[Samba] Samba and Win98
Günter Kukkukk
linux at kukkukk.com
Thu May 8 15:01:28 GMT 2008
Am Donnerstag, 8. Mai 2008 schrieb sgmayo at mail.bloomfield.k12.mo.us:
>
> Günter Kukkukk wrote:
> > Am Donnerstag, 8. Mai 2008 schrieb sgmayo at mail.bloomfield.k12.mo.us:
> >> Günter Kukkukk wrote:
> >> > Am Mittwoch, 7. Mai 2008 schrieb sgmayo at mail.bloomfield.k12.mo.us:
> >> >> I have a friend that had a samba server go down. They switched to
> >> another
> >> >> server and are having problems with people logging into it from
> >> Windows
> >> 98. If the same user logs in from WinXp then everything works
> >> otherwise
> >> >> they get an error. He also said that the smb.conf files were the
> >> same on
> >> >> both servers.
> >> >> >From the errors it almost looks like some sort of permission
> >> problem,
> >> >> but
> >> >> since it logs in from XP clients then that throws that theory out the
> >> door.
> >> >> Thanks for any info.
> >> >> Scott
> >> >> Here is the error that he said he gets:
> >> >> ************************************************************************
> >> Here it the message I get when trying to login from a Windows 98
> >> Machine.
> >> >> "The Password is Incorrect. Try Again"
> >> >> This only happens from Windows 98 or 95 machines. The same user can
> >> login
> >> >> to the samba server from Windows 2000 or XP.
> >> >> The log file from /var/log/samba on that machine is as follows: BTW
> >> I'm
> >> >> not trying to login as Administrator.
> >> >> [2008/05/06 09:11:20, 0]
> >> >> auth/auth_util.c:create_builtin_administrators(792)
> >> >> create_builtin_administrators: Failed to create Administrators
> >> >> [2008/05/06 09:11:20, 0] auth/auth_util.c:create_builtin_users(758)
> >> >> create_builtin_users: Failed to create Users
> >> >> [2008/05/06 09:11:29, 0]
> >> >> auth/auth_util.c:create_builtin_administrators(792)
> >> >> create_builtin_administrators: Failed to create Administrators
> >> >> [2008/05/06 09:11:29, 0] auth/auth_util.c:create_builtin_users(758)
> >> >> create_builtin_users: Failed to create Users
> >> >> [2008/05/06 09:11:35, 0]
> >> >> auth/auth_util.c:create_builtin_administrators(792)
> >> >> create_builtin_administrators: Failed to create Administrators
> >> >> [2008/05/06 09:11:35, 0] auth/auth_util.c:create_builtin_users(758)
> >> >> create_builtin_users: Failed to create Users
> >> >> [2008/05/06 09:11:47, 0]
> >> >> auth/auth_util.c:create_builtin_administrators(792)
> >> >> create_builtin_administrators: Failed to create Administrators
> >> >> [2008/05/06 09:11:47, 0] auth/auth_util.c:create_builtin_users(758)
> >> >> create_builtin_users: Failed to create Users
> >> >> [2008/05/06 09:15:12, 0]
> >> >> auth/auth_util.c:create_builtin_administrators(792)
> >> >> create_builtin_administrators: Failed to create Administrators
> >> >> [2008/05/06 09:15:12, 0] auth/auth_util.c:create_builtin_users(758)
> >> >> create_builtin_users: Failed to create Users
> >> >> [2008/05/06 09:28:32, 0]
> >> >> auth/auth_util.c:create_builtin_administrators(792)
> >> >> create_builtin_administrators: Failed to create Administrators
> >> >> [2008/05/06 09:28:32, 0] auth/auth_util.c:create_builtin_users(758)
> >> >> create_builtin_users: Failed to create Users
> >> >> [2008/05/06 10:02:51, 0]
> >> >> auth/auth_util.c:create_builtin_administrators(792)
> >> >> create_builtin_administrators: Failed to create Administrators
> >> >> [2008/05/06 10:02:51, 0] auth/auth_util.c:create_builtin_users(758)
