Jesus how do u post something, it always comes back :( -----Original Message----- From: Rend, Jon (Jon) % [mailto:rend@agere.com] Sent: Tuesday, October 29, 2002 8:05 AM To: 'samba@lists.samba.org' Subject: [Samba] (no subject) On friday we changed our smb.conf file to test the security model that uses DOMAIN authenticacion. It worked fine testing two seperate usernames from Multiple Workstations connecting to a WORLD access share on the SAMBA server. I have to say nothing has changed at all since friday, apart from the weekend :) and we now get this MS error message when trying to connect the same share again from WINDOWS: "The account is not authorized to log in from this station" Just to confirm that on both WorkStations no network shares existed when we tried again today? Should I update to the latest version of SAMBA and include the and/or parameter Trusted Domains = yes wlthough I believe this is default (we are in a trusted DOMAIN)????? This is an example of our smb.conf file: ++++++++++ Our Version = Samba 2.2.0 on Solairs 8.0 # BROWSING workgroup = VTC server string = mn01m0008.agere.com announce as = NT local master = no preferred master = no domain master = no os level = 33 wins server = 135.149.49.50 remote announce = 135.149.49.50 # AUTHENTICATION password server = * # security=server security = domain # encrypt passwords = yes ++++++++++ Any help would be truly GREAT, even the NT boyz are stumped?????? Jon :-) agere systems Office 651-675-3064* 1230 Northland DriveF Cell Phone 651-253-3703 Mendota, MN 55120 mailto: rend@agere.com * -------------- next part -------------- HTML attachment scrubbed and removed
>----- Original Message ----- >From: Rend, Jon (Jon) % >To: samba@samba.org >Sent: Tuesday, October 29, 2002 2:23 PM >Subject: FW: [Samba] (no subject) > > >Jesus how do u post something, it always comes back :(Of course it comes back.. It's a mailing list. PS this is a SAMBA (Linux) group, posting in HTML makes baby jesus cry :) Shaolin - IT Systems WB Ltd. .: http://www.security-forums.com :.
OK, I'm just a thick bod sometimes. I remembered 1 thing I changed which I thought was only relevant if the SAMBA server was authenticating and using it's smb passwd file, which I'm not. I commented out: encrypted passwords = yes Now it all works again now I have uncommented it. Can someone enlighten me why this is relevant if my DOMAIN Controller is doing the authentication which is an NT Box, shame on it. I'll tell you I commented it out and I get the original problem. Weird. -----Original Message----- From: Rend, Jon (Jon) % Sent: Tuesday, October 29, 2002 8:23 AM To: samba@samba.org Subject: FW: [Samba] (no subject) Jesus how do u post something, it always comes back :( -----Original Message----- From: Rend, Jon (Jon) % [mailto:rend@agere.com] Sent: Tuesday, October 29, 2002 8:05 AM To: 'samba@lists.samba.org' Subject: [Samba] (no subject) On friday we changed our smb.conf file to test the security model that uses DOMAIN authenticacion. It worked fine testing two seperate usernames from Multiple Workstations connecting to a WORLD access share on the SAMBA server. I have to say nothing has changed at all since friday, apart from the weekend :) and we now get this MS error message when trying to connect the same share again from WINDOWS: "The account is not authorized to log in from this station" Just to confirm that on both WorkStations no network shares existed when we tried again today? Should I update to the latest version of SAMBA and include the and/or parameter Trusted Domains = yes wlthough I believe this is default (we are in a trusted DOMAIN)????? This is an example of our smb.conf file: ++++++++++ Our Version = Samba 2.2.0 on Solairs 8.0 # BROWSING workgroup = VTC server string = mn01m0008.agere.com announce as = NT local master = no preferred master = no domain master = no os level = 33 wins server = 135.149.49.50 remote announce = 135.149.49.50 # AUTHENTICATION password server = * # security=server security = domain # encrypt passwords = yes ++++++++++ Any help would be truly GREAT, even the NT boyz are stumped?????? Jon :-) agere systems Office 651-675-3064* 1230 Northland DriveF Cell Phone 651-253-3703 Mendota, MN 55120 mailto: rend@agere.com * -------------- next part -------------- HTML attachment scrubbed and removed
Jon, I think that the "encrypt passwords" option is what controls how Samba interacts with the client. It is necessary to make the clients use encrypted passwords when Samba is relaying authentication to a domain controller because those are the only kind of password credentials the domain controller likes (by default, I think). If you don't force the client to use encrypted passwords, you relay clear text stuff to the domain controller, which rejects it, and then Samba is obligated to reject the client connection. I hope that's right, understandable, and helpful. Good luck, Troy>>> "Rend, Jon (Jon) %" <rend@agere.com> 10/29/02 08:58AM >>>OK, I'm just a thick bod sometimes. I remembered 1 thing I changed which I thought was only relevant if the SAMBA server was authenticating and using it's smb passwd file, which I'm not. I commented out: encrypted passwords = yes Now it all works again now I have uncommented it. Can someone enlighten me why this is relevant if my DOMAIN Controller is doing the authentication which is an NT Box, shame on it. I'll tell you I commented it out and I get the original problem. Weird. -----Original Message----- From: Rend, Jon (Jon) % Sent: Tuesday, October 29, 2002 8:23 AM To: samba@samba.org Subject: FW: [Samba] (no subject) Jesus how do u post something, it always comes back :( -----Original Message----- From: Rend, Jon (Jon) % [mailto:rend@agere.com] Sent: Tuesday, October 29, 2002 8:05 AM To: 'samba@lists.samba.org' Subject: [Samba] (no subject) On friday we changed our smb.conf file to test the security model that uses DOMAIN authenticacion. It worked fine testing two seperate usernames from Multiple Workstations connecting to a WORLD access share on the SAMBA server. I have to say nothing has changed at all since friday, apart from the weekend :) and we now get this MS error message when trying to connect the same share again from WINDOWS: "The account is not authorized to log in from this station" Just to confirm that on both WorkStations no network shares existed when we tried again today? Should I update to the latest version of SAMBA and include the and/or parameter Trusted Domains = yes wlthough I believe this is default (we are in a trusted DOMAIN)????? This is an example of our smb.conf file: ++++++++++ Our Version = Samba 2.2.0 on Solairs 8.0 # BROWSING workgroup = VTC server string = mn01m0008.agere.com announce as = NT local master = no preferred master = no domain master = no os level = 33 wins server = 135.149.49.50 remote announce = 135.149.49.50 # AUTHENTICATION password server = * # security=server security = domain # encrypt passwords = yes ++++++++++ Any help would be truly GREAT, even the NT boyz are stumped?????? Jon :-) agere systems Office 651-675-3064* 1230 Northland DriveF Cell Phone 651-253-3703 Mendota, MN 55120 mailto: rend@agere.com *