samba - Jan 2003 - mksmbpasswd.sh and passwd sync problems...

Hello Everyone!

I've spent quite a bit trying to get these shares to work just right.
I'll  past the output of my smb.conf at the end of this message. If anyone
has any advice on this, that would be great.

My first problem is that I'm trying to sync up my /etc/passwd with the
/etc/samba/smbpasswd file. (I'm using Mandrake 9.0 and Samba
2.2.6-1.0.pre2.2.mdk. Mandrake puts the smbpasswd file in the /etc/samba
directory. When I do this command

cat /etc/passwd | mksmbpasswd.sh > /etc/samba/smbpasswd

It does create a smbpasswd file. However, then None of the users can log in to
the shares. I can log into the win98 client, and then see the user's home
directory, the care directory, and the public directory but can't log in to
them.

I've also tried to create the smbpasswd file with webmin, but that
doesn't seem to work either, it gives me three options:
For newly created users, set the password to 1. no password, 2. account locked,
3. use this password

What if I want the same password as the linux password? argh!

The only way I can log into the shares is to actually create an individual
password using smbpasswd -a username.

What am I missing? I know I have successfully done this in the past?


When I do create the password with smbpasswd, I can log in, see the shares, and
actually log in, but Ihave to enter in the password again to access the shares.
Should I have to log in twice?

Sorry for the double questions, Any advice would be very much appreciated. 

Thanks,

Bob

# Global parameters
[global]
        workgroup = PARADISE
        netbios name = SERVER
        server string = Linux Server %v
        interfaces = 127.0.0.1, 192.168.0.254
        hosts allow = 192.168.0.
        security = SHARE
        encrypt passwords = Yes
        passwd program = /usr/bin/passwd %u
        passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n
        unix password sync = Yes
        log file = /var/log/samba/log.%m
        max log size = 50
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        printcap name = lpstat
        dns proxy = No
        printing = cups
        wins support = yes
        os level = 65
        local master = yes
        domain master = yes
        preferred master = yes

[homes]
        comment = Home Directory
        read only = No
        browseable = No

[printers]
        comment = All Printers
        path = /var/spool/samba
        create mask = 0700
        guest ok = Yes
        printable = Yes
        print command = lpr-cups -P %p %s
        # using cups own drivers (use generic PostScript on clients).
        lpq command = lpstat -o %p
        lprm command = cancel %p-%j
        browseable = No

[public]
        comment = Public Directory
        path = /home/samba/public
        write list = @staff
        guest ok = No
        read only = No

[care]
        comment = Careware Data
        path = /home/samba/careware
        valid users = sara, jim, bob
        read only = No
        browseable = Yes

On Sun, 5 Jan 2003, Bob wrote:
> Hello Everyone!
>
> I've spent quite a bit trying to get these shares to work just right.
> I'll past the output of my smb.conf at the end of this message. If
> anyone has any advice on this, that would be great.
>
> My first problem is that I'm trying to sync up my /etc/passwd with the
> /etc/samba/smbpasswd file. (I'm using Mandrake 9.0 and Samba
> 2.2.6-1.0.pre2.2.mdk. Mandrake puts the smbpasswd file in the /etc/samba
> directory. When I do this command
>
> cat /etc/passwd | mksmbpasswd.sh > /etc/samba/smbpasswd
Did you then also set a password in smbpasswd for each user?

Use 'smbpasswd 'username' to add the password. You can use the same
password for both the Linux system and for samba, but since you are using
encrypted passwords you do need to have both password records in place.
One in your smbpasswd file and the other in /etc/passwd (/etc/shadow).