> >> >> create_builtin_users: Failed to create Users
> >> >> [2008/05/06 13:18:56, 0]
> >> >> auth/auth_util.c:create_builtin_administrators(792)
> >> >> create_builtin_administrators: Failed to create Administrators
> >> >> [2008/05/06 13:18:56, 0] auth/auth_util.c:create_builtin_users(758)
> >> >> create_builtin_users: Failed to create Users
> >> >> [2008/05/06 13:49:06, 0]
> >> >> auth/auth_util.c:create_builtin_administrators(792)
> >> >> create_builtin_administrators: Failed to create Administrators
> >> >> [2008/05/06 13:49:06, 0] auth/auth_util.c:create_builtin_users(758)
> >> >> create_builtin_users: Failed to create Users
> >> >> [2008/05/06 13:53:41, 0]
> >> >> auth/auth_util.c:create_builtin_administrators(792)
> >> >> create_builtin_administrators: Failed to create Administrators
> >> >> [2008/05/06 13:53:41, 0] auth/auth_util.c:create_builtin_users(758)
> >> >> create_builtin_users: Failed to create Users
> >> >> [2008/05/06 14:01:34, 0]
> >> >> auth/auth_util.c:create_builtin_administrators(792)
> >> >> create_builtin_administrators: Failed to create Administrators
> >> >> [2008/05/06 14:01:34, 0] auth/auth_util.c:create_builtin_users(758)
> >> >> create_builtin_users: Failed to create Users
> >> >> [2008/05/06 14:24:56, 0]
> >> >> auth/auth_util.c:create_builtin_administrators(792)
> >> >> create_builtin_administrators: Failed to create Administrators
> >> >> [2008/05/06 14:24:56, 0] auth/auth_util.c:create_builtin_users(758)
> >> >> create_builtin_users: Failed to create Users
> >> >> [2008/05/06 14:25:50, 0]
> >> >> auth/auth_util.c:create_builtin_administrators(792)
> >> >> create_builtin_administrators: Failed to create Administrators
> >> >> [2008/05/06 14:25:50, 0] auth/auth_util.c:create_builtin_users(758)
> >> >> create_builtin_users: Failed to create Users
> >> >> [2008/05/06 14:28:47, 0]
> >> >> auth/auth_util.c:create_builtin_administrators(792)
> >> >> create_builtin_administrators: Failed to create Administrators
> >> >> [2008/05/06 14:28:47, 0] auth/auth_util.c:create_builtin_users(758)
> >> >> create_builtin_users: Failed to create Users
> >> >> [2008/05/06 14:35:56, 0]
> >> >> auth/auth_util.c:create_builtin_administrators(792)
> >> >> create_builtin_administrators: Failed to create Administrators
> >> >> [2008/05/06 14:35:56, 0] auth/auth_util.c:create_builtin_users(758)
> >> >> create_builtin_users: Failed to create Users
> >> >> [2008/05/06 14:55:06, 0]
> >> >> auth/auth_util.c:create_builtin_administrators(792)
> >> >> create_builtin_administrators: Failed to create Administrators
> >> >> [2008/05/06 14:55:06, 0] auth/auth_util.c:create_builtin_users(758)
> >> >> create_builtin_users: Failed to create Users
> >> >> **********************************************************************
> >> Here is the smb.conf
> >> >> *****************************************************************
> >> [global]
> >> >> netbios name = park
> >> >> workgroup = PV
> >> >> server string = %h server (Samba, Ubuntu)
> >> >> dns proxy = no
> >> >> log file = /var/log/samba/log.%m
> >> >> max log size = 1000
> >> >> syslog = 0
> >> >> panic action = /usr/share/samba/panic-action %d
> >> >> encrypt passwords = true
> >> >> passdb backend = tdbsam
> >> >> obey pam restrictions = yes
> >> >> invalid users = root
> >> >> passwd program = /usr/bin/passwd %u
> >> >> passwd chat = *Enter\snew\s*\spassword:* %n\n
> >> >> *Retype\snew\s*\spassword:*
> >> >> %n\n *password\supdated\ssuccessfully* .
