[Samba] smbpasswd encryption (2.2.3a - RH 7.2 - kernel 2.4.7-10) Win2k
Christian Barth
barth at cck.uni-kl.de
Wed Feb 20 00:14:26 GMT 2002
> Hi listmembers,
> due to a few very short but good tips from you guys and to much hassle with
> my firewall (ipchains) I finally got samba running as a server and client (I
> even made an update from source, just with normal ./configure, make, make
> install after uninstalling the previous version of course).
> With "encrypted passwords = no" everything is working fine (except for some
> minor things like smbfs). For my interest and my being paranoid about
> security ;-) I would like to set up encrypted passwords. I read my way
> through the encryption.html file and made all the recommended steps:
>
> I ran the shell script:
> cat passwd | mksmbpasswd.sh > /usr/local/samba/private/smbpasswd
This creats a smbpasswd file with all disabled accounts. You must use
the smbpasswd command as root for each user to set the password. Have
a look at "update encrypted" as well.
>
> I added the following to smb.conf:
> # smb.conf
> [global]
> encrypt passwords = yes
> smb passwd file = /etc/samba/smbpasswd
This path and the path above should be the same.
Christian
>
> I thought that would be all I would have to do! But now not very much is
> working. I can connect to my samba server from my win2k-box as an anonymous
> user to a share I have set up for testing the general thing. But I cannot
> connect to a restricted share with a password, neither from my linux-box nor
> from the win2k-box. I always get:
>
> Anonymous login successful
> Domain=[HEUER] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager]
> tree connect failed: NT_STATUS_ACCESS_DENIED
>
> when I want to connect to the win2k-box from linux (smbclient
> //<win2k-box>/<share> -U <mydefaultusername>) and:
>
> Anonymous login successful
> Domain=[MYDOMAIN] OS=[Unix] Server=[Samba 2.2.3a]
> tree connect failed: NT_STATUS_BAD_NETWORK_NAME
>
> for "smbclient //linux/homes -U <myusername>"
>
> I have all the users on BOTH mashines! I also tried to change the password
> from one user to "NO PASSWORDXXXXX..." in the smbpasswd file I gererated with
> the command above and tried connecting with that user an no password.
>
> I am sort of getting somewhere but still not as content as I could be ;-). I
> also think that the ENCRYPTION-docs aren't very helpfull or I am just too
> dumb. So, could anybody PLEASE help me in this issue! I am sure it's not a
> firewall-issue now, my netbios-name-resolving is functioning great with my
> wins-server (and an open firewall on those ports with a broadcast signal
> 192.168.0.255, nmblookup works and I can "ping <nameoflinuxbox>" now from my
> win2k-box)
>
> Thanks so far.
> --
> Diembo working @ Linux :-P
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
_(_)_ wWWWw _
@@@@ (_)@(_) vVVVv _ @@@@ (___) _(_)_
@@()@@ wWWWw (_)\ (___) _(_)_ @@()@@ Y (_)@(_)
@@@@ (___) `|/ Y (_)@(_) @@@@ \|/ (_)\
/ Y \| \|/ /(_) \| |/ |
\ | \ |/ | / \ | / \|/ |/ \| \|/
jgs|// \\|/// \\\|//\\\|/// \|/// \\\|// \\|// \\\|//
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
More information about the samba
mailing list