samba - Jan 1998 - password and some other problems

Hi,

I have some problems (or questions) about samba and WinNT.  We have 4 Unix
machines: a Linux (running samba 1.9.17p4), two IBM RS/6000 (running samba
1.9.16p9), and a Sun Spark (running samba 1.9.16p9).  Basically, they are
running well except the following problems (questions):

1. After upgrading the samba from 1.9.16p9 to 1.9.17p4 on the Linux machine
(kernel 2.0.30), I can not set ?security=user? anymore. Users always get
error message ?Invalid password? when they try to mount network drive, even
as root (I tried it).  Then, I try to set ?security=server? and ?password
server = our NT server?, then it works!  We did not have this problem
before, and still don?t have this problem with samba 1.9.16p9 on other 3
machines.  Can anybody tell me why?  I saw a similar problem from several
other posts.

2. This is not a problem, but just a very inconvenient feature that I hope
somebody can help me. Windows 95  and Windows 3.11 users can mount all samba
drives automatically when they log on their windows.  However, Windows NT
4.0 users have to type password for EVERY DRIVE ON EACH SAMBA SERVER
manually.  Since we have 4 Unix machines, they have to type their password 4
times whenever they log on.  They feel very unhappy and I can not help them.
Can somebody tell me if it is possible to ?simplify the log on procedure??

3. I remember somebody mentioned ?password map? between samba servers (UNIX
machines) and Windows NT server (4.0), i.e. if a user changes his password
on a UNIX machine, he does not have to change his password on NT server to
the same one as on the UNIX machine.  In other words, a user can have 5
different password on our NT server and 4 UNIX machines, and change them in
any way he likes.  Can somebody tell me how to do this?

I appreciate all the help!

Hongwei Li

Hongwei Li wrote:
> 
> Hi,
> 
> I have some problems (or questions) about samba and WinNT.  We have 4 Unix
...
> 1. After upgrading the samba from 1.9.16p9 to 1.9.17p4 on the Linux machine
> (kernel 2.0.30), I can not set ?security=user? anymore. Users always get
> error message ?Invalid password? when they try to mount network drive, even
> as root (I tried it).  Then, I try to set ?security=server? and ?password
> server = our NT server?, then it works!  We did not have this problem
> before, and still don?t have this problem with samba 1.9.16p9 on other 3
> machines.  Can anybody tell me why?  I saw a similar problem from several
> other posts.
As I remember, 1.9.16 did not have encrypted password support compiled
in as standard. 1.9.17 has. This means you have to insert the line
"encrypt passwords = no" into your /etc/smb.conf or (and this will
solve
the following problem) read the instructions on using encrypted
passwords in "Encryption.txt" in the docs.
> 2. This is not a problem, but just a very inconvenient feature that I hope
> somebody can help me. Windows 95  and Windows 3.11 users can mount all
samba
> drives automatically when they log on their windows.  However, Windows NT
> 4.0 users have to type password for EVERY DRIVE ON EACH SAMBA SERVER
> manually.  Since we have 4 Unix machines, they have to type their password
4
> times whenever they log on.  They feel very unhappy and I can not help
them.
> Can somebody tell me if it is possible to ?simplify the log on procedure??
NT refuses to save passwords if they are not encrypted (it would have
to store them in an unsafe way). If you configure your samba server
to support encrypted passwords, NT will save them encrypted for future
logons.
> 3. I remember somebody mentioned ?password map? between samba servers (UNIX
> machines) and Windows NT server (4.0), i.e. if a user changes his password
> on a UNIX machine, he does not have to change his password on NT server to
> the same one as on the UNIX machine.  In other words, a user can have 5
> different password on our NT server and 4 UNIX machines, and change them in
> any way he likes.  Can somebody tell me how to do this?
Without using NT as password server, the passwords for NT and samba
should naturally be independent from each other... or didn't I
understand
what you are talking about ?
-- 
Dieter Rothacker, student of computer sciences

Thanks a lot for you help.  I still have some questions:

-----Original Message-----
From: Dieter Rothacker <Didi@Xterminator.STUDFB.UniBw-Muenchen.de>
To: hongwei@morpheus.wustl.edu <hongwei@morpheus.wustl.edu>
Cc: Multiple recipients of list <samba@samba.anu.edu.au>
Date: Tuesday, January 13, 1998 5:41 PM
Subject: Re: password and some other problems

>Hongwei Li wrote:
>>
>> Hi,
>>
>> I have some problems (or questions) about samba and WinNT.  We have 4
Unix
>...
>> 1. After upgrading the samba from 1.9.16p9 to 1.9.17p4 on the Linux
machine
>> (kernel 2.0.30), I can not set ?security=user? anymore. Users always
get
>> error message ?Invalid password? when they try to mount network drive,
even
>> as root (I tried it).  Then, I try to set ?security=server? and
?password
>> server = our NT server?, then it works!  We did not have this problem
>> before, and still don?t have this problem with samba 1.9.16p9 on other
3
>> machines.  Can anybody tell me why?  I saw a similar problem from
several
>> other posts.
>
>As I remember, 1.9.16 did not have encrypted password support compiled
>in as standard. 1.9.17 has. This means you have to insert the line
>"encrypt passwords = no" into your /etc/smb.conf or (and this will
solve
** Do you mean version 1.9.17p4?  I don't have it in it.  Then, it seems
that my NT server should remember the password as you mentioned below in 2.
However, our users have to type their passwords for every samba server, that
means the NT server DOES NOT remember the password.  Why?
>the following problem) read the instructions on using encrypted
>passwords in "Encryption.txt" in the docs.
>
>> 2. This is not a problem, but just a very inconvenient feature that I
hope
>> somebody can help me. Windows 95  and Windows 3.11 users can mount all
samba
>> drives automatically when they log on their windows.  However, Windows
NT
>> 4.0 users have to type password for EVERY DRIVE ON EACH SAMBA SERVER
>> manually.  Since we have 4 Unix machines, they have to type their
password 4
>> times whenever they log on.  They feel very unhappy and I can not help
them.
>> Can somebody tell me if it is possible to ?simplify the log on
procedure?
?
>
>NT refuses to save passwords if they are not encrypted (it would have
>to store them in an unsafe way). If you configure your samba server
>to support encrypted passwords, NT will save them encrypted for future
>logons.
>
>> 3. I remember somebody mentioned ?password map? between samba servers
(UNIX
>> machines) and Windows NT server (4.0), i.e. if a user changes his
password
>> on a UNIX machine, he does not have to change his password on NT server
to
>> the same one as on the UNIX machine.  In other words, a user can have 5
>> different password on our NT server and 4 UNIX machines, and change
them
in
>> any way he likes.  Can somebody tell me how to do this?
>
>Without using NT as password server, the passwords for NT and samba
>should naturally be independent from each other... or didn't I
>understand
>what you are talking about ?

** Here is an example: a user has the same password on our NT server and the
samba server (1.9.17p4).  He can mount samba server drives without any
problem.  One day, he chanses his password on the samba server, but does not
change his password on NT server.  From that time, he can never mount any
samba server drive until he changes his password on NT server to the same
one as on the samba server.

** My question: is it possible to set a "password map" somewhere to
allow
users change their password freely (the passwords on NT servers and on samba
servers can be different) without affecting mounting samba server drives?
>--
>Dieter Rothacker, student of computer sciences
>
I realized that I did not compile samba 1.9.17p4 supporting encrypted
password.   Maybe I should do it first to see any changes.  I'll try.

Thanks again!

Hongwei