With the Samba version 1.9.18 versions of Samba the security = server only accepts a NT password server that is a PDC, and not just a workgroup NT server. I get "Acccess is Denied" and the following entry in the smb.log file debug level=10: Got device type A: Allowed connection from ntcnt.cr.usgs.gov (136.177.64.100) to scmartin Scanning username map /usr/local/samba/lib/users.map 02/19/1998 12:31:47 invalid username/password for scmartin 02/19/1998 12:31:47 error packet at line 171 cmd=117 (SMBtconX) eclass=2 ecode=2 error string = Permission denied This was working before in Samba version 1.9.17 and below. What is broken? Is this just an added feature? Can this be fixed by a modification in the source files so that any NT server regardless of whether it is a PDC or not can authenticate Samba passwords? Thanks for any and all help! We are using the WinCenter Pro multi-user NT product that has a built-in NIS program. Since we are using NIS on these NT servers most of them are not configured as PDCs. Note: I searched in the docs directory for documentation on this, BUGS.txt. security_level.txt, DIAGNOSIS.txt, etc but could not find any answers. Thank you in advance for any and all help. ========================================Samuel C. Martinez, Computer Specialist U.S. Geological Survey, Water Resources Division Branch of Quality Systems ========================================P.O. Box 25046, MS 401 Denver, CO 80225 E-mail: scmartin@usgs.gov WWW: http://btdqs.usgs.gov Phone: (303) 236-1870 x304 Fax: (303) 236-1880 =========================================
Samuel,
This is probably due to the NetWkstUserLogon
check we added in 1.9.18 due to an NT bug where some
NT servers allowed a non-existant user with any password
on as guest (as they were configured to do), but then
failed to set the guest bit in the response to the
Samba server - leaving the Samba server thinking
they were a valid, real user (think of the problem
with someone logging on as user 'root' with a garbage
password to realize why we had to add the check code :-).
If you are sure that your NT systems don't suffer
from this bug you can re-compile Samba versions
1.9.18p0-p2 by changing the compile-time constant
in local.h that controls this check (change the line
that says :
#define USE_NETWKSTAUSERLOGON 1
to :
#define USE_NETWKSTAUSERLOGON 0
in local.h).
With 1.9.18p3 this is now a run-time parameter -
check the release notes for details.
Hope this helps,
Jeremy Allison,
Samba Team.
--
--------------------------------------------------------
Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.
--------------------------------------------------------
Michel Applaincourt
1998-Oct-14 15:28 UTC
Help URGENT : Password for IPC$ and public shares
I configured a samba server with guest account = nobody and security user (i
need that)
nobody has no password (* in /etc/passwd)
I want to have a public printer share, but when trying to connect to it,
it asks for password for the share (same when trying to browse the
computer for IPC$).
I read archives, and notice the solution is to set security = share
but i need security = user (so users are identified with /etc/passwd ....)
is there a solution for this?
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Michel APPLAINCOURT | E-mail : michel.applaincourt@umh.ac.be
Computer Sciences Assistant | Phone : 32 65 373498
Universite de Mons-Hainaut | Fax : 32 65 373318
[Sad...But True]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-