security level flag...

Stephen L Arnold sarnold at
Sat Jul 24 21:40:41 GMT 1999

On 24 Jul 99, "Fabio Iovine" <f_iovine at> had questions 
about security level flag...:  

> Hi all,
> I'm referring to Giulio Orsero's and Steve Arnold's mails replying to my
> previous mail concerning the same subject...
> First of all, the environment I'm workin' on is AIX 4.2.5 + Samba
> 1.9.18p10 + Win 95 Clients...

My environment is RH4.2(kernel 2.0.30)/samba 1.9.19p8 with 
plaintext passwords, and RH5.2(kernel 2.0.36)/samba 1.9.18p10 with 
encrypted passwords (using both shadow passwords and the SRP 
exponential password suite).  I will describe the latter.  Home 
ethernet, private class C address space, main samba machine (above) 
is also ip-masq gateway, DNS, proxy, web, and WINS server.  for a 
handful of win95(OSR2) and linux clients.  All names have been 
scrubbed to protect the innocent.

Snippets from smb.conf:


   hosts allow = 192.168.0. 127.
   guest account = ftp
   security = user
   encrypt passwords = yes
   smb passwd file = /etc/smbpasswd
   username map = /etc/smbusers
   socket options = TCP_NODELAY
   interfaces =
#(this interface is actually eth1)
   local master = yes
   os level = 33
   domain master = yes
   preferred master = yes
   name resolve order = wins lmhosts bcast
   wins support = yes
   preserve case = no
   short preserve case = no
;   default case = lower
;   case sensitive = no

#===== Share Definitions ==============================
   comment = Home Directories
   browseable = no
   writable = yes
   comment = Temporary file space
   path = /home/tmp
   public = yes
   browseable = yes
   writable = yes
   create mask = 664
   printable = no

# A publicly accessible directory, but read only, except
# for me
   comment = Public Stuff
   path = /home/samba
   public = yes
   writable = yes
   printable = no
   write list = sjones

The permissions of the last two shares are:

drwxr-xr-x   3 root     nobody       1024 Nov 16  1998 samba
drwxrwxr-x   3 root     users        2048 May 23 16:53 tmp

The win95 NetBIOS names (and hostnames) are the same as their linux 
partition hostnames (eg, sneezy, doc, grumpy, etc).  The win95 side 
is set to M$ Network Client as default login, and browse master 
disabled.  The TCP/IP properties point to the main linux/samba box 
for WINS, gateway, and DNS (along with my ISP's DNS machines).  A 
also use my ISP's domain both internally and externally.  We use 
our personal accounts on the main server to login to windoze from 
any machine by mapping user names.  Both smbpasswd and shadow have 
the same set of usernames and passwords (of course, the smbpasswds 
use a different hash).


root = administrator admin
ftp = guest
mjones = doc sneezy
sjones = doc sneezy

where mjones and sjones are the user accounts on the linux/samba 
host, and doc and sneezy are the NetBIOS names of the win95 clients 
(the computer name in Network Properties/Identification).  They are 
the hostnames in TCP/IP properties, as well as the linux hostname 
when they boot the other way.  All machines have hosts files with 
local name-ip mappings (for both OS's), and the samba WINS server 
has an lmhosts file too.  And all win95 clients have all the system 
updates.  I even have a friend's win98 machine on the net right 
now, and it works fine too.

I believe this setup works the way you describe what you want.  If 
you can't login from any machine with the above configuration, then 
something else is hosed up, either your network setup, your 
clients, hardware, name resolution, etc.

> Any "detailed" suggestion?

Other than AIX goofiness, I think that should do it.


Steve Arnold                            sarnold at
This message composed of 100% recycled electrons.  You should
also recycle yourself. Become an organ donor. Discuss it with
your family. Do it today. :-)

More information about the samba mailing list