Hello, all..
I'm running into some weird password problems with Samba 2.0.5a.
Here's what I'm *trying* to do.
I have several Linux & Sun boxes that I'd like to share their
resources with various DOS/Win9x PCs. I don't want to have to
maintain password files on each of the these. Currently, the Unix
passwords are shared via NIS, with a SunOS box as the master.
What I understand is the *right* way to handle this is to have one
box handle all smb password authentication. This box, BTW, is
named 'grumpy2'. So, grumpy2 has in his smb.conf:
> [global]
> wins support = yes
> domain master = yes
> local master = yes
> preferred master = yes
> os level = 65
> encrypt passwords = yes
> printing = bsd
> printcap name = /etc/printcap
> load printers = yes
> workgroup = software
> log file = /usr/local/samba/log/samba-log.%m
> lock directory = /var/spool/locks/samba
> client code page = 437
> ; update encrypted = yes
> share modes = yes
> debug level = 2
> password level = 4
> mangled names = yes
> max log size = 500
Grumpy2 also has the 'smbpasswd' file. This seems to work ok, as
DOS boxes (at least) can use services directly on grumpy2.
net use m: \\grumpy2\local
Now, I'm trying to set up a Linux box (gandalf) to use grumpy2 to do
the password validation... This isn't working very well at all.
First, here's the relevant portion of smb.conf:
> [global]
> printing = bsd
> printcap name = /etc/printcap
> load printers = yes
> workgroup = software
> log file = /usr/local/samba/var/samba-log.%m
> lock directory = /var/spool/locks/samba
> client code page = 437
> ; encrypt passwords = yes
> ; update encrypted = yes
> share modes = yes
> password level = 4
> mangled names = yes
> max log size = 500
> security = server
> password server = grumpy2
What I see is the following:
>From the DOS box, I type:
net use m: \\gandalf\local
There's a several second delay *before* I get (from
DOS):> The password is invalid for \\GANDALF\LOCAL.
> Type the password for \\GANDALF\LOCAL
What I've found, from examining the log files, is that all authentical
is done *before* I type in the password here. I can see that gandalf
talks to grumpy2, the password (*what password?*) is rejected. The
logs on grumpy2 agree.
*Then*, I type in the password, and, as far as I can tell, gandalf
doesn't even try to talk to grumpy2. Since there is no smbpasswd
file on gandalf, the session is rejected, although the password is
correct.
Wait... I just tried this again, while typing this. There was a
several minute delay between the time that I typed the 'net use'
and the password at the prompt. This time, gandalf actually sent
*something* to grumpy2 for authentication, but it was rejected.
I have debug level 25 enabled -- here's a snippet from this last
session on grumpy2 (after I typed the password at the DOS box):
The user 'nleroy', BTW, is correct.
> [1999/10/21 11:14:31, 5] passdb/smbpass.c:getsmbfilepwent(258)
> getsmbfilepwent: returning passwd entry for user nleroy, uid 224
> [1999/10/21 11:14:31, 10] passdb/passdb.c:iterate_getsmbpwnam(158)
> found by name: nleroy
> [1999/10/21 11:14:31, 7] passdb/smbpass.c:endsmbfilepwent(81)
> endsmbfilepwent: closed password file.
> [1999/10/21 11:14:31, 4] smbd/password.c:smb_password_ok(404)
> Checking SMB password for user nleroy
> [1999/10/21 11:14:31, 5] smbd/password.c:smb_password_ok(423)
> challenge received
> [1999/10/21 11:14:31, 4] smbd/password.c:smb_password_ok(431)
> smb_password_ok: Checking NT MD4 password
> [1999/10/21 11:14:31, 4] smbd/password.c:smb_password_ok(438)
> NT MD4 password check failed
> [1999/10/21 11:14:31, 4] smbd/password.c:smb_password_ok(444)
> Checking LM MD4 password
> [1999/10/21 11:14:31, 4] smbd/password.c:smb_password_ok(460)
> LM MD4 password check failed
> [1999/10/21 11:14:31, 1] smbd/password.c:pass_check_smb(532)
> smb_password_check failed. Invalid password given for user
'nleroy'
Obviously, I have something ill configured, but I've tried just about
every combination that I can think of, and just can't get this working.
I'd appreciate any light anybody can shed on this.
Thanks
-Nick
--
+-------------------------------+--------------------------------------------+
| /`--_ Nicholas R LeRoy | In a world without fences, Who needs Gates?|
|{ }/ Norland Corporation | ---- Experience Linux! ---- |
| \ * / W6340 Hackbarth Rd | http://www.linux.org | http://www.ssc.com |
| |___| Fort Atkinson, WI 53538 +--------------------------------------------+
| nick.leroy@norland.com | #include <disclaimer.h>
|
|http://www3.norland.com/~nleroy| These are my own ideas, not my employer's.
|
+----------------------------------------------------------------------------+
