[Samba] Samba and Win98
sgmayo at mail.bloomfield.k12.mo.us
sgmayo at mail.bloomfield.k12.mo.us
Thu May 8 14:38:43 GMT 2008
Günter Kukkukk wrote:
> Am Donnerstag, 8. Mai 2008 schrieb sgmayo at mail.bloomfield.k12.mo.us:
>> Günter Kukkukk wrote:
>> > Am Mittwoch, 7. Mai 2008 schrieb sgmayo at mail.bloomfield.k12.mo.us:
>> >> I have a friend that had a samba server go down. They switched to
>> another
>> >> server and are having problems with people logging into it from
>> Windows
>> 98. If the same user logs in from WinXp then everything works
>> otherwise
>> >> they get an error. He also said that the smb.conf files were the
>> same on
>> >> both servers.
>> >> >From the errors it almost looks like some sort of permission
>> problem,
>> >> but
>> >> since it logs in from XP clients then that throws that theory out the
>> door.
>> >> Thanks for any info.
>> >> Scott
>> >> Here is the error that he said he gets:
>> >> ************************************************************************
>> Here it the message I get when trying to login from a Windows 98
>> Machine.
>> >> "The Password is Incorrect. Try Again"
>> >> This only happens from Windows 98 or 95 machines. The same user can
>> login
>> >> to the samba server from Windows 2000 or XP.
>> >> The log file from /var/log/samba on that machine is as follows: BTW
>> I'm
>> >> not trying to login as Administrator.
>> >> [2008/05/06 09:11:20, 0]
>> >> auth/auth_util.c:create_builtin_administrators(792)
>> >> create_builtin_administrators: Failed to create Administrators
>> >> [2008/05/06 09:11:20, 0] auth/auth_util.c:create_builtin_users(758)
>> >> create_builtin_users: Failed to create Users
>> >> [2008/05/06 09:11:29, 0]
>> >> auth/auth_util.c:create_builtin_administrators(792)
>> >> create_builtin_administrators: Failed to create Administrators
>> >> [2008/05/06 09:11:29, 0] auth/auth_util.c:create_builtin_users(758)
>> >> create_builtin_users: Failed to create Users
>> >> [2008/05/06 09:11:35, 0]
>> >> auth/auth_util.c:create_builtin_administrators(792)
>> >> create_builtin_administrators: Failed to create Administrators
>> >> [2008/05/06 09:11:35, 0] auth/auth_util.c:create_builtin_users(758)
>> >> create_builtin_users: Failed to create Users
>> >> [2008/05/06 09:11:47, 0]
>> >> auth/auth_util.c:create_builtin_administrators(792)
>> >> create_builtin_administrators: Failed to create Administrators
>> >> [2008/05/06 09:11:47, 0] auth/auth_util.c:create_builtin_users(758)
>> >> create_builtin_users: Failed to create Users
>> >> [2008/05/06 09:15:12, 0]
>> >> auth/auth_util.c:create_builtin_administrators(792)
>> >> create_builtin_administrators: Failed to create Administrators
>> >> [2008/05/06 09:15:12, 0] auth/auth_util.c:create_builtin_users(758)
>> >> create_builtin_users: Failed to create Users
>> >> [2008/05/06 09:28:32, 0]
>> >> auth/auth_util.c:create_builtin_administrators(792)
>> >> create_builtin_administrators: Failed to create Administrators
>> >> [2008/05/06 09:28:32, 0] auth/auth_util.c:create_builtin_users(758)
>> >> create_builtin_users: Failed to create Users
>> >> [2008/05/06 10:02:51, 0]
>> >> auth/auth_util.c:create_builtin_administrators(792)
>> >> create_builtin_administrators: Failed to create Administrators
>> >> [2008/05/06 10:02:51, 0] auth/auth_util.c:create_builtin_users(758)
>> >> create_builtin_users: Failed to create Users
>> >> [2008/05/06 13:18:56, 0]
>> >> auth/auth_util.c:create_builtin_administrators(792)
>> >> create_builtin_administrators: Failed to create Administrators
>> >> [2008/05/06 13:18:56, 0] auth/auth_util.c:create_builtin_users(758)
>> >> create_builtin_users: Failed to create Users
>> >> [2008/05/06 13:49:06, 0]
>> >> auth/auth_util.c:create_builtin_administrators(792)
>> >> create_builtin_administrators: Failed to create Administrators
>> >> [2008/05/06 13:49:06, 0] auth/auth_util.c:create_builtin_users(758)
>> >> create_builtin_users: Failed to create Users
>> >> [2008/05/06 13:53:41, 0]
>> >> auth/auth_util.c:create_builtin_administrators(792)
>> >> create_builtin_administrators: Failed to create Administrators
>> >> [2008/05/06 13:53:41, 0] auth/auth_util.c:create_builtin_users(758)
>> >> create_builtin_users: Failed to create Users
>> >> [2008/05/06 14:01:34, 0]
>> >> auth/auth_util.c:create_builtin_administrators(792)
>> >> create_builtin_administrators: Failed to create Administrators
>> >> [2008/05/06 14:01:34, 0] auth/auth_util.c:create_builtin_users(758)
>> >> create_builtin_users: Failed to create Users
>> >> [2008/05/06 14:24:56, 0]
>> >> auth/auth_util.c:create_builtin_administrators(792)
>> >> create_builtin_administrators: Failed to create Administrators
>> >> [2008/05/06 14:24:56, 0] auth/auth_util.c:create_builtin_users(758)
>> >> create_builtin_users: Failed to create Users
