Hi all This is a question about a very old version of Samba - 2.2.7a. Hope that is ok. I have an old machine running Redhat 9, which ships with 2.2.7a. I have some old software that needs RH9, but I want to move it to a newer machine, so I am trying to reinstall RH9 on a new hdd, and set up Samba at the same time. I still have the old machine, and Samba is working, but I cannot get it working on the new one. I only want to map home directories. I tried to set up a new home directory on the old machine, and that would not work either. I have just spent hours trying to spot the difference between the old, working, home directory, and the new, non-working one. I have just spotted it, and whoever set up the original machine obviously had the same problem, but then found a 'cheat' solution. The problem is that , whatever I try, if a Windows machine tries to connect, I get 'smb_pam_auth' failed. The trick that was used to get around this was to edit /etc/passwd and remove the 'x' in the second parameter from the user's entry, which means that the user can log in on the Unix side without a password. There is an smb password, and the Windows client has to supply this password, but it can then see the home directory without a problem. I can use the same trick on the new machine - it is not exposed to the internet, so it is not a security risk. However, I would much prefer to understand the problem and fix it properly. The only changes I have made to smb.conf are to change the workgroup name and the server string, and to uncomment the line that enables mapping of Unix user names to SMB user names. Both client and server use encrypted passwords. Security mode is 'user'. The workstation is running Windows7, but I am pretty sure I had the same problem with Windows XP and Server 2003. Any suggestions will be much appreciated. Frank Millman
Am 04.10.2015 um 13:20 schrieb Frank Millman:> This is a question about a very old version of Samba - 2.2.7a. Hope that > is ok. > > I have an old machine running Redhat 9, which ships with 2.2.7a. I have > some old software that needs RH9, but I want to move it to a newer > machine, so I am trying to reinstall RH9 on a new hdd, and set up Samba > at the same time.ouch why not virtualize the existing setup http://libguestfs.org/virt-v2v/> The problem is that , whatever I try, if a Windows machine tries to > connect, I get 'smb_pam_auth' failed. The trick that was used to get > around this was to edit /etc/passwd and remove the 'x' in the second > parameter from the user's entry, which means that the user can log in on > the Unix side without a password. There is an smb password, and the > Windows client has to supply this password, but it can then see the home > directory without a problem. > > I can use the same trick on the new machine - it is not exposed to the > internet, so it is not a security risk. However, I would much prefer to > understand the problem and fix it properlythis is proper behavior samba needs the smbpasswd for login and at the same time the pyhsical user under which the worker process is running on the host you can use a random password for the unix account and even disable the shell, the only relevant password in context of samba is the one set with "smbpasswd" in fact that's how fileserver accounts are setup here both, samba and netatalk are fine with that the only difference: netatalk is using the unix account password and so in doubt set "smbpasswd" and "passwd" for the user to the same and just disable the shell reindl:x:1028:2000:Harald Reindl:/storage/users/reindl:/sbin/nologin -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20151004/282227bf/signature.sig>
On 04/10/15 12:20, Frank Millman wrote:> Hi all > > This is a question about a very old version of Samba - 2.2.7a. Hope > that is ok. > > I have an old machine running Redhat 9, which ships with 2.2.7a. I > have some old software that needs RH9, but I want to move it to a > newer machine, so I am trying to reinstall RH9 on a new hdd, and set > up Samba at the same time. > > I still have the old machine, and Samba is working, but I cannot get > it working on the new one. I only want to map home directories. I > tried to set up a new home directory on the old machine, and that > would not work either. I have just spent hours trying to spot the > difference between the old, working, home directory, and the new, > non-working one. I have just spotted it, and whoever set up the > original machine obviously had the same problem, but then found a > 'cheat' solution. > > The problem is that , whatever I try, if a Windows machine tries to > connect, I get 'smb_pam_auth' failed. The trick that was used to get > around this was to edit /etc/passwd and remove the 'x' in the second > parameter from the user's entry, which means that the user can log in > on the Unix side without a password. There is an smb password, and the > Windows client has to supply this password, but it can then see the > home directory without a problem. > > I can use the same trick on the new machine - it is not exposed to the > internet, so it is not a security risk. However, I would much prefer > to understand the problem and fix it properly. > > The only changes I have made to smb.conf are to change the workgroup > name and the server string, and to uncomment the line that enables > mapping of Unix user names to SMB user names. Both client and server > use encrypted passwords. Security mode is 'user'. > > The workstation is running Windows7, but I am pretty sure I had the > same problem with Windows XP and Server 2003. > > Any suggestions will be much appreciated. > > Frank Millman > > >Just what software is it that forces the use of a 12 year old distro and using a long dead version of Samba? Can you not find something a bit newer to do the same thing? The problem is that whilst you may be able to make it work now, microsoft may come along and change windows so that it doesn't. You will probably be better off trying to find newer software. Rowland
"Reindl Harald" wrote in message news:56110F09.9080909 at thelounge.net... Thanks for the reply Harald, but I am afraid I don’t really understand. I am no expert in these matters, so I am not sure of the correct terminology. You talk about 'disabling the shell'. Do you mean create a second account for the user, with no Unix password and no login, and use that for Samba? I can see that that could work, but is it necessary? I am using a much later version of Samba (4.2.2) on Fedora 22, and that 'just works'. I have a user account that I can log into, and I can access the same home directory from Windows using Samba. Are you saying that there was a restriction in older versions of Samba that prevented you from doing that? Frank -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
> "Rowland Penny" wrote in message news:561110D0.3050401 at gmail.com... > On 04/10/15 12:20, Frank Millman wrote: > > Hi all > > > > This is a question about a very old version of Samba - 2.2.7a. Hope that > > is ok. > >[...]> > > > Just what software is it that forces the use of a 12 year old distro and > using a long dead version of Samba? > > Can you not find something a bit newer to do the same thing? > > The problem is that whilst you may be able to make it work now, microsoft > may come along and change windows so that it doesn't. You will probably be > better off trying to find newer software. >Fair comment, but the fact is that it is some legacy software that I am trying to get rid of, but it always takes longer than you hope, so I have to keep it hanging around for a while longer. If there is no other solution, I will try to implement Harald's suggestion. Thanks Frank