- John T.
>
> It does create a smbpasswd file. However, then None of the users can log
> in to the shares. I can log into the win98 client, and then see the
> user's home directory, the care directory, and the public directory but
> can't log in to them.
>
> I've also tried to create the smbpasswd file with webmin, but that
> doesn't seem to work either, it gives me three options: For newly
> created users, set the password to 1. no password, 2. account locked, 3.
> use this password
>
> What if I want the same password as the linux password? argh!
>
> The only way I can log into the shares is to actually create an
> individual password using smbpasswd -a username.
>
> What am I missing? I know I have successfully done this in the past?
>
>
> When I do create the password with smbpasswd, I can log in, see the
> shares, and actually log in, but Ihave to enter in the password again to
> access the shares. Should I have to log in twice?
>
> Sorry for the double questions, Any advice would be very much appreciated.
>
> Thanks,
>
> Bob
>
> # Global parameters
> [global]
>         workgroup = PARADISE
>         netbios name = SERVER
>         server string = Linux Server %v
>         interfaces = 127.0.0.1, 192.168.0.254
>         hosts allow = 192.168.0.
>         security = SHARE
>         encrypt passwords = Yes
>         passwd program = /usr/bin/passwd %u
>         passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password*
%n\n
>         unix password sync = Yes
>         log file = /var/log/samba/log.%m
>         max log size = 50
>         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>         printcap name = lpstat
>         dns proxy = No
>         printing = cups
>         wins support = yes
>         os level = 65
>         local master = yes
>         domain master = yes
>         preferred master = yes
>
> [homes]
>         comment = Home Directory
>         read only = No
>         browseable = No
>
> [printers]
>         comment = All Printers
>         path = /var/spool/samba
>         create mask = 0700
>         guest ok = Yes
>         printable = Yes
>         print command = lpr-cups -P %p %s
>         # using cups own drivers (use generic PostScript on clients).
>         lpq command = lpstat -o %p
>         lprm command = cancel %p-%j
>         browseable = No
>
> [public]
>         comment = Public Directory
>         path = /home/samba/public
>         write list = @staff
>         guest ok = No
>         read only = No
>
> [care]
>         comment = Careware Data
>         path = /home/samba/careware
>         valid users = sara, jim, bob
>         read only = No
>         browseable = Yes
>
>
>
>
-- 
John H Terpstra
Email: jht@samba.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> Message: 22
> Date: Sun,  5 Jan 2003 08:21:49 -0800
> From: "Bob" <Bob@yellowbugcomputers.com>
> Reply-To: <Bob@yellowbugcomputers.com>
> To: <samba@lists.samba.org>
> Subject: [Samba] mksmbpasswd.sh and passwd sync problems...
>
> Hello Everyone!
>
> I've spent quite a bit trying to get these shares to work just right.
> I'll  past the output of my smb.conf at the end of this message. If
> anyone has any advice on this, that would be great.
>
> My first problem is that I'm trying to sync up my /etc/passwd with the
> /etc/samba/smbpasswd file. (I'm using Mandrake 9.0 and Samba
> 2.2.6-1.0.pre2.2.mdk.
There have been security updates to 2.2.7, but you may want to wait a
bit for 2.2.7a ...
> Mandrake puts the smbpasswd file in the
> /etc/samba directory. When I do this command
>
> cat /etc/passwd | mksmbpasswd.sh > /etc/samba/smbpasswd
>
> It does create a smbpasswd file. However, then None of the users can
> log in to the shares. I can log into the win98 client, and then see
> the user's home directory, the care directory, and the public
> directory but can't log in to them.
This command only makes an empty smbpassd file, which really serves no
purpose, you may as well just do:

# smbpasswd -a <user>
for each user

Why? The linux and windows password hashes are incompatible, the only
way to derive one from the other is to brute-force them. This is the
whole reason for the smbpasswd file.
>
> I've also tried to create the smbpasswd file with webmin, but that
> doesn't seem to work either, it gives me three options:
> For newly created users, set the password to 1. no password, 2.
> account locked, 3. use this password
>
> What if I want the same password as the linux password? argh!
You could use something like pam_smbpass so that if the linux password
is changed, that the samba password is also changed. Or, set it to a
known value and let the users change the samba password from windows. Or
authenticate all other linux services via pam_smb or pam_winbind ....
>
> The only way I can log into the shares is to actually create an
> individual password using smbpasswd -a username.
>
> What am I missing? I know I have successfully done this in the past?
You might want to tell us how ... unless it was using clear-text
passwords and hacking the registry on all the clients, and not being
able to do domain logons at all.
>
>
> When I do create the password with smbpasswd, I can log in
Log in how. Please be clear. Was this into windows? Which version?

, see the
> shares, and actually log in
Again, log in where?
>, but Ihave to enter in the password again
> to access the shares. Should I have to log in twice?
No, you shouldn't be prompted for a password on connecting to a samba
server using encrypted passwords if the username and password on the
client (what the user logged into windows with) match that of the server
>
> Sorry for the double questions, Any advice would be very much
appreciated.
>
> Thanks,
>
> Bob
>
> # Global parameters
> [global]
>         workgroup = PARADISE
>         netbios name = SERVER
>         server string = Linux Server %v
>         interfaces = 127.0.0.1, 192.168.0.254
>         hosts allow = 192.168.0.
>         security = SHARE
          ^^^^^^^^^^^^^^^^

You really should use 'security=user' here IMHO.
>         encrypt passwords = Yes
>         passwd program = /usr/bin/passwd %u
>         passwd chat = *New*UNIX*password* %n\n
*ReType*new*UNIX*password* %n\n
>         unix password sync = Yes
>         log file = /var/log/samba/log.%m
>         max log size = 50
>         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>         printcap name = lpstat
>         dns proxy = No
>         printing = cups
>         wins support = yes
>         os level = 65
>         local master = yes
>         domain master = yes
>         preferred master = yes
>
> [homes]
>         comment = Home Directory
>         read only = No
>         browseable = No
>
> [printers]
>         comment = All Printers
>         path = /var/spool/samba
>         create mask = 0700
>         guest ok = Yes
>         printable = Yes
>         print command = lpr-cups -P %p %s
>         # using cups own drivers (use generic PostScript on clients).
>         lpq command = lpstat -o %p
>         lprm command = cancel %p-%j
>         browseable = No
>
> [public]
>         comment = Public Directory
>         path = /home/samba/public
>         write list = @staff
>         guest ok = No
>         read only = No
>
> [care]
>         comment = Careware Data
>         path = /home/samba/careware
>         valid users = sara, jim, bob
>         read only = No
>         browseable = Yes



- --
|--------------Another happy Mandrake Club member--------------|
Buchan Milne                Mechanical Engineer, Network Manager
Cellphone * Work            +27 82 472 2231 * +27 21 8828820x121
Stellenbosch Automotive Engineering         http://www.cae.co.za
GPG Key                   http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE+GaEhrJK6UGDSBKcRAunTAJ9TvTfe9961Sl/qERIZnZ8hGw+NWACgv6SQ
LexfbQUKJ+89Bcc2ibZm9bc=J3gY
-----END PGP SIGNATURE-----