newbie password file problem? - SMB

This is a discussion on newbie password file problem? - SMB ; I'm trying to set up samba on a linux file server (flavor = Debian 'sarge') for my office. I'm no server admin expert, but I've been through a variety of tutorials and done a lot of googling without luck in ...

+ Reply to Thread
Results 1 to 8 of 8

Thread: newbie password file problem?

  1. newbie password file problem?

    I'm trying to set up samba on a linux file server (flavor = Debian 'sarge')
    for my office. I'm no server admin expert, but I've been through a variety
    of tutorials and done a lot of googling without luck in solving my problem.
    With the instructions at
    http://hr.uoregon.edu/davidrl/samba.html#SAMBA-INSTALL (including the
    password file edits) I was able to set up the server to publicly share a
    folder. However, I'm completely out of luck for allowing users to connect
    to their account folders on the linux box (everyone is connecting from win2k
    or winXP boxes and my smb.conf is set for password encryption). I've tried
    everything I can find online for setting up smb.conf, but samba never seems
    to be able to recognise a username/password pair.

    I'm starting to think my problem is getting samba to use the (proper?)
    password file. Can anyone give advice on troubleshooting password issues?

    In some configurations, it looks like samba is using
    \ as the user name rather than simply the
    input-name..?

    Thanks!
    -Eric




  2. Re: newbie password file problem?

    Eric Peterson wrote:

    > I'm trying to set up samba on a linux file server (flavor = Debian
    > 'sarge')
    > for my office. I'm no server admin expert, but I've been through a
    > variety of tutorials and done a lot of googling without luck in
    > solving my problem. With the instructions at
    > http://hr.uoregon.edu/davidrl/samba.html#SAMBA-INSTALL (including the
    > password file edits) I was able to set up the server to publicly share
    > a
    > folder. However, I'm completely out of luck for allowing users to
    > connect to their account folders on the linux box (everyone is
    > connecting from win2k
    > or winXP boxes and my smb.conf is set for password encryption). I've
    > tried everything I can find online for setting up smb.conf, but samba
    > never seems to be able to recognise a username/password pair.
    >

    Please come back with the global part of your smb.conf.
    Also, have you tried "man smbpasswd", especially the "-a" parameter?

    By default, samba/windows uses a encryption different to unix, so you
    will have two password files. "Unix password sync" only works when you
    change the password under unix/linux, not from windows. You would have
    to change authentication modules (PAM) to allow unix to use the samba
    password hash also.

    --
    Longhorn error#4711: TCPA / NGSCP VIOLATION: Microsoft optical mouse
    detected penguin patterns on mousepad. Partition scan in progress
    to remove offending incompatible products. Reactivate MS software.
    Linux woodpecker.fdns.net 2.6.12-mm2[LinuxCounter#295241,ICQ#4918962]

  3. Re: newbie password file problem?

    I've tried all sorts of configurations. Currently I've left it set to
    publicly share a couple dirs that I want everyone to have access to. My
    dream would be to give public access to a couple directories, user login
    access to a users home directory, and password change by connection through
    ssh using only passwd (not having to manually duplicate the change in
    smbpasswd).

    Current, working, public smb.conf [global]:
    [global]

    encrypt passwords = yes

    guest account = smbguest

    netbios name = Backup

    server string = Backup

    security = share

    socket options = TCP_NODELAY IPTOS_LOWDELAY

    wins support = yes

    workgroup = Heritage

    case sensitive = yes

    preserve case = yes

    short preserve case = yes

    log file = /var/log/samba/log.%m

    max log size = 1000 # in Kb

    --------------
    Recent, not-working, user smb.conf [global]:
    [global]

    encrypt passwords = yes

    netbios name = Backup

    server string = Backup

    security = user

    guest only = no

    guest account = smbguest

    wins support = yes

    socket options = TCP_NODELAY IPTOS_LOWDELAY

    workgroup = Heritage

    smb passwd file = /etc/passwd

    log file = /var/log/samba/log.%m

    max log size = 1000 # in Kb

    load printers = no

    --------------

    Thanks again! -Eric

    "Walter Mautner" wrote in message
    news:2920932.VSgrtlgam4@woodpecker.fdns.net...
    > Eric Peterson wrote:
    >
    > > I'm trying to set up samba on a linux file server (flavor = Debian
    > > 'sarge')
    > > for my office. I'm no server admin expert, but I've been through a
    > > variety of tutorials and done a lot of googling without luck in
    > > solving my problem. With the instructions at
    > > http://hr.uoregon.edu/davidrl/samba.html#SAMBA-INSTALL (including the
    > > password file edits) I was able to set up the server to publicly share
    > > a
    > > folder. However, I'm completely out of luck for allowing users to
    > > connect to their account folders on the linux box (everyone is
    > > connecting from win2k
    > > or winXP boxes and my smb.conf is set for password encryption). I've
    > > tried everything I can find online for setting up smb.conf, but samba
    > > never seems to be able to recognise a username/password pair.
    > >

