[Samba] cant login with my samba password only with my linux password
Gaiseric Vandal
gaiseric.vandal at gmail.com
Tue Jan 4 14:30:32 MST 2011
After you change the samba password for the 2nd time, does it stick?
When you change the password, does the /etc/samba/smbpasswd change?
I can't imagine it matters, but why are you using "passwd: compat"
instead of "passwd: files" in nsswitch.conf ?
What happens if you run smbpasswd as root to change a user's password?
On 12/27/2010 12:30 PM, Hartmut wrote:
> On Mon, Dec 27, 2010 at 2:16 AM, Gaiseric Vandal
> <gaiseric.vandal at gmail.com> wrote:
>
>> I can't see any way that, with your configuration, samba could be
>> using your linux password as a samba password. You would have to be
>> using plain text passwords in windows have samba authenticate it
>> against your linux password. Is it really using your "linux"
>> password, or at some point was your samba password the same as your
>> linux password?
>>
> The samba and linux passwords was always different.
>
>
>> Or did you configure pam or nsswitch.conf to have linux authenticate
>> against "windows" passwords?
>>
> No. I use ubuntu 10.10 and the default configuration. See below my
> nsswitch.conf, but i think it's the default and does not matter.
>
>
>
>> Did you try running "testparm -v" in case there are some parameters
>> with unexpected defaults?
>>
> Did this, see output below. But i can't find a "wrong" or unexpected paramter.
>
>
>> Did you try disabling "obey pam restrictions?" Maybe that is
>> preventing the password change?
>>
> Yes, i tried this. The same result :(
>
>
>
>> On Sat, Dec 25, 2010 at 11:32 AM, Hartmut<freemlist at googlemail.com> wrote:
>>
>>> Hello,
>>>
>>> I have a strange problem with my samba server. When I try to connect
>>> with my (Windows)client and samba ask for the password, it's only
>>> accepting my linux-user password, not my samba-user password (set with
>>> smbpasswd and as root with smbpasswd<user>).
>>>
>>> And now the strange about it. When i change my sambapassword with
>>> smbpasswd, and try to login from my client, then the samba-user password
>>> is accepted. But after a reboot of my samba server, the server accepts
>>> only the linux-user password. I have to (re)set the samba-user password
>>> again with smbpasswd and only after that, I can login with the
>>> samba-user password.
>>>
>>> Is there something wrong with my smb.conf (see below)? Or what else
>>> could be the problem?
>>>
>>>
>>> -------------
>>> smb.conf:
>>> [global]
>>> # debuglevel = 1
>>> workgroup = Gruppe
>>> server string = Datastring
>>> wins support = no
>>> dns proxy = no
>>>
>>> interfaces = 192.168.1.0/24 127.0.0.1/8
>>> bind interfaces only = yes
>>>
>>> log file = /var/log/samba/log.%m
>>> max log size = 1000
>>> syslog = 0
>>> security = user
>>> encrypt passwords = true
>>> passdb backend = tdbsam
>>> obey pam restrictions = yes
>>> unix password sync = no
>>> pam password change = no
>>> map to guest = bad user
>>> domain logons = no
>>> load printers = no
>>> domain master = no
>>> usershare allow guests = no
>>>
>>> vfs objects = recycle
>>> recycle: repository = .trash.bin
>>> recycle: keeptree = Yes
>>> recycle:versions = Yes
>>>
>>> [lager]
>>> comment = Lager
>>> path = /media/lager_hdd
>>> public = no
>>> valid users = user1
>>> read only = no
>>> browseable = no
>>> -------------
>>>
>>> Greetings
>>> Hartmut
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions: https://lists.samba.org/mailman/options/samba
>>>
>>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>>
>
> --------------------------
> Load smb config files from /etc/samba/smb.conf
> rlimit_max: rlimit_max (1024) below minimum Windows limit (16384)
> Processing section "[lager]"
> Loaded services file OK.
