[Samba] Why does a W2K (pro) client do more than it is asked to
do?
John H Terpstra
jht at samba.org
Fri Mar 5 20:04:12 GMT 2004
On Fri, 5 Mar 2004, Linux Lover wrote:
> --- "Van Sickler, Jim" <vansickj-eodc at kaman.com>
> wrote:
> > Lynn,
> > Does your smb.conf have an entry similar to:
> > username map = /etc/samba/smbusers
>
> Jim, thanks. This is my *entire* smb.conf file
> (created by SWAT):
>
> #####################################################
> # Samba config file created using SWAT
> # from winclient.mydomain.com (192.168.0.5)
> # Date: 2004/02/05 14:02:56
>
> # Global parameters
> [global]
> workgroup = MYGROUP
> netbios name = AIXSERVER
> server string = Samba %V on %h
> admin log = Yes
> log level = 1
> log file = /usr/local/samba/logs/%U.%m.log
> preferred master = No
> domain master = No
> hosts allow = 192.168.
>
> [sharedir$]
> comment = %h shared dir
> path = /home/shared
> valid users = +sambagrp techsup
> browseable = No
> #####################################################
>
> So, I guess I don't have such an entry. Do I need one?
> I thought it's not necessary since the W2K client
> prompts the user anyway to enter username and
> password. One of the good things about W2K (vs. w9x)
> is that you can be logged into the W2K client as
> 'mary', but authenticate to the samba server as
> 'fred'.
>
> > Do you have user accounts on both the AIX
> > box and the W2k box? They'd be mapped
> > in smbusers, AIX_acct=W2k_acct
>
> Again, no need - I am counting on the W2K client to
> prompt for password if that particular username not
> found in /etc/password (at the moment I *don't* use
> encrypted passwords - I will cross that bridge when I
> solve this problem first).
Ok. Consider yourself right at that bridge now - unless of course you have
applied the registry hack to enable plain-text passwords on ALL win2k
clients.
PS: If you have enabled plain-text passworrds, rest assured it will still
break because since Microsoft disabled this by default they have not
maintained support for it.
PPS: I strongly suggest that you add encrypted passwords for your users by
running for each user:
smbpasswd -a 'username'
Just out of curiosity, have you read the Samba-HOWTO-Collection.pdf, or
the printed form of it "The Official Samba-3 HOWTO and Reference Guide"
(available from Amazon.Com)?
You can obtain the Samba-HOWTO-Collection.pdf from:
http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf
The chapters on "Server Types and Security Modes", "Domain Member
Servers", "Stand-Alone Servers", and "Network Browsing" might prove
helpful to you.
Cheers,
John T.
>
>
> BTW, I increased the log level to 3 and noticed the
> first occurrence of 'nobody' in the log after I type
> my username and password:
>
> -----------------------------------------------------
> [2004/03/05 13:22:07, 3]
> smbd/sec_ctx.c:set_sec_ctx(349)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2004/03/05 13:22:07, 3]
> smbd/reply.c:reply_sesssetup_and_X(880)
> Domain=[] NativeOS=[Windows 2000 2195]
> NativeLanMan=[Windows 2000 5.0]
> [2004/03/05 13:22:07, 3]
> smbd/reply.c:reply_sesssetup_and_X(890)
> sesssetupX:name=[]
> [2004/03/05 13:22:07, 3]
> smbd/sec_ctx.c:push_sec_ctx(312)
> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> [2004/03/05 13:22:07, 3]
> smbd/uid.c:push_conn_ctx(310)
> push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> [2004/03/05 13:22:07, 3]
> smbd/sec_ctx.c:set_sec_ctx(349)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2004/03/05 13:22:08, 3]
> smbd/sec_ctx.c:get_current_groups(183)
> get_current_groups: user is in 1 groups: -2
> [2004/03/05 13:22:08, 3]
> smbd/sec_ctx.c:pop_sec_ctx(493)
> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2004/03/05 13:22:08, 3]
> smbd/sec_ctx.c:get_current_groups(183)
> get_current_groups: user is in 1 groups: -2
> [2004/03/05 13:22:08, 3]
> smbd/password.c:register_vuid(361)
> uid -2 registered to name nobody
> -----------------------------------------------------
>
> Which brings the question: what is register_vuid()?
> and uid -2 is being sent by W2K? (my uid is 21776)
>
>
> Thanks,
> Lynn
>
> __________________________________
> Do you Yahoo!?
> Yahoo! Search - Find what you’re looking for faster
> http://search.yahoo.com
>
--
John H Terpstra
Email: jht at samba.org
More information about the samba
mailing list