Hi,
I have samba installed on my Linux system (Red Hat
7.2), and
Windows 98 on another PC as a Samba client. Samba
works great
if PlainTextPassword is enabled. However, if
PlainTextPassword is
disabled on Windows client, connection to the Samba
shares no
longer accepted.
I believe I've done everything in order to make
encrypt passwd working:
* I converted /etc/passwd to /etc/samba/smbpasswd
using mksmbpasswd.sh
script.
cat /etc/passwd | mksmbpasswd.sh >
smbpasswd
This resulted in a new smbpasswd file:
-rw------- 1 root root
4202 May 21 12:06 smbpasswd
I feel a little uncomfortable about the file
permission, there I change the
mode to 0644 (-rw-r--r--).
* Here is my /etc/samba/smb.conf file
[global]
workgroup = MYGROUP
security = USER
log file = /var/log/samba-log.%m
lock dir = /var/lock/samba
encrypt passwords = Yes
smb passwd file = /etc/samba/smbpasswd
[homes]
comment = Home Directory
read only = No
create mask = 0750
browseable = No
[tmp]
comment = Temporary file space
path = /tmp
read only = No
Note that the smb.conf file works in the
PlainTextPasswd mode before
the two parameters was added:
encrypt passwords = Yes
smb passwd file = /etc/samba/smbpasswd
* I restarted Samba daemon
/etc/init.d/smb restart
* I followed the test steps as outlined in
diagnosis.txt by Andrew Tridgell
But every attempt to connect to the smb server got
denyed:
[root@star samba]# smbclient -L star
added interface ip=192.168.1.1 bcast=192.168.1.255
nmask=255.255.255.0
Password:
session setup failed: ERRSRV - ERRbadpw (Bad password
- name/password pair in a
Tree Connect or Session Setup are invalid.)
[root@star samba]#
I suspect my Samba binary doesn't acctually support
encrypt passwd, but how can I
tell if it is or not?
Thanks in advance.
Chimin Yen
__________________________________________________
Do You Yahoo!?
LAUNCH - Your Yahoo! Music Experience
http://launch.yahoo.com
Hi,
I have samba installed on my Linux system (Red Hat
7.2), and
Windows 98 on another PC as a Samba client. Samba
works great
if PlainTextPassword is enabled. However, if
PlainTextPassword is
disabled on Windows client, connection to the Samba
shares no
longer accepted.
I believe I've done everything in order to make
encrypt passwd working:
* I converted /etc/passwd to /etc/samba/smbpasswd
using
mksmbpasswd.sh script.
cat /etc/passwd | mksmbpasswd.sh>smbpasswd
This resulted in a new smbpasswd file:
-rw------- 1 root root 4202
May 21 12:06 smbpasswd
I feel a little uncomfortable about the file
permission, therefore
I change the mode to 0644 (-rw-r--r--).
* Here is my /etc/samba/smb.conf file
[global]
workgroup = MYGROUP
security = USER
log file = /var/log/samba-log.%m
lock dir = /var/lock/samba
encrypt passwords = Yes
smb passwd file = /etc/samba/smbpasswd
[homes]
comment = Home Directory
read only = No
create mask = 0750
browseable = No
[tmp]
comment = Temporary file space
path = /tmp
read only = No
Note that the smb.conf file worked in the
PlainTextPasswd mode before
the two parameters were added:
encrypt passwords = Yes
smb passwd file = /etc/samba/smbpasswd
* I restarted Samba daemon
/etc/init.d/smb restart
* I followed the test steps as outlined in
diagnosis.txt by Andrew Tridgell
But every attempt to connect to the smb server got
denied:
[root@star samba]# smbclient -L star
added interface ip=192.168.1.1 bcast=192.168.1.255
nmask=255.255.255.0
Password:
session setup failed: ERRSRV - ERRbadpw (Bad password
- name/password pair in a
Tree Connect or Session Setup are invalid.)
[root@star samba]#
The following transcript may also be of help in
finding what's wrong.
[root@star samba]# smbclient -L star -N
added interface ip=192.168.1.1 bcast=192.168.1.255
nmask=255.255.255.0
Anonymous login successful
Domain=[MYGROUP] OS=[Unix] Server=[Samba 2.2.1a]
Sharename Type Comment
--------- ---- -------
tmp Disk Temporary file space
IPC$ IPC IPC Service (Samba
2.2.1a)
ADMIN$ Disk IPC Service (Samba
2.2.1a)
Server Comment
--------- -------
STAR Samba 2.2.1a
Workgroup Master
--------- -------
MYGROUP STAR
[root@star samba]#
I suspect my Samba binary doesn't acctually support
encrypt passwd, but how can I tell if it is or not?
