[Samba] smbpasswd encryption (2.2.3a - RH 7.2 - kernel 2.4.7-10) Win2k

Christian Barth barth at cck.uni-kl.de
Wed Feb 20 00:14:26 GMT 2002


> Hi listmembers,
> due to a few very short but good tips from you guys and to much hassle with 
> my firewall (ipchains) I finally got samba running as a server and client (I 
> even made an update from source, just with normal ./configure, make, make 
> install after uninstalling the previous version of course). 
> With "encrypted passwords = no" everything is working fine (except for some 
> minor things like smbfs). For my interest and my being paranoid about 
> security ;-) I would like to set up encrypted passwords. I read my way 
> through the encryption.html file and made all the recommended steps:
> 
> I ran the shell script:
> cat passwd | mksmbpasswd.sh > /usr/local/samba/private/smbpasswd
This creats a smbpasswd file with all disabled accounts. You must use 
the smbpasswd command as root for each user to set the password. Have 
a look at "update encrypted" as well.

> 
> I added the following to smb.conf:
> # smb.conf
> [global]
> 	encrypt passwords = yes
> 	smb passwd file = /etc/samba/smbpasswd
This path and the path above should be the same.

Christian

> 
> I thought that would be all I would have to do! But now not very much is 
> working. I can connect to my samba server from my win2k-box as an anonymous 
> user to a share I have set up for testing the general thing. But I cannot 
> connect to a restricted share with a password, neither from my linux-box nor 
> from the win2k-box. I always get:
> 
> Anonymous login successful
> Domain=[HEUER] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager]
> tree connect failed: NT_STATUS_ACCESS_DENIED
> 
> when I want to connect to the win2k-box from linux (smbclient 
> //<win2k-box>/<share> -U <mydefaultusername>) and:
> 
> Anonymous login successful
> Domain=[MYDOMAIN] OS=[Unix] Server=[Samba 2.2.3a]
> tree connect failed: NT_STATUS_BAD_NETWORK_NAME
>  
> for "smbclient //linux/homes -U <myusername>"
> 
> I have all the users on BOTH mashines! I also tried to change the password 
> from one user to "NO PASSWORDXXXXX..." in the smbpasswd file I gererated with 
> the command above and tried connecting with that user an no password.
> 
> I am sort of getting somewhere but still not as content as I could be ;-). I 
> also think that the ENCRYPTION-docs aren't very helpfull or I am just too 
> dumb. So, could anybody PLEASE help me in this issue! I am sure it's not a 
> firewall-issue now, my netbios-name-resolving is functioning great with my 
> wins-server (and an open firewall on those ports with a broadcast signal 
> 192.168.0.255, nmblookup works and I can "ping <nameoflinuxbox>" now from my 
> win2k-box)
> 
> Thanks so far.
> -- 
> Diembo working @ Linux :-P
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
> 


               _(_)_                          wWWWw   _
   @@@@       (_)@(_)   vVVVv     _     @@@@  (___) _(_)_
  @@()@@ wWWWw  (_)\    (___)   _(_)_  @@()@@   Y  (_)@(_)
   @@@@  (___)     `|/    Y    (_)@(_)  @@@@   \|/   (_)\
    /      Y       \|    \|/    /(_)    \|      |/      |
 \ |     \ |/       | / \ | /  \|/       |/    \|      \|/
jgs|//   \\|///  \\\|//\\\|/// \|///  \\\|//  \\|//  \\\|// 
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^




More information about the samba mailing list