samba - May 2002 - I need in your help. SMB & 2 problems.

Hello!

I need in your help. I beginner in Linux using & my english is rather poor.
Please help me. This is very important for me, because i am student & no
have money to Commercial Support.

****************

I have 2 PC in students network: first with Winwows 2000 Pro, second with
Linux Mandrake 8.2 (My local address of  Linux PC \\192.168.150.128).
I try tune Samba, so as get access from Winwows 2000 Pro PC to Linux
Mandrake 8.2 PC via SMB  protocol.

I successfully doing this, but occurred some problems:
---------------------

1. Access via authentification box (box with forms login & password) work
properly only if i enable "enableplaintextpassword" in Windows
registry.
This is very bad - this is low security. I want using encrypted passwords! I
disable using plain text passwords in Windows registry. I read documentation
about Samba & paste 2 lines in smb.conf:

   encrypt passwords = yes
   smb passwd file = /etc/samba/smbpasswd

After this i reboot both PC. And again nothing do not work properly - i not
may get access (i recive authentification box with massage "password or
login incorrect", although i insert right password & login!!!)

What i may doing, so as i work with encrypted passwords???

---------------------

2. When i point my Browser from Winwows 2000 Pro PC to \\192.168.150.128 i
recive authentification box with login & password! It's ok!
But if i enter "OK" batton i fall into the windows with 2 folders:
"Printers" & "myshare". This is very bad! If somebody
don't know login &
password he is not must view list of folders "Printers" &
"myshare", though
what this is folders guarded another login & password!

My target:

When i point in my browser to the \\192.168.150.128 & if i don't know
login
& password i must view only authentification box agian & again, so far i
not
insert right login & password (no list shared folders! Only authentification
box)!!!

If i kwon right password & login i must get access directly to
"myshare"
folder (Root folder of Linux PC). I must don't view folder with
"Printers" &
"myshare" folders. I must get access directly to root folder of Linux
PC.

How i may doing this???

---------------------

In additionaly inform:

 a)   My "smbpasswd" file is clear (0 bites).
 b)   In my "smbusers" file i want one line:        root =
administrator
admin
 c)   My username (my login) is "eika"
 d)   My smb.conf:

[global]

    workgroup = LINUXGROUP
    netbios name = mycnfname
    server string = Samba Server %v
;   printcap name = lpstat
    load printers = no
;   printing = cups
;   printer admin = @adm
    log file = /var/log/samba/log.%m
    max log size = 50
;   guest account = nobody
;   security = user
;   password server = <NT-Server-Name>
;   password server = *
;   password level = 8
;   username level = 8
    encrypt passwords = yes
    smb passwd file = /etc/samba/smbpasswd
;   unix password sync = Yes
;   passwd program = /usr/bin/passwd %u
;   passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n
;*passwd:*all*authentication*tokens*updated*successfully*
;   username map = /etc/samba/smbusers
;   include = /etc/samba/smb.conf.%m
;   winbind uid = 10000-20000
;   winbind gid = 10000-20000
;   winbind separator = +
;   template homedir = /home/%D/%U
;   template shell = /bin/bash
    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
;   interfaces = 192.168.12.2/24 192.168.13.2/24
;   remote browse sync = 192.168.3.25 192.168.5.255
;   remote announce = 192.168.1.255 192.168.2.44
;   local master = no
;   os level = 33
;   domain master = yes
;   preferred master = yes
;   domain logons = yes
;   logon script = %m.bat
;   logon script = %U.bat
;   logon path = \\%L\Profiles\%U
;   logon home = \\%L\%U\.profile
;   add user script = /usr/sbin/useradd -d /dev/null -g machines -c 'Machine
Account' -s /bin/false -M %u
;   add user script = /usr/sbin/useradd -s /bin/false %u
;   domain admin group = root @wheel
;   domain guest group = nobody @guest
;   name resolve order = wins lmhosts bcast
;   wins support = yes
;   wins server = w.x.y.z
;   wins proxy = yes
    dns proxy = no
;   preserve case = no
;   short preserve case = no
;   default case = lower
;   case sensitive = no
;   client code page = 850
;   character set = ISO8859-1

#============================ Share Definitions
=============================[myshare]
   comment = EIKA stuff
   path = /
   valid users = eika
   public = no
   writable = yes
   printable = no
   create mask = 0765