>> >> [2008/05/06 14:25:50, 0]
>> >> auth/auth_util.c:create_builtin_administrators(792)
>> >> create_builtin_administrators: Failed to create Administrators
>> >> [2008/05/06 14:25:50, 0] auth/auth_util.c:create_builtin_users(758)
>> >> create_builtin_users: Failed to create Users
>> >> [2008/05/06 14:28:47, 0]
>> >> auth/auth_util.c:create_builtin_administrators(792)
>> >> create_builtin_administrators: Failed to create Administrators
>> >> [2008/05/06 14:28:47, 0] auth/auth_util.c:create_builtin_users(758)
>> >> create_builtin_users: Failed to create Users
>> >> [2008/05/06 14:35:56, 0]
>> >> auth/auth_util.c:create_builtin_administrators(792)
>> >> create_builtin_administrators: Failed to create Administrators
>> >> [2008/05/06 14:35:56, 0] auth/auth_util.c:create_builtin_users(758)
>> >> create_builtin_users: Failed to create Users
>> >> [2008/05/06 14:55:06, 0]
>> >> auth/auth_util.c:create_builtin_administrators(792)
>> >> create_builtin_administrators: Failed to create Administrators
>> >> [2008/05/06 14:55:06, 0] auth/auth_util.c:create_builtin_users(758)
>> >> create_builtin_users: Failed to create Users
>> >> **********************************************************************
>> Here is the smb.conf
>> >> *****************************************************************
>> [global]
>> >> netbios name = park
>> >> workgroup = PV
>> >> server string = %h server (Samba, Ubuntu)
>> >> dns proxy = no
>> >> log file = /var/log/samba/log.%m
>> >> max log size = 1000
>> >> syslog = 0
>> >> panic action = /usr/share/samba/panic-action %d
>> >> encrypt passwords = true
>> >> passdb backend = tdbsam
>> >> obey pam restrictions = yes
>> >> invalid users = root
>> >> passwd program = /usr/bin/passwd %u
>> >> passwd chat = *Enter\snew\s*\spassword:* %n\n
>> >> *Retype\snew\s*\spassword:*
>> >> %n\n *password\supdated\ssuccessfully* .
>> >> map to guest = bad user
>> >> socket options = TCP_NODELAY
>> >> usershare allow guests = yes
>> >> comment = Home Directories
>> >> browseable = yes
>> >> read only = no
>> >> create mask = 0700
>> >> directory mask = 0700
>> >> valid users = %U
>> >> locking = no
>> >> [printers]
>> >> comment = All Printers
>> >> browseable = no
>> >> path = /var/spool/samba
>> >> printable = yes
>> >> guest ok = no
>> >> read only = yes
>> >> create mask = 0700
>> >> [print$]
>> >> comment = Printer Drivers
>> >> path = /var/lib/samba/printers
>> >> browseable = yes
>> >> read only = yes
>> >> guest ok = no
>> >> [Public]
>> >> comment = Public Stuff
>> >> path = /home/public
>> >> public = yes
>> >> writable = yes
>> >> write list = @staff
>> >> browsable = yes
>> >> read only = no
>> >> directory mode = 0770
>> >> default case = upper
>> >> [hcnul]
>> >> path = /home/hcnul
>> >> writable = yes
>> >> write list = @hcnul
>> >> browsable = yes
>> >> read only = no
>> >> directory mode = 0770
>> >
>> > Please do the following on the new samba server:
>> > post the outcome of 'testparm -vs | grep lanman'
>> >
>> > As root, 'pdbedit -w username -d0', where "username" is a user
>> > which is not working from win9x.
>> >
>> > Cheers, Günter
>>
>>
>>
>> Here is what he said:
>>
>> The testparm command shows:
>>
>> Processing section "[homes]"
>> .
>> .
>> .
>> Loaded services file OK
>> Server role: ROLE_STANDALONE
>> lanman auth = No
>> client lanman auth = No
>>
>> The pdbedit command shows:
>>
>> kemperk:1002:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:ADEC9EDC3A6A794D691E6DFAFCFAEE85:[U
>> ]:LCT-481B6630:
>>
>
> In some recent samba version some security defaults have changed
> to more restricted ones, i.e. lanman auth, client lanman auth, ...
> are now set to "no", if not explicitely specified.
>
> As you can see from the pdbedit output, the lanman hash has been
> X-ed out, which means it's gone atm.
>
> To get the former win98 logon possibility back, do the
> following:
>
> 1. Add "lanman auth = Yes" to the [global] section of smb.conf
> 2. Now to get the old lanman hash back, you have to re-enter the
> samba password for every affected user by using
> 'smbpasswd your_username'
>
> Note that the old lanman hash has a weak design and can add
> security problems to your network.
>
> If you also use the samba client tools, i.e. smbclient,
> to access remote legacy servers, you also have to set
> "client lanman auth = Yes" in smb.conf.
>
Thanks. I will check with him and see what he says. I was wondering why
mine showed both of those = 'Yes' and his were both 'No'. If this works
though, he will have to go through and add all the passwords back to the
hash. Is there an easier way to add all the users back into the has
without having to do them all manually?
--
Scott Mayo
System Administrator
Bloomfield Schools
More information about the samba
mailing list