[Samba] PAM vs smbpasswd oddity
Russell Handorf
rhandorf at handorf.org
Wed Sep 27 21:01:10 GMT 2006
I've tried setting the security level to being from "user" to "share".
It now logs me in as "guest" from all workstations for some reason. Here
is the smb.conf file once again for all to review:
[global]
workgroup = >snip<
server string = samba file
netbios name = Fileserver
log file = /var/log/samba/%m.log
max log size = 50
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192
SO_SNDBUF=8192
preferred master = True
local master = Yes
domain master = True
dns proxy = yes
remote announce = 192.168.0.255
os level = 40
;domain logons = yes
;logon script = logon.bat
;logon home = \\%G\%U\.profile
name resolve order = wins lmhosts bcast
wins proxy = yes
;preserve case = yes
;short preserve case = yes
wins support= yes
#was user / share
security = user
#must be set to 'no' to use PAM
encrypt passwords = No
update encrypted = No
allow trusted domains = Yes
#min password length = 6
null passwords = No
[homes]
comments = Home Dir
browsable = no
writable = yes
hide dot files = yes
[netlogon]
comment = Network Logon Service
path = /home/netlogon
guest ok = yes
writable = no
share modes = no
write list = domain_admin
[Profiles]
path = /%G/%U/.profile
browseable = no
guest ok = yes
[public]
path = /samba/public
valid users = users
force group = users
writeable = Yes
guest ok = No
Russell Handorf wrote:
> Hi Folks,
>
> so now I've managed to trick the authentication server to caching the
> one time passwords for me. I'm down to the last two problems:
>
> 1. Something odd that I've noticed is that when I use PAM
> authentication Windows clients are outright refused. When I enable
> "encrypted" passwords, therefor disabling PAM, I'm then able to log in
> but with the use of static passwords. The error that the Windows
> clients get is the following:
>
> "\\<IP-ADDRESS> is not accessible. You might not have permission to
> use this network resource. Contact the administrator of this server to
> find out if you have access permissions.
> The account is not authorized to log in from this station."
>
> So the question here is that why doesnt this work when I use PAM
> authentication, but it does work when I use smbpasswd?!?
>
> 2. I've since tried mounting the share on a linux box to see what was
> happening. I notice the following behavior with this command:
> mount -t smbfs -o username=rhandorf //localhost/rhandorf /mnt/home/
>
> Once I log in, I'm able to browse the directory without *any*
> problems. So if I can solve #1, I'll be a happy camper! Does anyone
> have any ideas?
>
> Thanks again,
>
> r
More information about the samba
mailing list