> Server role: ROLE_STANDALONE
> Press enter to see a dump of your service definitions
> [global]
> dos charset = CP850
> unix charset = UTF-8
> display charset = LOCALE
> workgroup = Gruppe
> realm =
> netbios name = SERVER1
> netbios aliases =
> netbios scope =
> server string = Datastring
> interfaces = 192.168.1.0/24, 127.0.0.1/8
> bind interfaces only = Yes
> security = USER
> auth methods =
> encrypt passwords = Yes
> update encrypted = No
> client schannel = Auto
> server schannel = Auto
> allow trusted domains = Yes
> map to guest = Bad User
> null passwords = No
> obey pam restrictions = Yes
> password server = *
> smb passwd file = /etc/samba/smbpasswd
> private dir = /etc/samba
> passdb backend = tdbsam
> algorithmic rid base = 1000
> root directory =
> guest account = nobody
> enable privileges = Yes
> pam password change = No
> passwd program =
> passwd chat = *new*password* %n\n *new*password* %n\n *changed*
> passwd chat debug = No
> passwd chat timeout = 2
> check password script =
> username map =
> password level = 0
> username level = 0
> unix password sync = No
> restrict anonymous = 0
> lanman auth = No
> ntlm auth = Yes
> client NTLMv2 auth = No
> client lanman auth = No
> client plaintext auth = No
> preload modules =
> dedicated keytab file =
> kerberos method = default
> map untrusted to domain = No
> log level = 0
> syslog = 0
> syslog only = No
> log file = /var/log/samba/log.%m
> max log size = 1000
> debug timestamp = Yes
> debug prefix timestamp = No
> debug hires timestamp = Yes
> debug pid = No
> debug uid = No
> debug class = No
> enable core files = Yes
> smb ports = 445 139
> large readwrite = Yes
> max protocol = NT1
> min protocol = CORE
> min receivefile size = 0
> read raw = Yes
> write raw = Yes
> disable netbios = No
> reset on zero vc = No
> acl compatibility = auto
> defer sharing violations = Yes
> nt pipe support = Yes
> nt status support = Yes
> announce version = 4.9
> announce as = NT
> max mux = 50
> max xmit = 16644
> name resolve order = lmhosts wins host bcast
> max ttl = 259200
> max wins ttl = 518400
> min wins ttl = 21600
> time server = No
> unix extensions = Yes
> use spnego = Yes
> client signing = auto
> server signing = No
> client use spnego = Yes
> client ldap sasl wrapping = plain
> enable asu support = No
> svcctl list =
> deadtime = 0
> getwd cache = Yes
> keepalive = 300
> lpq cache time = 30
> max smbd processes = 0
> paranoid server security = Yes
> max disk size = 0
> max open files = 16384
> socket options = TCP_NODELAY
> use mmap = Yes
> hostname lookups = No
> name cache timeout = 660
> ctdbd socket =
> cluster addresses =
> clustering = No
> ctdb timeout = 0
> load printers = No
> printcap cache time = 750
> printcap name =
> cups server =
> cups encrypt = No
> cups connection timeout = 30
> iprint server =
> disable spoolss = No
> addport command =
> enumports command =
> addprinter command =
> deleteprinter command =
> show add printer wizard = Yes
> os2 driver map =
> mangling method = hash2
> mangle prefix = 1
> max stat cache size = 256
> stat cache = Yes
> machine password timeout = 604800
> add user script =
> rename user script =
> delete user script =
> add group script =
> delete group script =
> add user to group script =
> delete user from group script =
> set primary group script =
> add machine script =
> shutdown script =
> abort shutdown script =
> username map script =
> logon script =
> logon path = \\%N\%U\profile
> logon drive =
> logon home = \\%N\%U
> domain logons = No
> init logon delayed hosts =
> init logon delay = 100
> os level = 20
> lm announce = Auto
> lm interval = 60
> preferred master = No
> local master = Yes
> domain master = No
> browse list = Yes
> enhanced browsing = Yes
> dns proxy = No
> wins proxy = No
> wins server =
> wins support = No
> wins hook =
> kernel oplocks = Yes
> lock spin time = 200
> oplock break wait time = 0
> ldap admin dn =
> ldap delete dn = No
> ldap group suffix =
> ldap idmap suffix =
> ldap machine suffix =
> ldap passwd sync = no
> ldap replication sleep = 1000
> ldap suffix =
> ldap ssl = start tls
> ldap ssl ads = No
> ldap deref = auto
> ldap follow referral = Auto
> ldap timeout = 15
> ldap connection timeout = 2
> ldap page size = 1024
> ldap user suffix =
> ldap debug level = 0
> ldap debug threshold = 10
> eventlog list =
> add share command =
> change share command =
> delete share command =
> preload =
> lock directory = /var/run/samba
> state directory = /var/lib/samba
> cache directory = /var/cache/samba
> pid directory = /var/run/samba
> utmp directory =
> wtmp directory =
> utmp = No
> default service =
> message command =
> get quota command =
> set quota command =
