Problem with NT encryption to Linux Samba Server

Stephen L Arnold arnold.steve at ensco.com
Wed May 19 00:46:03 GMT 1999 

When the world was young, amulyon at ipass.net carved some runes like this:

> I'm using RedHat linux 6.0  and accessing it from windows NT 4.0 SP3.

[snip]
> --snip of smb.conf ----
> 
> encrypt passwords = yes
> ;security = server
> hosts allow = all
> guest account = pcguest
> guest ok = yes
> 
> [public]
>    path = /home/pcguest
>    public = yes
>    guest ok = yes
>    writable = yes
>    printable = no
> --- end of smb.conf ----
> 
> When I tried to access the public share from NT using pcguest%pcguest as a
> user and password I got an error message in /var/log/samba/log.sbm:
> 
> [1999/05/17 17:43:38, 1] smbd/password.c:pass_check_smb(506)
>   Account for user 'pcguest' was disabled.
> [1999/05/17 17:43:38, 1] smbd/password.c:pass_check_smb(506)
>   Account for user 'pcguest' was disabled.
> 
> I already created a unix user of pcguest in /etc/passwd and give a 
> guest ok = yes permission.
> 
> Even worse I can't access it from local machine using a command :
> 
> host $ smbclient //cy25013-7/public -Upcguest%pcguest
> Added interface ip=166.34.21.214 bcast=166.34.23.255 nmask=255.255.248.0
> Got a positive name query response from 166.34.21.214 ( 166.34.21.214 )
> session setup failed: ERRSRV - ERRbadpw (Bad password - name/password pair
> in a Tree Connect or Session Setup are invalid.)

AFAIK, you shouldn't need a password at all for guest access (the 
few times I've actually logged in as guest I didn't use a password, 
and it seemed to work fine).  That could be the error you're 
getting.

Second, adding the guest account info to /etc/passwd might not be 
enough; I would use an existing account on the linux box (eg, 
nobody or ftp).  Did you add your pcguest user to /etc/passwd 
before or after you created smbpasswd?  If you're concerned about 
security at all, I would enable shadow passwords first, then create 
smbpasswd, then add the actual passwords to /etc/smbpasswd (either 
by hand or running with "update encrypted=yes" for a while).

Another thing to check is the guest user mapping in /etc/smbusers.  
The default mapping for guest is:

# Unix_name = SMB_name1 SMB_name2 ...
root = administrator admin
nobody = guest pcguest smbguest

If you want to try your pcguest user, then make sure the above 
mapping is commented out...

I've had some interesting behavior with username mapping when the 
user existed in /etc/smbpasswd (depending on whether there was a 
win95 NetBIOS name that matched a username or not).

Lastly, when using smbclient to connect to the same host smbclient 
is running on, try just specifying the username, and let it prompt 
you for the password (at least when troubleshooting).

Hope this helps, Steve

******************************************************************
Stephen L Arnold                      http://www.rain.org/~sarnold
#include <std_disclaimer.h>
******************************************************************

More information about the samba mailing list