[Samba] PAM vs smbpasswd oddity

Russell Handorf rhandorf at handorf.org
Wed Sep 27 21:01:10 GMT 2006

I've tried setting the security level to being from "user" to "share". 
It now logs me in as "guest" from all workstations for some reason. Here 
is the smb.conf file once again for all to review:

        workgroup = >snip<
        server string = samba file
        netbios name = Fileserver
        log file = /var/log/samba/%m.log
        max log size = 50
        socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 
        preferred master = True
        local master = Yes
        domain master = True
        dns proxy = yes
        remote announce =
        os level = 40
        ;domain logons = yes
        ;logon script = logon.bat
        ;logon home = \\%G\%U\.profile
        name resolve order = wins lmhosts bcast
        wins proxy = yes
        ;preserve case = yes
        ;short preserve case = yes
        wins support= yes
        #was user / share
        security = user
        #must be set to 'no' to use PAM
        encrypt passwords = No
        update encrypted = No
        allow trusted domains = Yes
        #min password length = 6
        null passwords = No
        comments = Home Dir
        browsable = no
        writable = yes
        hide dot files = yes
        comment = Network Logon Service
        path = /home/netlogon
        guest ok = yes
        writable = no
        share modes = no
        write list = domain_admin
        path = /%G/%U/.profile
        browseable = no
        guest ok = yes
        path = /samba/public
        valid users = users
        force group = users
        writeable = Yes
        guest ok = No

Russell Handorf wrote:
> Hi Folks,
> so now I've managed to trick the authentication server to caching the 
> one time passwords for me. I'm down to the last two problems:
> 1. Something odd that I've noticed is that when I use PAM 
> authentication Windows clients are outright refused. When I enable 
> "encrypted" passwords, therefor disabling PAM, I'm then able to log in 
> but with the use of static passwords. The error that the Windows 
> clients get is the following:
> "\\<IP-ADDRESS> is not accessible. You might not have permission to 
> use this network resource. Contact the administrator of this server to 
> find out if you have access permissions.
> The account is not authorized to log in from this station."
> So the question here is that why doesnt this work when I use PAM 
> authentication, but it does work when I use smbpasswd?!?
> 2. I've since tried mounting the share on a linux box to see what was 
> happening. I notice the following behavior with this command:
> mount -t smbfs -o username=rhandorf //localhost/rhandorf /mnt/home/
> Once I log in, I'm able to browse the directory without *any* 
> problems. So if I can solve #1, I'll be a happy camper! Does anyone 
> have any ideas?
> Thanks again,
> r

More information about the samba mailing list