Linux Samba almost setup
Tom Roche
tom_roche at ncsu.edu
Fri Mar 12 03:36:14 GMT 1999
I got a number of responses to my last post; thanks to all. I
implemented them in /etc/smb.conf as follows:
* Change
> workgroup = MYGROUP
to
> workgroup = SDL.CSC.NCSU
(the group in which the client resides).
* Change
> ; hosts allow = 192.168.1. 192.168.2. 127.
to
> hosts allow = 152.1. 127.
* Change
> ; interfaces = 192.168.12.2/24 192.168.13.2/24
to
> interfaces = 152.1.61.159/255.255.0.0
* By far the greatest number of responses said to change
> ; encrypt passwords = yes
to
> encrypt passwords = yes
* then, as described in .../samba-1.9.18p10/docs/ENCRYPTION.txt:
> To generate the smbpasswd file from your /etc/passwd file use the
> following command :-
> cat /etc/passwd | mksmbpasswd.sh >/usr/local/samba/private/smbpasswd
> The mksmbpasswd.sh program is found in the Samba source directory. By
> default, the smbpasswd file is stored in :-
> /usr/local/samba/private/smbpasswd
> The owner of the /usr/local/samba/private directory should be set to
> root, and the permissions on it should be set <by> :-
> chmod 500 /usr/local/samba/private
> Likewise, the smbpasswd file inside the private directory should be
> owned by root and the permissions on is should be set by the command
:-
> chmod 600 smbpasswd.
killall -HUP inetd, and run the diagnostics. Retrogression: I don't
even pass all of test 7. From
> smbclient '\\BACKPACK\TMP' -U guest
I get
> Added interface ip=152.1.61.159 bcast=152.1.255.255 nmask=255.255.0.0
> Server time is Thu Mar 11 22:00:15 1999
> Timezone is UTC-5.0
> Domain=[SDL.CSC.NCSU] OS=[Unix] Server=[Samba 1.9.18p10]
> connected as guest security=user
as before. But
> smbclient '\\BACKPACK\TMP' -U tlroche
which worked previously, gets (broken for readability)
> Added interface ip=152.1.61.159 bcast=152.1.255.255 nmask=255.255.0.0
> Server time is Thu Mar 11 22:00:31 1999
> Timezone is UTC-5.0
> Session setup failed for username=tlroche workgroup=SDL.CSC.NCSU
> myname=BACKPACK destname=BACKPACK ERRSRV - ERRbadpw
> (Bad password - name/password pair in a Tree Connect
> or Session Setup are invalid.)
> You might find the -U, -W or -n options useful
> Sometimes you have to use `-n USERNAME' (particularly with OS/2)
> Some servers also insist on uppercase-only passwords
net view and net use also fail differently:
> C:\WINNT\Profiles\tlroche\Desktop>net view \\BACKPACK
> System error 86 has occurred.
> The specified network password is not correct.
Note that I'm logged into the client as 'tlroche', and that the
server
also has an account 'tlroche' (which can be seen in passwd and
smbpasswd)
using the same password.
> C:\WINNT\Profiles\tlroche\Desktop>net use x: \\BACKPACK\TMP
/user:guest
> The password is invalid for \\BACKPACK\TMP.
> Type the password for \\BACKPACK\TMP:
> System error 86 has occurred.
> The specified network password is not correct.
* So I'm now sure the passwords are the problem, though why this would
fail on a public share using 'guest' I can't begin to say.
I note that /usr/doc/samba-1.9.18p10/docs/DIAGNOSIS.txt says
> TEST 7: <snip>
> If it says "bad password" then the likely causes are:
> - you have shadow passords (or some other password system) but didn't
> compile in support for them in smbd
How would I check to see if I have shadow passwords?
> - your "valid users" configuration is incorrect
[tmp] has "public = yes", but I add "valid users = guest tlroche
root" for the hell of it.
> - you have a mixed case password and you haven't enabled the
"password
> level" option at a high enough level
No mixed case ...
> - the "path =" line in smb.conf is incorrect. Check it with testparm
/tmp is correct (I'm not completely incompetent :-)
> - you enabled password encryption but didn't create the SMB encrypted
> password file
It's there in /usr/local/samba/private/smbpasswd
> - your user does not have an entry in the smbpassword file
... and it has entries for guest, tlroche, root, etc.
killall -HUP inetd, and run the diagnostics: no change.
* I do
> testparm smb.conf > testparm.out
and see
> smb passwd file = /etc/smbpasswd
Hmm, that's not what the docs say. I add
> smb passwd file = /usr/local/samba/private/smbpasswd
to the [global] block, just under
> encrypt passwords = yes
killall -HUP inetd, and run the diagnostics: no change.
OK, passwords are the problem !-) Can anyone suggest a solution?
I can send testparm.out and smb.conf as desired.
Please note again that my objective is to provide my development group
with a more secure and usable way to access our Linux web/appserver
than FTP. I need _only_ to share disk on the Linux Samba server using
password encryption. Your assistance is appreciated; meanwhile I'm
gonna try my hand at ssh/scp (usability be damned :-)
Tom_Roche at ncsu.edu
More information about the samba
mailing list