new user on samba

[Stephen L Arnold]

When the world was young, David carved some runes like this:

>   I'm a new user on samba. I run a samba server on Redhat Linux 5.2,
>   and my client is NT4+SP3. I have followed the steps described in
>   ENCRYPTION.TXT. and also set 'username map'. But NT box will
>   display "invalid username or passwd" unless I set the smbpasswd of
>   the account to NO PASSWORD.

Does testparm report any errors?  What are the results of the test 
steps in Diagnosis.txt?

If samba is running in user-level security mode, then NT4SP3 will 
not browse the samba shares without an open connection (ie, you 
need to map a share as a local drive first).  Open a command prompt 
on the NT box and try Net View (Net Use to map a share as a local 
drive).

On my network, Net View (on the NT box) displays the browse list.
"Net View \\samba_box" returns an error.  However,
"Net Use s: \\samba_box\sharename /user:jones"
prompts for the jones password and successfully mounts the share as 
drive s: (and then browsing in explorer works fine for all shares).

"Net View" (on a win95 box) displays the browse list.
"Net View \\samba_box" displays the shares.
"Net View \\NT_box" returns an error:
    Error 234: Additional data is available.
"Net Use x: \\NT_box\sharename" successfully mounts the share.
"Net Use x: \\samba_box\sharename" successfully mounts the share.
Note: the username switch for the Net Use command is only available 
on the NT box.

Now for the smbclient stuff:

"smbclient -L samba_box" displays the browse list and workgroup 
list.  It prompts for a password, but don't enter one (just hit 
return) as browsing is done as the user guest (whatever account is 
set as guest in smb.conf).  Try nobody or ftp as the guest user.
"smbclient -L NT_box" looks the same up to the password prompt, but 
doesn't display any shares.
"smbclient \\\\NT_box\\sharename -U jones" (after prompting for 
jones password) successfully connects to the given share.  I 
haven't had the need to play with smbmount yet, so I don't really 
have any experiences to relate.

In the above scenario, linux user jones has a win95 box (computer 
name jones) that authenticates against the samba box using the 
Windows Network Logon as the default when win95 boots up.  We have 
all win95 clients, one shared NT workstation  machine (but no NT 
PDC, etc), and one RedHat box (running samba in user level 
security, apache, etc).  With this type of authentication and win95 
machines named after their user accounts on the linux host, win95 
users can immediately browse/access all their samba shares.  If 
they logon to windoze with a different password (or if they have 
the windoze password set as the default instead of the Network 
Logon) they are prompted for the linux/samba password when they try 
and browse a samba share in explorer.

This type of access scenario depends on the windoze machine names 
matching the linux usernames.  If you want more than guest access 
from another windoze box, you need to map the name of the second 
windoze box to your real linux username in the username map file.

Also, the network stuff (TCP/IP, name resolution, etc) all needs to 
be working correctly.  A good first step is to remove NetBlooie and 
IPX (you may need IPX for Netware connectivity, but I can't think 
of a single case where you really need NetBlooie).

Hope this helps, Steve


******************************************************************
Stephen L Arnold                      http://www.rain.org/~sarnold
#include <std_disclaimer.h>
******************************************************************