    > Please come back with the global part of your smb.conf.
    > Also, have you tried "man smbpasswd", especially the "-a" parameter?
    >
    > By default, samba/windows uses a encryption different to unix, so you
    > will have two password files. "Unix password sync" only works when you
    > change the password under unix/linux, not from windows. You would have
    > to change authentication modules (PAM) to allow unix to use the samba
    > password hash also.
    >
    > --
    > Longhorn error#4711: TCPA / NGSCP VIOLATION: Microsoft optical mouse
    > detected penguin patterns on mousepad. Partition scan in progress
    > to remove offending incompatible products. Reactivate MS software.
    > Linux woodpecker.fdns.net 2.6.12-mm2[LinuxCounter#295241,ICQ#4918962]




  4. Re: newbie password file problem?

    Eric Peterson wrote:

    .......
    > --------------
    > Recent, not-working, user smb.conf [global]:
    > [global]
    >
    > encrypt passwords = yes
    >
    > netbios name = Backup
    >
    > server string = Backup
    >
    > security = user
    >
    > guest only = no
    >
    > guest account = smbguest


    That must be a user already (also) existing in linux/unix /etc/passwd,
    preferrably with empty password. If you omit the statement, "nobody" is
    used by default. Common names are "ftp","guest".
    >
    > wins support = yes
    >
    > socket options = TCP_NODELAY IPTOS_LOWDELAY
    >
    > workgroup = Heritage
    >
    > smb passwd file = /etc/passwd


    No. It cannot be the same passwordfile as linux or unix uses, due to a
    different encryption format. Omit that statement.

    >
    > log file = /var/log/samba/log.%m
    >
    > max log size = 1000 # in Kb
    >
    > load printers = no
    >
    > --------------
    >
    > Thanks again! -Eric
    >

    .....
    >> By default, samba/windows uses a encryption different to unix, so you
    >> will have two password files. "Unix password sync" only works when
    >> you change the password under unix/linux, not from windows. You would
    >> have to change authentication modules (PAM) to allow unix to use the
    >> samba password hash also.
    >>

    Now didn't you read that?
    --
    Longhorn error#4711: TCPA / NGSCP VIOLATION: Microsoft optical mouse
    detected penguin patterns on mousepad. Partition scan in progress
    to remove offending incompatible products. Reactivate MS software.
    Linux woodpecker.fdns.net 2.6.12-mm2[LinuxCounter#295241,ICQ#4918962]

  5. Re: newbie password file problem?

    Still trying to solve my Samba problem... I actually started fresh with a
    new installation of Debian 'Sarge' (no GUI). Connecting from a WinXP(home)
    notebook became reliable (for all user logins) only after a file 'smbpasswd'
    appeared in /etc/samba/ and I added all users to it with smbpasswd -a
    [user]. Otherwise I now do not think I have any password problem.

    I started to examine the smbd log file and found that when connecting from
    WinXP, I'm getting "getpeername failed. Error was Transport endpoint is not
    connected." (complete log for one connection attempt is below) In doing
    some searches for keywords in that, I've found a few things to try, but the
    problem remains... Windows XP (pro) can't get a user connection.

    Here is what I've tried:

    "iptables -I INPUT 1 -p tcp --dport 445 -j DROP"
    Result: nothing... ditto with port 139

    add "smb ports = 139" under [globals] in smb.conf
    Result: nothing... ditto with port 445

    add "use sendfile = no" under [globals] in smb.conf
    Result: my one old Win2k box finally connected, but no change for the
    WinXPpro boxes, WinXPhome continues to connect just fine. Oddly, after I
    lost connection from the Win2k box during a restarting of smbd, I could not
    reestablish the connection.



    Also saw one item that implied all computers in the network need to be on
    and reachable (some odd netbios thing?). But that would be unrealistic for
    me.

    Current smb.conf file:

    [global]
    workgroup = [Myworkgroup... yes, I have mixed case]
    security = user
    encrypt passwords = yes
    use sendfile = no

    [homes]
    comment = YOUR OWN FOLDER
    guest ok = no
    read only = no
    browseable = no

    Complete log.smbd for a single connection attempt from WinXPpro box:

    [2005/10/25 13:05:26, 0] lib/util_sock.c:get_peer_addr(1150)
    getpeername failed. Error was Transport endpoint is not connected
    [2005/10/25 13:05:26, 0] lib/util_sock.c:write_socket_data(430)
    write_socket_data: write failure. Error = Connection reset by peer
    [2005/10/25 13:05:26, 0] lib/util_sock.c:write_socket(455)
    write_socket: Error writing 4 bytes to socket 24: ERRNO = Connection reset
    by peer
    [2005/10/25 13:05:26, 0] lib/util_sock.c:send_smb(647)
    Error writing 4 bytes to client. -1. (Connection reset by peer)

    The only other relevant thing I can think of is that I have pretty tight
    iptables for INPUT, but RELATED/ESTABLISHED accpted for anywhere and accept
    all from the specific IP addresses that I'm trying to connect from.