> remote announce =
> remote browse sync =
> socket address = 0.0.0.0
> nmbd bind explicit broadcast = Yes
> homedir map = auto.home
> afs username map =
> afs token lifetime = 604800
> log nt token command =
> time offset = 0
> NIS homedir = No
> registry shares = No
> usershare allow guests = No
> usershare max shares = 100
> usershare owner only = Yes
> usershare path = /var/lib/samba/usershares
> usershare prefix allow list =
> usershare prefix deny list =
> usershare template share =
> panic action =
> perfcount module =
> host msdfs = Yes
> passdb expand explicit = No
> idmap backend = tdb
> idmap alloc backend =
> idmap cache time = 604800
> idmap negative cache time = 120
> idmap uid =
> idmap gid =
> template homedir = /home/%D/%U
> template shell = /bin/false
> winbind separator = \
> winbind cache time = 300
> winbind reconnect delay = 30
> winbind enum users = No
> winbind enum groups = No
> winbind use default domain = No
> winbind trusted domains only = No
> winbind nested groups = Yes
> winbind expand groups = 1
> winbind nss info = template
> winbind refresh tickets = No
> winbind offline logon = No
> winbind normalize names = No
> winbind rpc only = No
> create krb5 conf = Yes
> recycle:versions = Yes
> recycle: keeptree = Yes
> recycle: repository = .trash.bin
> comment =
> path =
> username =
> invalid users =
> valid users =
> admin users =
> read list =
> write list =
> printer admin =
> force user =
> force group =
> read only = Yes
> acl check permissions = Yes
> acl group control = No
> acl map full control = Yes
> create mask = 0744
> force create mode = 00
> security mask = 0777
> force security mode = 00
> directory mask = 0755
> force directory mode = 00
> directory security mask = 0777
> force directory security mode = 00
> force unknown acl user = No
> inherit permissions = No
> inherit acls = No
> inherit owner = No
> guest only = No
> administrative share = No
> guest ok = No
> only user = No
> hosts allow =
> hosts deny =
> allocation roundup size = 1048576
> aio read size = 0
> aio write size = 0
> aio write behind =
> ea support = No
> nt acl support = Yes
> profile acls = No
> map acl inherit = No
> afs share = No
> smb encrypt = auto
> block size = 1024
> change notify = Yes
> directory name cache size = 100
> kernel change notify = Yes
> max connections = 0
> min print space = 0
> strict allocate = No
> strict sync = No
> sync always = No
> use sendfile = No
> write cache size = 0
> max reported print jobs = 0
> max print jobs = 1000
> printable = No
> printing = cups
> cups options =
> print command =
> lpq command = %p
> lprm command =
> lppause command =
> lpresume command =
> queuepause command =
> queueresume command =
> printer name =
> use client driver = No
> default devmode = Yes
> force printername = No
> printjob username = %U
> default case = lower
> case sensitive = Auto
> preserve case = Yes
> short preserve case = Yes
> mangling char = ~
> hide dot files = Yes
> hide special files = No
> hide unreadable = No
> hide unwriteable files = No
> delete veto files = No
> veto files =
> hide files =
> veto oplock files =
> map archive = Yes
> map hidden = No
> map system = No
> map readonly = yes
> mangled names = Yes
> store dos attributes = No
> dmapi support = No
> browseable = Yes
> access based share enum = No
> blocking locks = Yes
> csc policy = manual
> fake oplocks = No
> locking = Yes
> oplocks = Yes
> level2 oplocks = Yes
> oplock contention limit = 2
> posix locking = Yes
> strict locking = Auto
> share modes = Yes
> dfree cache time = 0
> dfree command =
> copy =
> preexec =
> preexec close = No
> postexec =
> root preexec =
> root preexec close = No
> root postexec =
> available = Yes
> volume =
> fstype = NTFS
> set directory = No
> wide links = No
> follow symlinks = Yes
> dont descend =
> magic script =
> magic output =
> delete readonly = No
> dos filemode = No
> dos filetimes = Yes
> dos filetime resolution = No
> fake directory create times = No
> vfs objects = recycle
> msdfs root = No
> msdfs proxy =
>
> [lager]
> comment = Lager
> path = /media/lager_hdd
> valid users = user1
> read only = No
> browseable = No
> --------------------------
> --------------------------
> # /etc/nsswitch.conf
> #
> # Example configuration of GNU Name Service Switch functionality.
> # If you have the `glibc-doc-reference' and `info' packages installed, try:
> # `info libc "Name Service Switch"' for information about this file.
>
> passwd: compat
> group: compat
> shadow: compat
>
> hosts: files dns
> networks: files
>
> protocols: db files
> services: db files
> ethers: db files
> rpc: db files
>
> netgroup: nis
> --------------------------
>
More information about the samba
mailing list