I apologize up front for re-posting this, but I need to find a solution to this problem. I have been having hard time to believe that there isn't one person among the SMB gurus that doesn't know how a W2K client connects to an SMB server. So, if you happen to know even the slightest hint to this baffling problem, I would be forever grateful. OK. Here goes (original subject line was: "Why does a W2K (pro) client do more than it is asked to do?") Desperate to find out why connecting to a samba share(on an AIX server) from W2K is so slow, I tried connecting to the same share from a Linux box, using smbclient: smbclient \\\\aixserver\\sharedir$ -U lynn The results were amazing. The connection was so MUCH FASTER then connecting from a W2K (pro) workstation: \\aixserver\sharedir$ (in the Start|Run edit box) When I examined the samba log files on the server, I could see why. The log file for the Linux client contained a single entry: [2004/02/23 11:55:35, 1] smbd/service.c:make_connection(636) linuxbox (192.168.0.4) connect to service sharedir$ as user lynn (uid=21776, gid=1) (pid 125438) So clean, so elegant, so beautiful! :) OTOH, the log file for the W2K client contained an entry similar to the above, but was immediately followed by about 30 messages of the form: [2004/02/23 11:59:03, 0] smbd/password.c:user_ok(683) rejected user nobody:3004-302 Your account has expired; please see the system administrator. Now... my question: Why? What does the W2K client do that triggers this barrage of rejected authentications of a user 'nobody' (that is clearly not allowed to enter)? More importantly, is there a way to configure EITHER the W2K client or the Samba server (or both) to not waste time on these unallowed accesses? Since smbclient produces such a clean entry, I would assume the fix must be on the client side (W2K) only. But I would take any advice. :) Please note that I am not allowed (in my corporate environment) to enable the guest account on this machine. Therefore, the solution must not involve enabling the guest account (if there is such a solution). My smb.conf global section has security=user (actually no 'security' entry, it simply takes the default, which is 'user'). The settings of the share are: [sharedir$] comment = %h shared dir path = /home/shared valid users = +sambagrp techsup browseable = No That's it. Any other settings are implied by taking the defaults. User account 'lynn' is a member of the group 'sambagrp' and as you can see from the original posting, it successfully authenticates from both a W2K client and a Linux client. 'techsup' is a special user account (may or may not be a member of 'sambagrp'). I hope this can give further clues to solving the mystery. Thanks in advance, Lynn (Samba 2.2.8a on AIX 5.1) __________________________________ Do you Yahoo!? Yahoo! Search - Find what you’re looking for faster http://search.yahoo.com
Read "Implemeting CIFS", freely avaiblable in the web. =) On Fri, 2004-03-05 at 14:00, Linux Lover wrote:> I apologize up front for re-posting this, but I need > to find a solution to this problem. I have been having > hard time to believe that there isn't one person among > the SMB gurus that doesn't know how a W2K client > connects to an SMB server. So, if you happen to know > even the slightest hint to this baffling problem, I > would be forever grateful. > > OK. Here goes (original subject line was: "Why does a > W2K (pro) client do more than it is asked to do?") > > Desperate to find out why connecting to a samba > share(on an AIX server) from W2K is so slow, I tried > connecting to the same share from a Linux box, using > smbclient: > > smbclient \\\\aixserver\\sharedir$ -U lynn > > The results were amazing. The connection was so MUCH > FASTER then connecting from a W2K (pro) workstation: > > \\aixserver\sharedir$ (in the Start|Run edit box) > > > When I examined the samba log files on the server, I > could see why. > > The log file for the Linux client contained a single > entry: > > [2004/02/23 11:55:35, 1] > smbd/service.c:make_connection(636) linuxbox > (192.168.0.4) connect to service sharedir$ as user > lynn (uid=21776, gid=1) (pid 125438) > > So clean, so elegant, so beautiful! :) > > OTOH, the log file for the W2K client contained an > entry similar to the above, but was immediately > followed by about 30 messages of the form: > > [2004/02/23 11:59:03, 0] smbd/password.c:user_ok(683) > rejected user nobody:3004-302 Your account has > expired; please see the system administrator. > > Now... my question: Why? What does the W2K client do > that triggers this barrage of rejected authentications > of a user 'nobody' (that is clearly not allowed to > enter)? > > More importantly, is there a way to configure EITHER > the W2K client or the Samba server (or both) to not > waste time on these unallowed accesses? > > Since smbclient produces such a clean entry, I would > assume the fix must be on the client side (W2K) only. > But I would take any advice. :) > > Please note that I am not allowed (in my corporate > environment) to enable the guest account on this > machine. Therefore, the solution must not involve > enabling the guest account (if there is such a > solution). > > My smb.conf global section has security=user (actually > no 'security' entry, it simply takes the default, > which is 'user'). > > The settings of the share are: > > [sharedir$] > comment = %h shared dir > path = /home/shared > valid users = +sambagrp techsup > browseable = No > > That's it. Any other settings are implied by taking > the defaults. User account 'lynn' is a member of the > group 'sambagrp' and as you can see from the original > posting, it successfully authenticates from both a W2K > client and a Linux client. 'techsup' is a special user > account (may or may not be a member of 'sambagrp'). > > I hope this can give further clues to solving the > mystery. > > > Thanks in advance, > Lynn (Samba 2.2.8a on AIX 5.1) > > __________________________________ > Do you Yahoo!? > Yahoo! Search - Find what youre looking for faster > http://search.yahoo.com-- |...........................................................| |____ _____ ____ _ |Victor Medina M | |\ \ \| ____| _ \ / \ |Linux - Java - MySQL | | \ \ \ _| | |_) / _ \ |Dpto. Sistemas - Ferreteria EPA | | / / / |___| __/ ___ \ |linux@epa.com.ve | |/_/_/|_____|_| /_/ \_\|ext. 325 - T?l: +58-241-8507325 | | |geek by nature - linux by choice | |...........................................................|
On Fri, Mar 05, 2004 at 10:00:33AM -0800, Linux Lover wrote:> I apologize up front for re-posting this, but I need > to find a solution to this problem. I have been having > hard time to believe that there isn't one person among > the SMB gurus that doesn't know how a W2K client > connects to an SMB server. So, if you happen to know > even the slightest hint to this baffling problem, I > would be forever grateful.The problem is that the people who know why the Win2k redirector does all these things work at Microsoft. And they're not answering any questions. We know how the protocol works, and why the clients *shouldn't* do these stupid things, but only Microsoft knows why it does. They aren't telling and it seems that no one (including the US DoJ and the EU) can make them tell people why.... Jeremy.
> > >[2004/02/23 11:59:03, 0] smbd/password.c:user_ok(683) >rejected user nobody:3004-302 Your account has >expired; please see the system administrator. >Have you tried setting up a proper guest account, instead of nobody? Either change the guest account setting in smb.conf or the nobody user on your AIX machine. -- Steven Kurylo