 
> Credentials supplied conflict with existing credentials"
> 
> If I enter the Windows Logon name and password.... the error is " 
> Incorrect username and password"

In the above configuration, can you successfully do a Net Use... 
command from a command prompt (on the NT machine) to mount a samba 
share as a local drive?  I can't explain the details myself, but 
NT4SP3 cannot browse the samba shares without at least one open 
connection (with security = user and no encryption).  See WinNT.txt 
in the samba docs.
 
> Moreover.. if I try to run the "addtosmbpass" script in the /bin 
> directory.. to add users to the smbpasswd file.... it does not work. AWK 
> gives me errors in 3-4 lines. Is there is a site where I can get the 
> corrected version of the file or has it got something to do with AWK 
> version on Solaris 7.
> 
> I do not want to create a SMBPASSWD file....and also... the 
> documentation says I don't need to... if I am using ENCRYPTED 
> PASSWORDS.. and WINDOWS NT 4.0 with SP 3.0 automates to ENCRYPTION..
> 
> The point is that... do I need to say in the smb.conf that ENCRYPT 
> PASSWORDS = TRUE... ???

Wait a minute, now I'm confused again (not difficult to do ;-) The 
way I understand it, if samba is not set for encrypted passwords, 
then there is no need for the smbpasswd file, and NT4SP3 and later, 
as well as win95 with certain updates and win98, will need the 
registry hack to enable plain text passwords.  If you set encrypted 
passwords = yes for samba, then smbpasswd is required to sync the 
/etc/passwd file with the samba (encrypted) passwords (and the 
above versions of windoze don't need the reg hack).

Later, Steve


******************************************************************
Stephen L Arnold                             sarnold at earthling.net

"A mime is a terrible thing to waste..."  -  Mel Brooks

More information about the samba mailing list