NT/W2K password prompting
Trevor Benson
Tbenson at associatedbp.com
Wed May 9 21:04:00 GMT 2001
Looks like your missing domain logons portion, it is what I used when I had
user level security configured.
domain logons (G)
If set to true, the Samba server will serve Windows 95/98 Domain logons for
the workgroup it is in. Samba 2.2 also has limited capability to act as a
domain controller for Windows NT 4 Domains. For more details on setting up
this feature see the file DOMAINS.txt in the Samba documentation directory
docs/ shipped with the source code.
Default: domain logons = no
When I set it to true (how I always ran with Ms9x clients) I never was
prompted unless I had logged out with the net.exe command while testing.
This also sets domain master to be enabled, but I assume if you have
something else acting as your master for domains your conf domain master =
no will override it..? But if you do have a network that this is part of
you might want to make the password server another NT box that is PDC if
this is part of the same actual MS-NT domain. Not sure on the rest of your
setup, but it worked fine if I speficied the above. Otherwise pass
authentication to another server if your in a larger network (or at least
what I would suggest).
Thanks,
Trevor
-----Original Message-----
From: Angie.Cabrera at LogixCom.com [mailto:Angie.Cabrera at LogixCom.com]
Sent: Wednesday, May 09, 2001 1:55 PM
To: Trevor Benson; samba at lists.samba.org
Subject: RE: NT/W2K password prompting
Yes each user is logging into a a DOMAIN, I don't see an option in my
smb.conf file to answer your other questions?
I have attached it below. I am running an old version of samba 1.9.18
; Configuration file for smbd. ACE*COMM 980827 13:20pm Touster
; ==========================================================================
; For the format of this file and comprehensive descriptions of all the
; configuration option, please refer to the man page for smb.conf(5)
; Note: for ease of future administration of your Samba, copy & paste a
; line, date it & remark it out, and then enter your changes to the
; new line. (it's easier than keeping a separate change log)
; --------------------------
; -- Begin GLOBAL section --
; --------------------------
[global]
; The "announce version = 4.0" is to report this as NT 4.0 not 4.2
announce version = 4.0
server string = %h Samba %v
socket options = TCP_NODELAY
; deadtime is the ability to disconnect idle connections with no open files
; the time is in minutes. Samba's default is zero (no disconnect)
; deadtime = 15
; dos filetimes: Samba runs with POSIX semantics and refuses to
; change the timestamp on a file if the user smbd is acting on
; behalf of is not the file owner. Setting this option to True
; allows DOS semantics and smbd will change the file timestamp
; as DOS requires.
dos filetimes = True
;# Encrypt passwords for Samba 17p1 or above (ACE*COMM's Samba & NT sp3)
encrypt passwords = yes
;# WARNING: Do not uncomment the "encrypt passwords" or "unix password sync"
;# or "password server" until you know the implications and you have read
;# the Samba doc on this subject!
;# (ie: will have 1 or 2 additional password files to
;# keep in sync)
; unix password sync = yes
name resolve order = wins hosts lmhosts bcast
workgroup = SBLOGIX
;# If more than one network card/interface (more then one IP on this server)
;# Then uncomment the next line and enter the IP/Subnetmask,IP/Subnetmask
;# of all the interfaces
; interfaces = 192.152.208.91/255.255.255.0,192.152.209.3/255.255.255.0
allow hosts =
172.16.,172.31.,206.136.17.,150.125.100.,192.152.208.,38.177.115.,38.249.211
.,10.22.1.
guest account = nobody
printing = bsd
printcap name = /etc/printcap
;# load printers = yes should be used only if:
;# 1. The printer sections below are configured the same
;# (ie: -v option is in all or none)
;# 2. All the printers in the /etc/printcap will be shared through Samba
;# If yes, then do not enter individual printer sections
load printers = yes
;## Never change the next line!
domain master = no
;## Comment out next 3 lines only if no NT/95 PC's exist on network
local master = no
preferred master = no
os level = 0
; WINS: Two parameters must be used together to control WINS:
; "wins support" and "wins server"
; "wins support" controls if Samba will act as a WINS server.