Thanks in advance.
Chimin Yen
__________________________________________________
Do You Yahoo!?
LAUNCH - Your Yahoo! Music Experience
http://launch.yahoo.com
Hi,
I have samba installed on my Linux system
(Red Hat 7.2), and Windows 98 on another PC
as a Samba client. Samba works great
if PlainTextPassword is enabled. However, if
PlainTextPassword is disabled on Windows client,
connection to the Samba shares no longer accepted.
I believe I've done everything in order to make
encrypt passwd working:
(1) I converted passwd to smbpasswd
cat /etc/passwd | mksmbpasswd.sh > smbpasswd
This resulted in a new smbpasswd file:
-rw-r--r-- 1 root root 4202 May 21 12:06 smbpasswd
(2) Here is my /etc/samba/smb.conf file
[global]
workgroup = MYGROUP
security = USER
log file = /var/log/samba-log.%m
lock dir = /var/lock/samba
encrypt passwords = Yes
smb passwd file = /etc/samba/smbpasswd
[homes]
comment = Home Directory
read only = No
create mask = 0750
browseable = No
[tmp]
comment = Temporary file space
path = /tmp
read only = No
Note that the smb.conf file worked in the
PlainTextPasswd mode before the two parameters
were added:
encrypt passwords = Yes
smb passwd file = /etc/samba/smbpasswd
(3) I restarted Samba daemon
/etc/init.d/smb restart
(4) I followed the test steps as outlined in
diagnosis.txt by Andrew Tridgell
But every attempt to connect to the smb server got
denied:
[root@star samba]# smbclient -L star
added interface ip=192.168.1.1 bcast=192.168.1.255
nmask=255.255.255.0
Password:
session setup failed: ERRSRV - ERRbadpw (Bad password
- name/password pair in a
Tree Connect or Session Setup are invalid.)
[root@star samba]#
The following transcript may also be of help in
finding what's wrong.
[root@star samba]# smbclient -L star -N
added interface ip=192.168.1.1 bcast=192.168.1.255
nmask=255.255.255.0
Anonymous login successful
Domain=[MYGROUP] OS=[Unix] Server=[Samba 2.2.1a]
Sharename Type Comment
--------- ---- -------
tmp Disk Temporary file space
IPC$ IPC IPC Service (Samba
2.2.1a)
ADMIN$ Disk IPC Service (Samba 2.2.1a)
Server Comment
--------- -------
STAR Samba 2.2.1a
Workgroup Master
--------- -------
MYGROUP STAR
[root@star samba]#
I suspect my Samba binary doesn't acctually support
encrypt passwd, but how can I tell if it is or not?
Thanks in advance.
Chimin Yen
__________________________________________________
Do You Yahoo!?
LAUNCH - Your Yahoo! Music Experience
http://launch.yahoo.com
chimin yen wrote:> > > * I converted /etc/passwd to /etc/samba/smbpasswd > using mksmbpasswd.sh > script. > > cat /etc/passwd | mksmbpasswd.sh > > smbpasswd >This only creates the entries in smbpasswd but does not assign a password. You need to run the smbpasswd command for each user to correctly set the password. The method of creating passwords on Unix and Windows are not the same and you cannot convert from one to the other so the passwords have to be manually created.> This resulted in a new smbpasswd file: > > -rw------- 1 root root > 4202 May 21 12:06 smbpasswd > > I feel a little uncomfortable about the file > permission, there I change the > mode to 0644 (-rw-r--r--). >This was a bad idea. You do not want anyone but root to be able to access this file (even read-only). Unlike the /etc/passwd file which can be read access by the world, the smbpasswd file must be protected. Because of the way MS encrypts the passwords, gaining access to this file gives you the password equivalent so you can impersonate any user. -- =====================================================================Herb Lewis Silicon Graphics Networking Engineer 1600 Amphitheatre Pkwy MS-510 Strategic Software Organization Mountain View, CA 94043-1351 herb@sgi.com Tel: 650-933-2177 http://www.sgi.com Fax: 650-932-2177 ======================================================================
<...snip...>> > cat /etc/passwd | mksmbpasswd.sh > smbpasswdThis creates an smbpasswd file with blank passwords for each user. You also need to do: smbpasswd <username> for each user to create the actual password used by samba. Finally make sure the smbpasswd file is in the location where samba is looking for it, check your smb.conf. Neil --- Neil Muller Neologix Pty Ltd http://www.neologix.net PO Box 3183, Weston Creek, ACT, 2611, Australia email: neil@neologix.net voice: +61 2 62875900 fax: +61 2 62875911 mob: +61 408 977 976