> >> >> map to guest = bad user
> >> >> socket options = TCP_NODELAY
> >> >> usershare allow guests = yes
> >> >> comment = Home Directories
> >> >> browseable = yes
> >> >> read only = no
> >> >> create mask = 0700
> >> >> directory mask = 0700
> >> >> valid users = %U
> >> >> locking = no
> >> >> [printers]
> >> >> comment = All Printers
> >> >> browseable = no
> >> >> path = /var/spool/samba
> >> >> printable = yes
> >> >> guest ok = no
> >> >> read only = yes
> >> >> create mask = 0700
> >> >> [print$]
> >> >> comment = Printer Drivers
> >> >> path = /var/lib/samba/printers
> >> >> browseable = yes
> >> >> read only = yes
> >> >> guest ok = no
> >> >> [Public]
> >> >> comment = Public Stuff
> >> >> path = /home/public
> >> >> public = yes
> >> >> writable = yes
> >> >> write list = @staff
> >> >> browsable = yes
> >> >> read only = no
> >> >> directory mode = 0770
> >> >> default case = upper
> >> >> [hcnul]
> >> >> path = /home/hcnul
> >> >> writable = yes
> >> >> write list = @hcnul
> >> >> browsable = yes
> >> >> read only = no
> >> >> directory mode = 0770
> >> >
> >> > Please do the following on the new samba server:
> >> > post the outcome of 'testparm -vs | grep lanman'
> >> >
> >> > As root, 'pdbedit -w username -d0', where "username" is a user
> >> > which is not working from win9x.
> >> >
> >> > Cheers, Günter
> >>
> >>
> >>
> >> Here is what he said:
> >>
> >> The testparm command shows:
> >>
> >> Processing section "[homes]"
> >> .
> >> .
> >> .
> >> Loaded services file OK
> >> Server role: ROLE_STANDALONE
> >> lanman auth = No
> >> client lanman auth = No
> >>
> >> The pdbedit command shows:
> >>
> >> kemperk:1002:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:ADEC9EDC3A6A794D691E6DFAFCFAEE85:[U
> >> ]:LCT-481B6630:
> >>
> >
> > In some recent samba version some security defaults have changed
> > to more restricted ones, i.e. lanman auth, client lanman auth, ...
> > are now set to "no", if not explicitely specified.
> >
> > As you can see from the pdbedit output, the lanman hash has been
> > X-ed out, which means it's gone atm.
> >
> > To get the former win98 logon possibility back, do the
> > following:
> >
> > 1. Add "lanman auth = Yes" to the [global] section of smb.conf
> > 2. Now to get the old lanman hash back, you have to re-enter the
> > samba password for every affected user by using
> > 'smbpasswd your_username'
> >
> > Note that the old lanman hash has a weak design and can add
> > security problems to your network.
> >
> > If you also use the samba client tools, i.e. smbclient,
> > to access remote legacy servers, you also have to set
> > "client lanman auth = Yes" in smb.conf.
> >
>
> Thanks. I will check with him and see what he says. I was wondering why
> mine showed both of those = 'Yes' and his were both 'No'. If this works
> though, he will have to go through and add all the passwords back to the
> hash. Is there an easier way to add all the users back into the has
> without having to do them all manually?
>
Just had an even closer look to that now.
Do the following:
1. Add "lanman auth = Yes" to the [global] section of smb.conf
Note, that this change will also affect the outcome of pdbedit!
Sorry, I forgot to mention this. :-)
Then - as root - list all configured samba users with 'pdbedit -Lw'
Only those users must be re-configured, where the lanman hash has been
X-ed out. I think, nearly all will be listed as ok, so no further action
is needed for those.
Cheers, Günter
More information about the samba
mailing list