Best Regards,
Art

On Thu, 2002-05-02 at 17:43, Artem Sokovtcev wrote:
> Hello!
> 
> I need in your help. I beginner in Linux using & my english is rather
poor.
> Please help me. This is very important for me, because i am student &
no
> have money to Commercial Support.
> 
don't bother to include samba-technical 
that is for development discussions 
> ****************
> 
> I have 2 PC in students network: first with Winwows 2000 Pro, second with
> Linux Mandrake 8.2 (My local address of  Linux PC \\192.168.150.128).
> I try tune Samba, so as get access from Winwows 2000 Pro PC to Linux
> Mandrake 8.2 PC via SMB  protocol.
> 
> I successfully doing this, but occurred some problems:
> ---------------------
> 
> 1. Access via authentification box (box with forms login & password)
work
> properly only if i enable "enableplaintextpassword" in Windows
registry.
> This is very bad - this is low security. I want using encrypted passwords!
I
> disable using plain text passwords in Windows registry. I read
documentation
> about Samba & paste 2 lines in smb.conf:
> 
>    encrypt passwords = yes
>    smb passwd file = /etc/samba/smbpasswd
>
make sure you reset the password on the samba machine
smbpasswd username
 
> After this i reboot both PC. And again nothing do not work properly - i not
> may get access (i recive authentification box with massage "password
or
> login incorrect", although i insert right password & login!!!)
> 
> What i may doing, so as i work with encrypted passwords???
> 
> ---------------------
> 
> 2. When i point my Browser from Winwows 2000 Pro PC to \\192.168.150.128 i
> recive authentification box with login & password! It's ok!
> But if i enter "OK" batton i fall into the windows with 2
folders:
> "Printers" & "myshare". This is very bad! If
somebody don't know login &
> password he is not must view list of folders "Printers" &
"myshare", though
> what this is folders guarded another login & password!
> 
> My target:
> 
> When i point in my browser to the \\192.168.150.128 & if i don't
know login
> & password i must view only authentification box agian & again, so
far i not
> insert right login & password (no list shared folders! Only
authentification
> box)!!!
> 
> If i kwon right password & login i must get access directly to
"myshare"
> folder (Root folder of Linux PC). I must don't view folder with
"Printers" &
> "myshare" folders. I must get access directly to root folder of
Linux PC.
> 
> How i may doing this???
i think you're looking for the "browsable"
parameter
> ---------------------
> 
> In additionaly inform:
> 
>  a)   My "smbpasswd" file is clear (0 bites).
no this needs to be populated
use smbpasswd -a username and set a password
>  b)   In my "smbusers" file i want one line:        root =
administrator
> admin
right
>  c)   My username (my login) is "eika"
you should have this user in both the smbpasswd and the passwd
files
>  d)   My smb.conf:
> 
> [global]
> 
>     workgroup = LINUXGROUP
>     netbios name = mycnfname
>     server string = Samba Server %v
> ;   printcap name = lpstat
>     load printers = no
> ;   printing = cups
> ;   printer admin = @adm
>     log file = /var/log/samba/log.%m
>     max log size = 50
this should be larger 
try 1000
> ;   guest account = nobody
> ;   security = user
> ;   password server = <NT-Server-Name>
> ;   password server = *
> ;   password level = 8
> ;   username level = 8
>     encrypt passwords = yes
>     smb passwd file = /etc/samba/smbpasswd
> ;   unix password sync = Yes
> ;   passwd program = /usr/bin/passwd %u
> ;   passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n
> ;*passwd:*all*authentication*tokens*updated*successfully*
> ;   username map = /etc/samba/smbusers
> ;   include = /etc/samba/smb.conf.%m
> ;   winbind uid = 10000-20000
> ;   winbind gid = 10000-20000
> ;   winbind separator = +
> ;   template homedir = /home/%D/%U
> ;   template shell = /bin/bash
>     socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> ;   interfaces = 192.168.12.2/24 192.168.13.2/24
> ;   remote browse sync = 192.168.3.25 192.168.5.255
> ;   remote announce = 192.168.1.255 192.168.2.44
> ;   local master = no
> ;   os level = 33
> ;   domain master = yes
> ;   preferred master = yes
> ;   domain logons = yes
> ;   logon script = %m.bat
> ;   logon script = %U.bat
> ;   logon path = \\%L\Profiles\%U
> ;   logon home = \\%L\%U\.profile
> ;   add user script = /usr/sbin/useradd -d /dev/null -g machines -c
'Machine
> Account' -s /bin/false -M %u
> ;   add user script = /usr/sbin/useradd -s /bin/false %u
> ;   domain admin group = root @wheel
> ;   domain guest group = nobody @guest
> ;   name resolve order = wins lmhosts bcast
> ;   wins support = yes
> ;   wins server = w.x.y.z
> ;   wins proxy = yes
>     dns proxy = no
> ;   preserve case = no
> ;   short preserve case = no
> ;   default case = lower
> ;   case sensitive = no
> ;   client code page = 850
> ;   character set = ISO8859-1
> 
> #============================ Share Definitions
> =============================> [myshare]
>    comment = EIKA stuff
>    path = /
>    valid users = eika
>    public = no
add browsable = no here
>    writable = yes
>    printable = no
>    create mask = 0765
> 
enjoy samba!

brad