; You should normally leave this set to the default of "Yes",
; unless there is already another WINS server on the network
; (Note: currently, Samba does NOT support WINS database
; replication with other WINS servers or a "Secondary server")
; "wins server" specifies the DNS name of the WINS server that
; Samba should register with. If there is a WINS server on the
; network then set this parameter to the WINS servers name and
; enter the DNS name of that server and it's IP address in the
; "/etc/hosts" as well as the "...samba/lib/lmhosts" file.
; Leave the default of null or remarked out if this Samba will
; act as WINS server.
; This only takes effect if Samba is not acting as a WINS server itself
; wins support = no
; example: wins server = NameOfWinsServer
; wins server = un-remark this line and enter name here
wins support = no
wins server = 150.125.100.90
; PASSWORD SERVER:
; IMPORTANT: Do not uncomment the "password server" until you know the
; implications and have read the doc on this subject!
; By specifying the name of another SMB server
; (do not point to this Samba server, will cause a loop)
; (such as a WinNT box) with this option, and using
; "security = server" you can get Samba to do all its
; username/password validation via a remote server.
; "password server" sets the name of the password server to use.
; It must be a netbios name, so if the machine's netbios name is
; different from it's internet (IP/DNS) name then add its netbios
; name to "/etc/hosts" as well as the "...samba/lib/lmhosts file"
; Note: Use the NT's Primary Domain Controller (PDC) and as many
; Backup Domain Controller's (BDC) as needed separated by a comma.
; example:
; password server = NameofNT-PDCsrv,NameofNT-BDC1srv,NameofNT-BDC2srv
; If NT 4.0 with sp3 or greater (forced encrypted passwds) then must not
; use security = SHARE (Samba's default) it's very unreliable.
; Must use one of the others (USER or SERVER)
; IMPORTANT: Only 1 of the 3 "security =" can be uncommented!
; See "PASSWORD SERVER" above for info on changing this parameter
security = SHARE
; security = USER
; security = SERVER
; This next option sets a separate log file for each client. Remove
; it if you want a combined log file.
; For DEBUGing, increase the "log level" to 3
; (or higher for more detail like 5 or 9)
; and change the "max size" to 2048 (2mb)
; WARNING! The increase will have a MAJOR impact in PERFORMANCE!
; YOU MUST put back to "log level = 1" and "max log size = 512"
; max log size = 512 is = to 512K
max log size = 1024
log level = 10
log file = /usr/samba/log/log.%M.%m
; The file name is based on the client's name: log.InternetName.NetBIOSname
; Note: InternetName="DNS name" NetBIOSname="MS ComputerName" from ID tab
; You will need a world readable lock directory and "share modes=yes"
; if you want to support the file sharing modes for multiple users
; of the same files
lock directory = /usr/samba/var/locks
share modes = yes
;# "mangle case = yes/no" controls if names that have characters that
;# aren't of the "default" case are mangled. For example, if this is yes
;# then a name like "Mail" would be mangled. Default no.
;#
;# "case sensitive = yes/no" controls whether filenames are case sensitive.
;# If they aren't then Samba must do a filename search and match on passed
;# names. Default no.
;#
;# "default case = upper/lower" controls what the default case is for new
;# filenames. Default lower.
;#
;# "preserve case = yes/no" controls if new files are created with the case
;# that the client passes, or if they are forced to be the "default" case.
;# Default no.
;#
;# "short preserve case = yes/no" controls if new files which conform to 8.3
;# syntax, that is all in upper case and of suitable length, are created
;# upper case, or if they are forced to be the "default" case. This option
;# can be use with "preserve case = yes" to permit long filenames to
;# retain their case, while short names are lowered. Default no.
