samba - Feb 2002 - smbpasswd encryption (2.2.3a - RH 7.2 - kernel 2.4.7-10) Win2k

Hi listmembers,
due to a few very short but good tips from you guys and to much hassle with 
my firewall (ipchains) I finally got samba running as a server and client (I 
even made an update from source, just with normal ./configure, make, make 
install after uninstalling the previous version of course). 
With "encrypted passwords = no" everything is working fine (except for
some
minor things like smbfs). For my interest and my being paranoid about 
security ;-) I would like to set up encrypted passwords. I read my way 
through the encryption.html file and made all the recommended steps:

I ran the shell script:
cat passwd | mksmbpasswd.sh > /usr/local/samba/private/smbpasswd

I added the following to smb.conf:
# smb.conf
[global]
	encrypt passwords = yes
	smb passwd file = /etc/samba/smbpasswd

I thought that would be all I would have to do! But now not very much is 
working. I can connect to my samba server from my win2k-box as an anonymous 
user to a share I have set up for testing the general thing. But I cannot 
connect to a restricted share with a password, neither from my linux-box nor 
from the win2k-box. I always get:

Anonymous login successful
Domain=[HEUER] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager]
tree connect failed: NT_STATUS_ACCESS_DENIED

when I want to connect to the win2k-box from linux (smbclient 
//<win2k-box>/<share> -U <mydefaultusername>) and:

Anonymous login successful
Domain=[MYDOMAIN] OS=[Unix] Server=[Samba 2.2.3a]
tree connect failed: NT_STATUS_BAD_NETWORK_NAME
 
for "smbclient //linux/homes -U <myusername>"

I have all the users on BOTH mashines! I also tried to change the password 
from one user to "NO PASSWORDXXXXX..." in the smbpasswd file I
gererated with
the command above and tried connecting with that user an no password.

I am sort of getting somewhere but still not as content as I could be ;-). I 
also think that the ENCRYPTION-docs aren't very helpfull or I am just too 
dumb. So, could anybody PLEASE help me in this issue! I am sure it's not a 
firewall-issue now, my netbios-name-resolving is functioning great with my 
wins-server (and an open firewall on those ports with a broadcast signal 
192.168.0.255, nmblookup works and I can "ping <nameoflinuxbox>"
now from my
win2k-box)

Thanks so far.
-- 
Diembo working @ Linux :-P

> Hi listmembers,
> due to a few very short but good tips from you guys and to much hassle with
> my firewall (ipchains) I finally got samba running as a server and client
(I
> even made an update from source, just with normal ./configure, make, make 
> install after uninstalling the previous version of course). 
> With "encrypted passwords = no" everything is working fine
(except for some
> minor things like smbfs). For my interest and my being paranoid about 
> security ;-) I would like to set up encrypted passwords. I read my way 
> through the encryption.html file and made all the recommended steps:
> 
> I ran the shell script:
> cat passwd | mksmbpasswd.sh > /usr/local/samba/private/smbpasswd
This creats a smbpasswd file with all disabled accounts. You must use 
the smbpasswd command as root for each user to set the password. Have 
a look at "update encrypted" as well.
> 
> I added the following to smb.conf:
> # smb.conf
> [global]
> 	encrypt passwords = yes
> 	smb passwd file = /etc/samba/smbpasswd
This path and the path above should be the same.

Christian
> 
> I thought that would be all I would have to do! But now not very much is 
> working. I can connect to my samba server from my win2k-box as an anonymous
> user to a share I have set up for testing the general thing. But I cannot 
> connect to a restricted share with a password, neither from my linux-box
nor
> from the win2k-box. I always get:
> 
> Anonymous login successful
> Domain=[HEUER] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager]
> tree connect failed: NT_STATUS_ACCESS_DENIED
> 
> when I want to connect to the win2k-box from linux (smbclient 
> //<win2k-box>/<share> -U <mydefaultusername>) and:
> 
> Anonymous login successful
> Domain=[MYDOMAIN] OS=[Unix] Server=[Samba 2.2.3a]
> tree connect failed: NT_STATUS_BAD_NETWORK_NAME
>  
> for "smbclient //linux/homes -U <myusername>"
> 
> I have all the users on BOTH mashines! I also tried to change the password 
> from one user to "NO PASSWORDXXXXX..." in the smbpasswd file I
gererated with
> the command above and tried connecting with that user an no password.
> 
> I am sort of getting somewhere but still not as content as I could be ;-).
I
> also think that the ENCRYPTION-docs aren't very helpfull or I am just
too
> dumb. So, could anybody PLEASE help me in this issue! I am sure it's
not a
> firewall-issue now, my netbios-name-resolving is functioning great with my 
> wins-server (and an open firewall on those ports with a broadcast signal 
> 192.168.0.255, nmblookup works and I can "ping
<nameoflinuxbox>" now from my
> win2k-box)
> 
> Thanks so far.
> -- 
> Diembo working @ Linux :-P
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
> 

               _(_)_                          wWWWw   _
   @@@@       (_)@(_)   vVVVv     _     @@@@  (___) _(_)_
  @@()@@ wWWWw  (_)\    (___)   _(_)_  @@()@@   Y  (_)@(_)
   @@@@  (___)     `|/    Y    (_)@(_)  @@@@   \|/   (_)\
    /      Y       \|    \|/    /(_)    \|      |/      |
 \ |     \ |/       | / \ | /  \|/       |/    \|      \|/
jgs|//   \\|///  \\\|//\\\|/// \|///  \\\|//  \\|//  \\\|// 
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^