Diembo
2002-Feb-19 21:57 UTC
[Samba] smbpasswd encryption (2.2.3a - RH 7.2 - kernel 2.4.7-10) Win2k
Hi listmembers, due to a few very short but good tips from you guys and to much hassle with my firewall (ipchains) I finally got samba running as a server and client (I even made an update from source, just with normal ./configure, make, make install after uninstalling the previous version of course). With "encrypted passwords = no" everything is working fine (except for some minor things like smbfs). For my interest and my being paranoid about security ;-) I would like to set up encrypted passwords. I read my way through the encryption.html file and made all the recommended steps: I ran the shell script: cat passwd | mksmbpasswd.sh > /usr/local/samba/private/smbpasswd I added the following to smb.conf: # smb.conf [global] encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd I thought that would be all I would have to do! But now not very much is working. I can connect to my samba server from my win2k-box as an anonymous user to a share I have set up for testing the general thing. But I cannot connect to a restricted share with a password, neither from my linux-box nor from the win2k-box. I always get: Anonymous login successful Domain=[HEUER] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager] tree connect failed: NT_STATUS_ACCESS_DENIED when I want to connect to the win2k-box from linux (smbclient //<win2k-box>/<share> -U <mydefaultusername>) and: Anonymous login successful Domain=[MYDOMAIN] OS=[Unix] Server=[Samba 2.2.3a] tree connect failed: NT_STATUS_BAD_NETWORK_NAME for "smbclient //linux/homes -U <myusername>" I have all the users on BOTH mashines! I also tried to change the password from one user to "NO PASSWORDXXXXX..." in the smbpasswd file I gererated with the command above and tried connecting with that user an no password. I am sort of getting somewhere but still not as content as I could be ;-). I also think that the ENCRYPTION-docs aren't very helpfull or I am just too dumb. So, could anybody PLEASE help me in this issue! I am sure it's not a firewall-issue now, my netbios-name-resolving is functioning great with my wins-server (and an open firewall on those ports with a broadcast signal 192.168.0.255, nmblookup works and I can "ping <nameoflinuxbox>" now from my win2k-box) Thanks so far. -- Diembo working @ Linux :-P
Christian Barth
2002-Feb-20 00:14 UTC
[Samba] smbpasswd encryption (2.2.3a - RH 7.2 - kernel 2.4.7-10) Win2k
> Hi listmembers, > due to a few very short but good tips from you guys and to much hassle with > my firewall (ipchains) I finally got samba running as a server and client (I > even made an update from source, just with normal ./configure, make, make > install after uninstalling the previous version of course). > With "encrypted passwords = no" everything is working fine (except for some > minor things like smbfs). For my interest and my being paranoid about > security ;-) I would like to set up encrypted passwords. I read my way > through the encryption.html file and made all the recommended steps: > > I ran the shell script: > cat passwd | mksmbpasswd.sh > /usr/local/samba/private/smbpasswdThis creats a smbpasswd file with all disabled accounts. You must use the smbpasswd command as root for each user to set the password. Have a look at "update encrypted" as well.> > I added the following to smb.conf: > # smb.conf > [global] > encrypt passwords = yes > smb passwd file = /etc/samba/smbpasswdThis path and the path above should be the same. Christian> > I thought that would be all I would have to do! But now not very much is > working. I can connect to my samba server from my win2k-box as an anonymous > user to a share I have set up for testing the general thing. But I cannot > connect to a restricted share with a password, neither from my linux-box nor > from the win2k-box. I always get: > > Anonymous login successful > Domain=[HEUER] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager] > tree connect failed: NT_STATUS_ACCESS_DENIED > > when I want to connect to the win2k-box from linux (smbclient > //<win2k-box>/<share> -U <mydefaultusername>) and: > > Anonymous login successful > Domain=[MYDOMAIN] OS=[Unix] Server=[Samba 2.2.3a] > tree connect failed: NT_STATUS_BAD_NETWORK_NAME > > for "smbclient //linux/homes -U <myusername>" > > I have all the users on BOTH mashines! I also tried to change the password > from one user to "NO PASSWORDXXXXX..." in the smbpasswd file I gererated with > the command above and tried connecting with that user an no password. > > I am sort of getting somewhere but still not as content as I could be ;-). I > also think that the ENCRYPTION-docs aren't very helpfull or I am just too > dumb. So, could anybody PLEASE help me in this issue! I am sure it's not a > firewall-issue now, my netbios-name-resolving is functioning great with my > wins-server (and an open firewall on those ports with a broadcast signal > 192.168.0.255, nmblookup works and I can "ping <nameoflinuxbox>" now from my > win2k-box) > > Thanks so far. > -- > Diembo working @ Linux :-P > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >_(_)_ wWWWw _ @@@@ (_)@(_) vVVVv _ @@@@ (___) _(_)_ @@()@@ wWWWw (_)\ (___) _(_)_ @@()@@ Y (_)@(_) @@@@ (___) `|/ Y (_)@(_) @@@@ \|/ (_)\ / Y \| \|/ /(_) \| |/ | \ | \ |/ | / \ | / \|/ |/ \| \|/ jgs|// \\|/// \\\|//\\\|/// \|/// \\\|// \\|// \\\|// ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Reasonably Related Threads
- security passwd-encryption & netbios-names (wins)-RH 7.2 samba 221a (standard installation from rpm)
- smbclient & printing on win2k box with HP Deskjet 560C (Drivers?) SMB 2.2.3a - Kernel 2.4.7, red hat 7.2
- Re: SMB-server from Win2k -> RH 7.2 - Samba 2.2.1a seen in Network Neighbourhood but
- Samba 2.2.5 Security Bug?
- SMB-server from Win2k -> Red Hat Linux 7.2 - Samba 2.2.1a seen in Network Neighbourhood but not browsable