;# case sensitive = no
;# default case = upper
;# preserve case = yes
;# short preserve case = yes
case sensitive = no
default case = upper
preserve case = no
;# can't use with above at no ;short preserve case = yes
; --------------------------
; --end of GLOBAL section --
; --------------------------
;[homes]
; comment = Home Directories
; browseable = no
; read only = no
; create mode = 0750
; --------------------------
; --------------------------
; --------------------------
[smbuser]
;# Enter the correct path for the telmars directory below
path = /RAID-A/telmars
;# The "valid users" not used.... see global, "allow hosts"
;# Add the users below with a space between
;# valid users = telmars
dont descend =
/RAID-A/telmars/bin,/RAID-A/telmars/poll,/RAID-A/telmars/DATA
public = no
read only = no
writable = yes
browseable = yes
create mode = 0760
[admin]
;# DO NOT ADD users or ip's to this section - High Security risk
;# Enter the correct path for the telmars directory below
path = /usr2/telmars
;# The "valid users" not used.... see global, "allow hosts"
;# Add the users below with a space between
allow hosts = 192.152.208.173,38.177.115.213,172.31.16.110
valid users = dtouster
force user = telmars
force group = netplus
public = no
read only = no
writable = yes
browseable = yes
create mode = 0740
[adminsys]
;# DO NOT ADD users or ip's to this section - High Security risk
;# Enter the correct path for the telmars directory below
path = /
;# The "valid users" not used.... see global, "allow hosts"
;# Add the users below with a space between
allow hosts = 192.152.208.173,38.177.115.213,172.31.16.110
valid users = dtouster
force user = root
force group = other
public = no
read only = no
writable = yes
browseable = yes
create mode = 0740
[inv]
;# DO NOT ADD users or ip's to this section - High Security risk
;# Enter the correct path for the telmars directory below
path = /RAID-A/telmars/REPORTS/INVOICES
;# The "valid users" not used.... see global, "allow hosts"
;# Add the users below with a space between
allow hosts =
192.152.208.173,38.177.115.213,172.31.16.110,38.177.115.238,172.31
valid users = inv
force user = inv
force group = netplus
public = no
read only = no
writable = yes
browseable = yes
directory mask = 0750
create mode = 0740
; --------------------------
; --------------------------
; --------------------------
; --- end of smb.conf ---
-----Original Message-----
From: Trevor Benson [mailto:Tbenson at associatedbp.com]
Sent: Wednesday, May 09, 2001 2:09 PM
To: Cabrera, Angie
Subject: RE: NT/W2K password prompting
But your users are using the MS Client and choosing to logon to a domain
anyway correct? Or are they just logging into the workstation with Windows
Logon? When I used share security I still had them login to a 'domain'
which is the same name as workgroup = 'SOMETHING' and if they logged in
there and authenticated their password, it never asked me to supply it
again. Do they login to workgroup/domain? What does your current share look
like. And is domain logons set to yes or no?
Thanks,
Trevor
-----Original Message-----
From: Angie.Cabrera at LogixCom.com [mailto:Angie.Cabrera at LogixCom.com]
Sent: Wednesday, May 09, 2001 11:36 AM
To: Trevor Benson; samba at lists.samba.org
Subject: RE: NT/W2K password prompting
Sorry I should have included that info. My security is actually share
security. My samba is not a pdc/bdc but only allows share access to 1
directory.
-----Original Message-----
From: Trevor Benson [mailto:Tbenson at associatedbp.com]
Sent: Wednesday, May 09, 2001 1:31 PM
To: Cabrera, Angie; samba at lists.samba.org
Subject: RE: NT/W2K password prompting
Normally if your user is actually loggin into the domain, and you are
authorized already. I think some good spots to start are these settings:
Security =
Domain logons =
Password server =
After I login to my domain of XXXNET with a win98 or win2k machine (logging
into domain, not workstation) I just run a login script like
Net use x: \\xxxserver\share1
Net use p: \\xxxserver\Public
Etc. etc. but it never prompts me because I am logged into my domain already
(my samba is running as PDC as well, but if yours is not the settings above
will allow us to redirect authentication elsewhere)
Thanks,
Trevor
-----Original Message-----
From: Angie.Cabrera at LogixCom.com [mailto:Angie.Cabrera at LogixCom.com]
Sent: Wednesday, May 09, 2001 11:27 AM
To: samba at lists.samba.org
Subject: NT/W2K password prompting
How do I stop NT & W2K from prompting for a password everything a user logs
in and runs a login script as follows:
net use j: \\acecommok1\smbuser smbuser123
We have specified the password in the script but it still prompts.
Angie Cabrera
Systems Manager
Logix Communications
(713) 865-8384
mailto:angie.cabrera at logixcom.com
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list