Linux Samba almost setup

Tom Roche tom_roche at ncsu.edu
Fri Mar 12 03:36:14 GMT 1999 

I got a number of responses to my last post; thanks to all. I
implemented them in /etc/smb.conf as follows:

* Change

>    workgroup = MYGROUP

  to

>    workgroup = SDL.CSC.NCSU

  (the group in which the client resides).

* Change

> ;   hosts allow = 192.168.1. 192.168.2. 127.

  to

>    hosts allow = 152.1. 127.

* Change

> ;   interfaces = 192.168.12.2/24 192.168.13.2/24 

  to

>    interfaces = 152.1.61.159/255.255.0.0

* By far the greatest number of responses said to change

> ;  encrypt passwords = yes

  to

>   encrypt passwords = yes

* then, as described in .../samba-1.9.18p10/docs/ENCRYPTION.txt:

> To generate the smbpasswd file from your /etc/passwd file use the
> following command :-

> cat /etc/passwd | mksmbpasswd.sh >/usr/local/samba/private/smbpasswd

> The mksmbpasswd.sh program is found in the Samba source directory. By
> default, the smbpasswd file is stored in :-

> /usr/local/samba/private/smbpasswd

> The owner of the /usr/local/samba/private directory should be set to
> root, and the permissions on it should be set <by> :-

> chmod 500 /usr/local/samba/private

> Likewise, the smbpasswd file inside the private directory should be
> owned by root and the permissions on is should be set by the command
:-

> chmod 600 smbpasswd.

  killall -HUP inetd, and run the diagnostics. Retrogression: I don't
  even pass all of test 7. From

> smbclient '\\BACKPACK\TMP' -U guest

  I get

> Added interface ip=152.1.61.159 bcast=152.1.255.255 nmask=255.255.0.0
> Server time is Thu Mar 11 22:00:15 1999
> Timezone is UTC-5.0
> Domain=[SDL.CSC.NCSU] OS=[Unix] Server=[Samba 1.9.18p10]
> connected as guest security=user

  as before. But

> smbclient '\\BACKPACK\TMP' -U tlroche

  which worked previously, gets (broken for readability)

> Added interface ip=152.1.61.159 bcast=152.1.255.255 nmask=255.255.0.0
> Server time is Thu Mar 11 22:00:31 1999
> Timezone is UTC-5.0
> Session setup failed for username=tlroche workgroup=SDL.CSC.NCSU
> myname=BACKPACK destname=BACKPACK ERRSRV - ERRbadpw
> (Bad password - name/password pair in a Tree Connect
>                 or Session Setup are invalid.)
> You might find the -U, -W or -n options useful
> Sometimes you have to use `-n USERNAME' (particularly with OS/2)
> Some servers also insist on uppercase-only passwords

  net view and net use also fail differently:

> C:\WINNT\Profiles\tlroche\Desktop>net view \\BACKPACK
> System error 86 has occurred.
> The specified network password is not correct.

  Note that I'm logged into the client as 'tlroche', and that the
server
  also has an account 'tlroche' (which can be seen in passwd and
smbpasswd)
  using the same password.

> C:\WINNT\Profiles\tlroche\Desktop>net use x: \\BACKPACK\TMP
/user:guest
> The password is invalid for \\BACKPACK\TMP.
> Type the password for \\BACKPACK\TMP:
> System error 86 has occurred.
> The specified network password is not correct.

* So I'm now sure the passwords are the problem, though why this would
  fail on a public share using 'guest' I can't begin to say.

  I note that /usr/doc/samba-1.9.18p10/docs/DIAGNOSIS.txt says

> TEST 7: <snip>

> If it says "bad password" then the likely causes are:

> - you have shadow passords (or some other password system) but didn't
>   compile in support for them in smbd

  How would I check to see if I have shadow passwords?

> - your "valid users" configuration is incorrect

  [tmp] has "public = yes", but I add "valid users = guest tlroche
  root" for the hell of it.

> - you have a mixed case password and you haven't enabled the
"password
>   level" option at a high enough level

  No mixed case ...

> - the "path =" line in smb.conf is incorrect. Check it with testparm

  /tmp is correct (I'm not completely incompetent :-)

> - you enabled password encryption but didn't create the SMB encrypted
>   password file

  It's there in /usr/local/samba/private/smbpasswd

> - your user does not have an entry in the smbpassword file

  ... and it has entries for guest, tlroche, root, etc.

  killall -HUP inetd, and run the diagnostics: no change.

* I do

> testparm smb.conf > testparm.out

  and see

> smb passwd file = /etc/smbpasswd

  Hmm, that's not what the docs say. I add

>   smb passwd file = /usr/local/samba/private/smbpasswd

  to the [global] block, just under

>   encrypt passwords = yes

  killall -HUP inetd, and run the diagnostics: no change.

OK, passwords are the problem !-) Can anyone suggest a solution?
I can send testparm.out and smb.conf as desired.

Please note again that my objective is to provide my development group
with a more secure and usable way to access our Linux web/appserver
than FTP. I need _only_ to share disk on the Linux Samba server using
password encryption. Your assistance is appreciated; meanwhile I'm
gonna try my hand at ssh/scp (usability be damned :-)

Tom_Roche at ncsu.edu

More information about the samba mailing list