    Thanks for any help!
    -Eric

    "Eric Peterson" wrote in message
    news:RSW4f.317$Lv.76@newssvr24.news.prodigy.net...
    > I'm trying to set up samba on a linux file server (flavor = Debian

    'sarge')
    > for my office. I'm no server admin expert, but I've been through a

    variety
    > of tutorials and done a lot of googling without luck in solving my

    problem.
    > With the instructions at
    > http://hr.uoregon.edu/davidrl/samba.html#SAMBA-INSTALL (including the
    > password file edits) I was able to set up the server to publicly share a
    > folder. However, I'm completely out of luck for allowing users to connect
    > to their account folders on the linux box (everyone is connecting from

    win2k
    > or winXP boxes and my smb.conf is set for password encryption). I've

    tried
    > everything I can find online for setting up smb.conf, but samba never

    seems
    > to be able to recognise a username/password pair.
    >
    > I'm starting to think my problem is getting samba to use the (proper?)
    > password file. Can anyone give advice on troubleshooting password issues?
    >
    > In some configurations, it looks like samba is using
    > \ as the user name rather than simply the
    > input-name..?
    >
    > Thanks!
    > -Eric
    >
    >
    >




  6. Re: newbie password file problem?

    Eric Peterson wrote:

    > Still trying to solve my Samba problem... I actually started fresh
    > with a
    > new installation of Debian 'Sarge' (no GUI). Connecting from a


    Which samba version (smbstatus)?
    You may need the "sign-or-seal" registry hack for XP.

    > WinXP(home) notebook became reliable (for all user logins) only after
    > a file 'smbpasswd' appeared in /etc/samba/ and I added all users to it
    > with smbpasswd -a
    > [user]. Otherwise I now do not think I have any password problem.
    >
    > I started to examine the smbd log file and found that when connecting
    > from
    > WinXP, I'm getting "getpeername failed. Error was Transport endpoint
    > is not
    > connected." (complete log for one connection attempt is below) In
    > doing some searches for keywords in that, I've found a few things to
    > try, but the problem remains... Windows XP (pro) can't get a user
    > connection.
    >

    You are certain the XP firewall doesn't block?
    Try to explicitely disable it for a trial, or at least chek the boxes to
    allow for netbios.

    > Here is what I've tried:
    >
    > "iptables -I INPUT 1 -p tcp --dport 445 -j DROP"


    That would drop all "native smb" packets. No good.

    > Result: nothing... ditto with port 139
    >

    Worse.

    > add "smb ports = 139" under [globals] in smb.conf
    > Result: nothing... ditto with port 445
    >

    They are already there by default.

    .....
    > Also saw one item that implied all computers in the network need to be
    > on
    > and reachable (some odd netbios thing?). But that would be
    > unrealistic for me.
    >

    Not necessary at all.

    > Current smb.conf file:
    >
    > [global]
    > workgroup = [Myworkgroup... yes, I have mixed case]
    > security = user
    > encrypt passwords = yes
    > use sendfile = no
    >
    > [homes]
    > comment = YOUR OWN FOLDER
    > guest ok = no
    > read only = no
    > browseable = no
    >

    Looks fine so far. Now try with "telnet sambaserver 445" and the same
    with 138 from your windows boxen. Same thing in reverse. You have to
    find out what blocks.
    --
    Longhorn error#4711: TCPA / NGSCP VIOLATION: Microsoft optical mouse
    detected penguin patterns on mousepad. Partition scan in progress
    to remove offending incompatible products. Reactivate MS software.
    Linux woodpecker.fdns.net 2.6.12-mm2[LinuxCounter#295241,ICQ#4918962]

  7. Re: newbie password file problem?

    DISCOVERY: on the WinXPhome boxes I can run the command "\\\" and
    login just fine! I'm guessing that we have some odd netbios problem and
    can't resolve hostnames the way samba likes. So I am connecting now, but
    I'd still like to solve the problem and let my users browse to their shares
    through the 'network neighborhood'. So here is my response to Walter's
    questions...

    Currently I have an smb.conf with security = share which also is only
    working for my WinXPhome box, not the WinXPpro boxes, so further evidence
    that the problem has nothing to do with my password files. The connection
    shown below is to that WinXPhome box. All winXP computers have the Windows
    built-in firewall turned completely off. For sake of tight security, I do
    not have telnet on the server. Using 'telnet 445' from windows
    gives me a blank screen and I cannot see any characters I write.

