[Samba] Why does a W2K (pro) client do more than it is asked to do?

Van Sickler, Jim vansickj-eodc at kaman.com
Fri Mar 5 21:06:39 GMT 2004


Lynn,

Since I don't see "Encrypt Passwords = No"
in your smb.conf, I'm pretty sure that
you're using encrypted passwords.

Run testparm, and look for the
"Encrypt Passwords = " entry,
just to be sure.

Having the users mapped in the smbusers
will take care of the prompt.  If you want
to map drives using a different user name,
this might make it easier.

If mary is logged in, but wants to map
a drive as lynn, as long as smbusers
has entries for both mary & lynn,
it should work.

W9x PCs will do that, I think, if you
include /user with the "net use"
command.

You can try adding the users to
the smbusers file, without
creating an AIX account for them.
The see if they can access the share
without being prompted for the password.
If that works, see if they can
map a drive using a different user name.

Jim

> -----Original Message-----
> From: Linux Lover [mailto:linuxlover992000 at yahoo.com]
> Sent: Friday, March 05, 2004 12:43 PM
> To: Van Sickler, Jim; samba at lists.samba.org
> Subject: RE: [Samba] Why does a W2K (pro) client do more than it is
> asked to do?
> 
> 
> --- "Van Sickler, Jim" <vansickj-eodc at kaman.com>
> wrote:
> > Lynn,
> > Does your smb.conf have an entry similar to:
> > username map = /etc/samba/smbusers
> 
> Jim, thanks. This is my *entire* smb.conf file
> (created by SWAT):
> 
> #####################################################
> # Samba config file created using SWAT
> # from winclient.mydomain.com (192.168.0.5)
> # Date: 2004/02/05 14:02:56
> 
> # Global parameters
> [global]
> 	workgroup = MYGROUP
> 	netbios name = AIXSERVER
> 	server string = Samba %V on %h
> 	admin log = Yes
> 	log level = 1
> 	log file = /usr/local/samba/logs/%U.%m.log
> 	preferred master = No
> 	domain master = No
> 	hosts allow = 192.168.
> 
> [sharedir$]
>   comment = %h shared dir
>   path = /home/shared
>   valid users = +sambagrp techsup
>   browseable = No
> #####################################################
> 
> So, I guess I don't have such an entry. Do I need one?
> I thought it's not necessary since the W2K client
> prompts the user anyway to enter username and
> password. One of the good things about W2K (vs. w9x)
> is that you can be logged into the W2K client as
> 'mary', but authenticate to the samba server as
> 'fred'. 
> 
> > Do you have user accounts on both the AIX
> > box and the W2k box?  They'd be mapped
> > in smbusers, AIX_acct=W2k_acct
> 
> Again, no need - I am counting on the W2K client to
> prompt for password if that particular username not
> found in /etc/password (at the moment I *don't* use
> encrypted passwords - I will cross that bridge when I
> solve this problem first).
> 
> 
> BTW, I increased the log level to 3 and noticed the
> first occurrence of 'nobody' in the log after I type
> my username and password:
> 
> -----------------------------------------------------
> [2004/03/05 13:22:07, 3]
>   smbd/sec_ctx.c:set_sec_ctx(349)
>   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2004/03/05 13:22:07, 3]
>   smbd/reply.c:reply_sesssetup_and_X(880)
>   Domain=[]  NativeOS=[Windows 2000 2195]
>   NativeLanMan=[Windows 2000 5.0]
> [2004/03/05 13:22:07, 3]
>   smbd/reply.c:reply_sesssetup_and_X(890)
>   sesssetupX:name=[]
> [2004/03/05 13:22:07, 3]
>   smbd/sec_ctx.c:push_sec_ctx(312)
>   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> [2004/03/05 13:22:07, 3]
>   smbd/uid.c:push_conn_ctx(310)
>   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> [2004/03/05 13:22:07, 3]
>   smbd/sec_ctx.c:set_sec_ctx(349)
>   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2004/03/05 13:22:08, 3]
>   smbd/sec_ctx.c:get_current_groups(183)
>   get_current_groups: user is in 1 groups: -2
> [2004/03/05 13:22:08, 3]
>   smbd/sec_ctx.c:pop_sec_ctx(493)
>   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2004/03/05 13:22:08, 3]
>   smbd/sec_ctx.c:get_current_groups(183)
>   get_current_groups: user is in 1 groups: -2
> [2004/03/05 13:22:08, 3]
>   smbd/password.c:register_vuid(361)
>   uid -2 registered to name nobody
> -----------------------------------------------------
> 
> Which brings the question: what is register_vuid()?
> and uid -2 is being sent by W2K? (my uid is 21776)
> 
> 
> Thanks,
> Lynn
> 
> __________________________________
> Do you Yahoo!?
> Yahoo! Search - Find what you're looking for faster
> http://search.yahoo.com
> 


More information about the samba mailing list