Linux Lover
2004-Mar-04 21:54 UTC
[Samba] Why does a W2K (pro) client do more than it is asked to do?
Desperate to find out why connecting to a samba share(on an AIX server) from W2K is so slow, I tried connecting to the same share from a Linux box, using smbclient: smbclient \\\\aixserver\\sharedir$ -U lynn The results were amazing. The connection was so MUCH FASTER then connecting from a W2K (pro) workstation: \\aixserver\sharedir$ (in the Start|Run edit box) When I examined the samba log files on the server, I could see why. The log file for the Linux client contained a single entry: [2004/02/23 11:55:35, 1] smbd/service.c:make_connection(636) linuxbox (192.168.0.4) connect to service sharedir$ as user lynn (uid=21776, gid=1) (pid 125438) So clean, so elegant, so beautiful! :) OTOH, the log file for the W2K client contained an entry similar to the above, but was immediately followed by about 30 messages of the form: [2004/02/23 11:59:03, 0] smbd/password.c:user_ok(683) rejected user nobody:3004-302 Your account has expired; please see the system administrator. Now... my question: Why? What does the W2K client do that triggers this barrage of rejected authentications of a user 'nobody' (that is clearly not allowed to enter)? More importantly, is there a way to configure EITHER the W2K client or the Samba server (or both) to not waste time on these unallowed accesses? Since smbclient produces such a clean entry, I would assume the fix must be on the client side (W2K) only. But I would take any advice. :) Thanks in advance, Lynn (Samba 2.2.8a on AIX 5.1) __________________________________ Do you Yahoo!? Yahoo! Search - Find what you’re looking for faster http://search.yahoo.com
Rashkae
2004-Mar-04 22:14 UTC
[Samba] Why does a W2K (pro) client do more than it is asked to do?
Why W2k is trying to connect as guest is anyone's guess... But regardless, your problems will probably go away once you have a valid guest account... Find out what the Unix user for your guest account is, (Samba defaults to nobody) and set the guest accout option in smb.conf. On Thu, Mar 04, 2004 at 01:53:55PM -0800, Linux Lover wrote:> Desperate to find out why connecting to a samba > share(on an AIX server) from W2K is so slow, I tried > connecting to the same share from a Linux box, using > smbclient: > > smbclient \\\\aixserver\\sharedir$ -U lynn > > The results were amazing. The connection was so MUCH > FASTER then connecting from a W2K (pro) workstation: > > \\aixserver\sharedir$ (in the Start|Run edit box) > > > When I examined the samba log files on the server, I > could see why. > > The log file for the Linux client contained a single > entry: > > [2004/02/23 11:55:35, 1] > smbd/service.c:make_connection(636) linuxbox > (192.168.0.4) connect to service sharedir$ as user > lynn (uid=21776, gid=1) (pid 125438) > > So clean, so elegant, so beautiful! :) > > OTOH, the log file for the W2K client contained an > entry similar to the above, but was immediately > followed by about 30 messages of the form: > > [2004/02/23 11:59:03, 0] smbd/password.c:user_ok(683) > rejected user nobody:3004-302 Your account has > expired; please see the system administrator. > > Now... my question: Why? What does the W2K client do > that triggers this barrage of rejected authentications > of a user 'nobody' (that is clearly not allowed to > enter)? > > More importantly, is there a way to configure EITHER > the W2K client or the Samba server (or both) to not > waste time on these unallowed accesses? > > Since smbclient produces such a clean entry, I would > assume the fix must be on the client side (W2K) only. > But I would take any advice. :) > > Thanks in advance, > Lynn (Samba 2.2.8a on AIX 5.1) > > > __________________________________ > Do you Yahoo!? > Yahoo! Search - Find what you?re looking for faster > http://search.yahoo.com > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba
Van Sickler, Jim
2004-Mar-05 18:55 UTC
[Samba] Why does a W2K (pro) client do more than it is asked to do?
Lynn, Does your smb.conf have an entry similar to: username map = /etc/samba/smbusers If so, does the file "smbusers" exist? Do you have user accounts on both the AIX box and the W2k box? They'd be mapped in smbusers, AIX_acct=W2k_acct Have you added your users to it (smbusers)? e.g. lynn=lynn or lynnx=lynn or lynn=lynnx nobody=smb_nobody (in smb.conf, add "guest account=smb_nobody") etc. Hope this helps, Jim> -----Original Message----- > From: Linux Lover [mailto:linuxlover992000@yahoo.com] > Sent: Thursday, March 04, 2004 2:54 PM > To: samba@lists.samba.org > Subject: [Samba] Why does a W2K (pro) client do more than it > is asked to > do? > > > Desperate to find out why connecting to a samba > share(on an AIX server) from W2K is so slow, I tried > connecting to the same share from a Linux box, using > smbclient: > > smbclient \\\\aixserver\\sharedir$ -U lynn > > The results were amazing. The connection was so MUCH > FASTER then connecting from a W2K (pro) workstation: > > \\aixserver\sharedir$ (in the Start|Run edit box) > > > When I examined the samba log files on the server, I > could see why. > > The log file for the Linux client contained a single > entry: > > [2004/02/23 11:55:35, 1] > smbd/service.c:make_connection(636) linuxbox > (192.168.0.4) connect to service sharedir$ as user > lynn (uid=21776, gid=1) (pid 125438) > > So clean, so elegant, so beautiful! :) > > OTOH, the log file for the W2K client contained an > entry similar to the above, but was immediately > followed by about 30 messages of the form: > > [2004/02/23 11:59:03, 0] smbd/password.c:user_ok(683) > rejected user nobody:3004-302 Your account has > expired; please see the system administrator. > > Now... my question: Why? What does the W2K client do > that triggers this barrage of rejected authentications > of a user 'nobody' (that is clearly not allowed to > enter)? > > More importantly, is there a way to configure EITHER > the W2K client or the Samba server (or both) to not > waste time on these unallowed accesses? > > Since smbclient produces such a clean entry, I would > assume the fix must be on the client side (W2K) only. > But I would take any advice. :) > > Thanks in advance, > Lynn (Samba 2.2.8a on AIX 5.1) > > > __________________________________ > Do you Yahoo!? > Yahoo! Search - Find what you're looking for faster > http://search.yahoo.com > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >
Van Sickler, Jim
2004-Mar-05 21:07 UTC
[Samba] Why does a W2K (pro) client do more than it is asked to do?
