On Sun, 2005-09-11 at 08:40 -0400, Cynthia Jeness wrote:> I am using Samba 3.0.13-1.1 which I installed as part of installing Suse
> 9.3. I started working my way through the Samba manual and set up the
> following simple configuration file:
>
> [general]
> workgroup = TUX-NET
>
> [homes]
> guest ok = no
> read only = no
>
> I was then able to successfully connect from another Linux client also
> running Suse 9.3. However, when I moved to my Windows client, I
> received the following error when I used net use z: \\fragbox\cj
> user:cj pippin
>
> System error 1240 - The account is not authorized to log in from this
> station.
>
> I did some googling and some Microsoft postings which indicated that
> this was related to encryption or not having guest enabled. So I
> changed my configuration to the following
>
> [general]
> workgroup = TUX-NET
> encrypt passwords = yes
>
> [homes]
> guest ok = yes
> read only = no
>
> Now I get the following error:
>
> System error 1326 has occurred. Logon failure: unknown user name
> or bad password.
>
> Also, with encryption on, my test from the Linux client also fails.
>
> Several other points. I do have a user account on the my Samba server
> (fragbox) with the user name cj and the password pippin. Also, I did
> change my work group name on Microsoft to "TUX-NET" and I see
TUX-NET
> when I use the Microsoft browse facility. I have looked at the two
> logs under /var/log/samba and there is no message in the logs when I
> initiate anything from the Windows side.
>
> I have used Samba successfully a couple of years ago but only with
> unencrypted passwords. Given the concerns about security, I do not
> want to resort to that again. We are proposing to replace an old
> Novell server with a new Linux server at a non-profit agency. So I
> need to verify that this will really work before I recommend that they
> make such a move. Please note that this is all volunteer and not for
> profit on my part.
----
Yes - it works
Samba has excellent documentation
http://www.samba.org/samba/docs/
I would suggest that you look at Samba by Example and find an example
that most represents yours.
man smb.conf
map to guest (G)
This parameter is only useful in security modes other than
security = share - i.e. user, server, and domain.
This parameter can take three different values, which tell
smbd(8) what to do with user login requests that don?t match a valid
UNIX user in some way.
The three settings are :
? Never - Means user login requests with an invalid
password are rejected. This is the default.
? Bad User - Means user logins with an invalid password
are rejected, unless the username does not exist, in which case it is
treated as a
guest login and mapped into the guest account.
? Bad Password - Means user logins with an invalid
password are treated as a guest login and mapped into the guest account.
Note that this
can cause problems as it means that any user incorrectly typing their
password will be silently logged on as "guest" - and will not know the
reason they cannot access files they think they should - there will have
been no message given to them that they got their password wrong.
Helpdesk services will hate
you if you set the map to guest parameter this way :-).
Note that this parameter is needed to set up "Guest" share
services when using security modes other than share. This is because in
these modes the
name of the resource being requested is not sent to the server until
after the server has successfully authenticated the client so the server
cannot make
authentication decisions at the correct time (connection to the share)
for "Guest" shares.
For people familiar with the older Samba releases, this parameter
maps to the old compile-time setting of the GUEST_SESSSETUP value in
local.h.
Default: map to guest = Never
Example: map to guest = Bad User