    Backup:/etc/samba# smbstatus

    Samba version 3.0.14a-Debian

    PID Username Group Machine

    -------------------------------------------------------------------

    Service pid machine Connected at

    -------------------------------------------------------

    GISData 3532 10.131.101.211 Wed Oct 26 13:02:11 2005

    "Walter Mautner" wrote in message
    news:1212631.eLazB4Ueqz@woodpecker.fdns.net...
    > Eric Peterson wrote:
    >
    > > Still trying to solve my Samba problem... I actually started fresh
    > > with a
    > > new installation of Debian 'Sarge' (no GUI). Connecting from a

    >
    > Which samba version (smbstatus)?
    > You may need the "sign-or-seal" registry hack for XP.
    >
    > > WinXP(home) notebook became reliable (for all user logins) only after
    > > a file 'smbpasswd' appeared in /etc/samba/ and I added all users to it
    > > with smbpasswd -a
    > > [user]. Otherwise I now do not think I have any password problem.
    > >
    > > I started to examine the smbd log file and found that when connecting
    > > from
    > > WinXP, I'm getting "getpeername failed. Error was Transport endpoint
    > > is not
    > > connected." (complete log for one connection attempt is below) In
    > > doing some searches for keywords in that, I've found a few things to
    > > try, but the problem remains... Windows XP (pro) can't get a user
    > > connection.
    > >

    > You are certain the XP firewall doesn't block?
    > Try to explicitely disable it for a trial, or at least chek the boxes to
    > allow for netbios.
    >
    > > Here is what I've tried:
    > >
    > > "iptables -I INPUT 1 -p tcp --dport 445 -j DROP"

    >
    > That would drop all "native smb" packets. No good.
    >
    > > Result: nothing... ditto with port 139
    > >

    > Worse.
    >
    > > add "smb ports = 139" under [globals] in smb.conf
    > > Result: nothing... ditto with port 445
    > >

    > They are already there by default.
    >
    > ....
    > > Also saw one item that implied all computers in the network need to be
    > > on
    > > and reachable (some odd netbios thing?). But that would be
    > > unrealistic for me.
    > >

    > Not necessary at all.
    >
    > > Current smb.conf file:
    > >
    > > [global]
    > > workgroup = [Myworkgroup... yes, I have mixed case]
    > > security = user
    > > encrypt passwords = yes
    > > use sendfile = no
    > >
    > > [homes]
    > > comment = YOUR OWN FOLDER
    > > guest ok = no
    > > read only = no
    > > browseable = no
    > >

    > Looks fine so far. Now try with "telnet sambaserver 445" and the same
    > with 138 from your windows boxen. Same thing in reverse. You have to
    > find out what blocks.
    > --
    > Longhorn error#4711: TCPA / NGSCP VIOLATION: Microsoft optical mouse
    > detected penguin patterns on mousepad. Partition scan in progress
    > to remove offending incompatible products. Reactivate MS software.
    > Linux woodpecker.fdns.net 2.6.12-mm2[LinuxCounter#295241,ICQ#4918962]




  8. Re: newbie password file problem?

    Eric Peterson wrote:

    > DISCOVERY: on the WinXPhome boxes I can run the command
    > "\\\" and
    > login just fine! I'm guessing that we have some odd netbios problem
    > and
    > can't resolve hostnames the way samba likes. So I am connecting now,
    > but I'd still like to solve the problem and let my users browse to
    > their shares
    > through the 'network neighborhood'. So here is my response to
    > Walter's questions...
    >

    That will be cured when you add "wins support = yes" to your smb.conf
    global section, _and_ under tcpip-advanced settings tab "wins" enter
    it's ip address on any box. In addition, use "domain master = yes" and
    "local master = yes" and "preferred master = yes" to let it win
    browsemaster elections.

    > Currently I have an smb.conf with security = share which also is only
    > working for my WinXPhome box, not the WinXPpro boxes, so further
    > evidence
    > that the problem has nothing to do with my password files. The
    > connection
    > shown below is to that WinXPhome box. All winXP computers have the
    > Windows
    > built-in firewall turned completely off. For sake of tight security,
    > I do
    > not have telnet on the server. Using 'telnet 445' from
    > windows gives me a blank screen and I cannot see any characters I
    > write.
    >

    That's fine, it means there is a connection. Otherwise you would get a
    "connection refused" message.

    > Backup:/etc/samba# smbstatus
    >
    > Samba version 3.0.14a-Debian
    >

    Good.
    --
    Longhorn error#4711: TCPA / NGSCP VIOLATION: Microsoft optical mouse
    detected penguin patterns on mousepad. Partition scan in progress
    to remove offending incompatible products. Reactivate MS software.
    Linux woodpecker.fdns.net 2.6.12-mm2[LinuxCounter#295241,ICQ#4918962]

+ Reply to Thread