Hi folks,
I'm having a strange problem with a client for whom I've set up Samba
(2.0.7
- packages samba-common-2.0.7-18mdk & samba-2.0.7-18mdk) on a server with
Linux-Mandrake 7.2. The client uses both Win95 and Win98 workstations.
The problem is that there appears to be no password checking at all, i.e a
user with a valid login (i.e. a user in /etc/smbuser) can login without a
password or even with a wrong one. They can cancel out of the subsequent
Windows Logon, but still get their proper [homes] share and other network
drive mappings (using a batch file in the [netlogon] share).
Has anyone ever seen this before??
I have implemented roaming profiles, and am using domain logins. Note, all
smbusers are members of unix group "staff".
Could this be a shadow passwords issue? Pam?? I've used Webmin to
synchronise the smbpasswd file to the /etc/passwd file.
My /etc/smb.conf file is below for reference (note, I've commented out
options I tried to see if they'd change the situation, but which didn't
make
a difference)
Thanks for any insight anyone might be able to provide. Regards,
Dave Lane
--------- /etc/smb.conf ------------------
# Samba config file created using SWAT
# from UNKNOWN (0.0.0.0)
# Date: 2001/04/30 16:47:07
# Global parameters
[global]
netbios name = SERVER
server string = File Server
interfaces = eth0
bind interfaces only = Yes
encrypt passwords = Yes
# unix password sync = Yes
debug level = 5
log file = /var/log/samba/log.%m
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
logon script = netlogon.bat
logon home = /home/%U
domain logons = Yes
# preferred master = Yes
domain master = Yes
comment = Linux Server running Samba
# guest account = ftp
# valid users = @staff
# read list = @staff
# write list = @staff
oplocks = No
# null passwords = No
[netlogon]
path = /home/netlogon
[homes]
comment = Home Directories
writeable = Yes
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
[share]
path = /home/share
writeable = Yes
create mask = 0777
directory mask = 0777
[apps]
path = /home/apps
writeable = Yes
create mask = 0777
directory mask = 0777
[mail]
path = /home/mail
writeable = Yes
create mask = 0733
directory mask = 0733
[backup]
comment = share for backup of user data
path = /home/sambadirs
--
*********************************************************************
* David Lane, Director www.egressive.co.nz | dlane@egressive.co.nz *
* Linux: it just tastes better. Christchurch, New Zealand *
*********************************************************************
Sorry to respond to this myself, but I've found my problem with users able to login without (or with incorrect) passwords... When I use Webmin's (version 0.80 w/ Linux-Mandrake) Samba module to "Convert Users" from being listed only in the /etc/passwd file to being listed also in the /etc/smbpasswd file, there is an option "For newly created users, set password to: X - no password o - account locked o - use this password _______________ And, by default, it would seem, "no password" is selected. This means that any new user added to smbpasswd from /etc/passwd automatically gets the "no password" option, leading to the problem I encountered. This may be changed in more recent versions of Webmin (www.webmin.com). By simply re-entering the user passwords (either through smbpasswd on the command line or through the Samba Users screen in Webmin), I was able to set the proper passwords, which forces users to enter them properly. Sorry for the trouble - hope this helps someone else! Thanks for a great application that has been very important to my business. I'm looking forward to implementing my first Samba 2.2.x installation in the next week or so. Regards, Dave -- ********************************************************************* * David Lane, Director www.egressive.co.nz | dlane@egressive.co.nz * * Linux: it just tastes better. Christchurch, New Zealand * *********************************************************************