Lynn, Since I don't see "Encrypt Passwords = No" in your smb.conf, I'm pretty sure that you're using encrypted passwords. Run testparm, and look for the "Encrypt Passwords = " entry, just to be sure. Having the users mapped in the smbusers will take care of the prompt. If you want to map drives using a different user name, this might make it easier. If mary is logged in, but wants to map a drive as lynn, as long as smbusers has entries for both mary & lynn, it should work. W9x PCs will do that, I think, if you include /user with the "net use" command. You can try adding the users to the smbusers file, without creating an AIX account for them. The see if they can access the share without being prompted for the password. If that works, see if they can map a drive using a different user name. Jim> -----Original Message----- > From: Linux Lover [mailto:linuxlover992000@yahoo.com] > Sent: Friday, March 05, 2004 12:43 PM > To: Van Sickler, Jim; samba@lists.samba.org > Subject: RE: [Samba] Why does a W2K (pro) client do more than it is > asked to do? > > > --- "Van Sickler, Jim" <vansickj-eodc@kaman.com> > wrote: > > Lynn, > > Does your smb.conf have an entry similar to: > > username map = /etc/samba/smbusers > > Jim, thanks. This is my *entire* smb.conf file > (created by SWAT): > > ##################################################### > # Samba config file created using SWAT > # from winclient.mydomain.com (192.168.0.5) > # Date: 2004/02/05 14:02:56 > > # Global parameters > [global] > workgroup = MYGROUP > netbios name = AIXSERVER > server string = Samba %V on %h > admin log = Yes > log level = 1 > log file = /usr/local/samba/logs/%U.%m.log > preferred master = No > domain master = No > hosts allow = 192.168. > > [sharedir$] > comment = %h shared dir > path = /home/shared > valid users = +sambagrp techsup > browseable = No > ##################################################### > > So, I guess I don't have such an entry. Do I need one? > I thought it's not necessary since the W2K client > prompts the user anyway to enter username and > password. One of the good things about W2K (vs. w9x) > is that you can be logged into the W2K client as > 'mary', but authenticate to the samba server as > 'fred'. > > > Do you have user accounts on both the AIX > > box and the W2k box? They'd be mapped > > in smbusers, AIX_acct=W2k_acct > > Again, no need - I am counting on the W2K client to > prompt for password if that particular username not > found in /etc/password (at the moment I *don't* use > encrypted passwords - I will cross that bridge when I > solve this problem first). > > > BTW, I increased the log level to 3 and noticed the > first occurrence of 'nobody' in the log after I type > my username and password: > > ----------------------------------------------------- > [2004/03/05 13:22:07, 3] > smbd/sec_ctx.c:set_sec_ctx(349) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 > [2004/03/05 13:22:07, 3] > smbd/reply.c:reply_sesssetup_and_X(880) > Domain=[] NativeOS=[Windows 2000 2195] > NativeLanMan=[Windows 2000 5.0] > [2004/03/05 13:22:07, 3] > smbd/reply.c:reply_sesssetup_and_X(890) > sesssetupX:name=[] > [2004/03/05 13:22:07, 3] > smbd/sec_ctx.c:push_sec_ctx(312) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 > [2004/03/05 13:22:07, 3] > smbd/uid.c:push_conn_ctx(310) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 > [2004/03/05 13:22:07, 3] > smbd/sec_ctx.c:set_sec_ctx(349) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 > [2004/03/05 13:22:08, 3] > smbd/sec_ctx.c:get_current_groups(183) > get_current_groups: user is in 1 groups: -2 > [2004/03/05 13:22:08, 3] > smbd/sec_ctx.c:pop_sec_ctx(493) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 > [2004/03/05 13:22:08, 3] > smbd/sec_ctx.c:get_current_groups(183) > get_current_groups: user is in 1 groups: -2 > [2004/03/05 13:22:08, 3] > smbd/password.c:register_vuid(361) > uid -2 registered to name nobody > ----------------------------------------------------- > > Which brings the question: what is register_vuid()? > and uid -2 is being sent by W2K? (my uid is 21776) > > > Thanks, > Lynn > > __________________________________ > Do you Yahoo!? > Yahoo! Search - Find what you're looking for faster > http://search.yahoo.com >
Possibly Parallel Threads
- SMB gurus: please help - I am desperate.
- Hardware that can ring my phone?
- [PATCH] tools: specify datadir for qemu-xen build to fix firmware loading
- [mntent]: line x in /etc/fstab is bad
- [PATCH 0 of 1 v2] tools: honour --libdir when it is passed to ./configure