HPE Community
Operating System - HP-UX
1820636 Members
1867 Online
109626 Solutions
New Discussion юеВ

Authentication problem with CIFS (Samba) from Windows

 
Victor_101
Regular Advisor

тАО10-09-2004 03:28 AM

тАО10-09-2004 03:28 AM

Authentication problem with CIFS (Samba) from Windows

hi Guys,
I am trying to configure samba for share type of security. My scenario is HP-UX 11i on rp2470 servers where i setup the samba server and the clients are all windows xp/windows2000 who are all part of an ntdomain (joined) . i do not wish to make my unix server a member server of the domain. I want the users to access these shares by just entering a password when they want to use the shared file.. I was able to create one folder and enable the guest access hence all users can just browse this folder from any windowsXP of Win2000 client. Now i want to make the access user specific. I tried setting the attribute for guest and set valid users to sambauser on which also exists in my Unix users group. At the same time this sambauser is also a valid user on my ntdomain. i tried several things . but to no avail. i can see the folder is shared but when i double-click it pops up a dialog box asking for authentication . that too it fades out the username box forcing me to login with the unixserver\guest accnt prompting only for password. So i went to network neighbourhood and tried to map the drive where i can specify to log on using a different username and password.. but it looks like the system is accepting this authentication .. but immediately afterwards it pops up the same " invalid username or password " dialog box asking for "unixserver\guest" password ..
please help!!!
0 Kudos
Reply
8 REPLIES 8
Darren Prior
Honored Contributor

тАО10-11-2004 04:15 AM

тАО10-11-2004 04:15 AM

Re: Authentication problem with CIFS (Samba) from Windows

Hi Victor,

Personally I wouldn't use share level security. You could consider using user level security, and having a number of users defined, especially if you are only defining a single share.

I recommend you take a read of the O'Reilly Using Samba book for more discussion of how share level security works.

regards,

Darren.
Calm down. It's only ones and zeros...
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО10-11-2004 05:23 AM

тАО10-11-2004 05:23 AM

Re: Authentication problem with CIFS (Samba) from Windows

Seems a simple way to provide security without the hp box joining the domain is a different security approach.

set up id's for the users with useradd, change the passwords and:

smbpasswd -a

Make sure the user and group assigned to the user have adequate permissions to the share.

The windows user may need to do a machine search for the IP address of the rp2470 server. Then they will need to click in and answer the userid/password challenge with the userid/password you assigned.

It will be possible to map network drives and even have users cache the password on their local machine or roaming profile.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Victor_101
Regular Advisor

тАО10-11-2004 05:15 PM

тАО10-11-2004 05:15 PM

Re: Authentication problem with CIFS (Samba) from Windows

Hi Steve,
I have done all that you have mentioned which is pretty straightfoward from any manual on SAMBA (HP and O'Rielly) but it just keeps asking for a guest Login everytime.. says 'Invalid user or Password' then pops up a dialog box prompting for guest password on the HP box.. where the user name is greyed out allowing me only to enter a password.
Darren ,
I did try user security but didn't actually go indepth there since I was convinced that share security was what I needed. Will look at it today and get back to you guys.
I will assign points once I make some headway that way I can assign the points right.
thanx guys..keep em coming..
0 Kudos
Reply
BONNAFOUS Jean Marc
Trusted Contributor

тАО10-12-2004 01:46 AM

тАО10-12-2004 01:46 AM

Re: Authentication problem with CIFS (Samba) from Windows

Hi,

Be aware with encryption problems between XP/W2K clients and HP-UX samba server.

The problem when if you want to use /etc/passwd users for SAMBA, you must choose option: 'encrypt passwords = NO ' in SAMBA configuration but Windows OS crypt password by default. You can configure Windows for no crypt password (HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\VNETSUP for W95 and W98, HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\Rdr\Parameters for WNT, W2000 or WXP. Add DWORD key 'EnablePlainTextPassword' with value = 1).
This works well with W95 and W98, but W2000 and XP crypt already password when you open session. You can connect SAMBA ressources like with W98 and W95 AFTER session is opening but you must enter user and password again one time.

Best solution is using 'encrypt password = yes' but with this option you can't use /etc/passwd for SAMBA users. You must use SAMBA password file. The two files are independant and you must manage twice.


See: http://samba.linuxbe.org/fr/samba/learn/encryption.html. (In french).
http://sambafr.idealx.org/samba/docs/man/Samba-Guide/

Rgds
JMB
Si vous ne faites jamais de b├йtises, c'est que vous ne faites rien de difficile. Et ├зa c'est une grosse b├йtise.
0 Kudos
Reply
Geoff Wild
Honored Contributor

тАО10-12-2004 01:56 AM

тАО10-12-2004 01:56 AM

Re: Authentication problem with CIFS (Samba) from Windows

Myself, I use SECURITY=SERVER and password server = domaincontroller1, domaincontroller2, domaincontroller3, domaincontroller4

That way authentication comes from the Windows world - I also use username.map file to map nt id's to unix.

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
BONNAFOUS Jean Marc
Trusted Contributor

тАО10-12-2004 01:59 AM

тАО10-12-2004 01:59 AM

Re: Authentication problem with CIFS (Samba) from Windows

Hi again,


Problem can be cause by domain authentification (users from others domain than domain of the server)
See the following threads:
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=108319
and
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=104833
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=694825

Rgds
JMB
Si vous ne faites jamais de b├йtises, c'est que vous ne faites rien de difficile. Et ├зa c'est une grosse b├йtise.
0 Kudos
Reply
Prashant Zanwar_4
Respected Contributor

тАО10-12-2004 02:05 AM

тАО10-12-2004 02:05 AM

Re: Authentication problem with CIFS (Samba) from Windows

Hey,
I have also setup samba for users in my old setup. All I had to do was create user ID's for users on Unix side and after that I did

smbpasswd -s username passwd.
appropriate permissions to folder in quiestion. I have just gave write level permissions to user read/write=true & guest account=ok
I have managed all this using SWAT.
I havent done a share level access, it was a user which i had created, which group of users used as a share folder.
First time it will ask for password everytime you access. You can map this also using same NT technique:

run \\servername\
give username
& password

which shall be alright. then. I dont know if a trusting has to be there from NT side. There shall be some way for adding this to trusted list of server as microsoft does.

Hope this helps somewhere.

Thanks
Prashant
"Intellect distinguishes between the possible and the impossible; reason distinguishes between the sensible and the senseless. Even the possible can be senseless."
0 Kudos
Reply
Prashant Zanwar_4
Respected Contributor

тАО10-12-2004 02:23 AM

тАО10-12-2004 02:23 AM

Re: Authentication problem with CIFS (Samba) from Windows

Sorry for above..it would be smbpasswd -a

..

Prashant
"Intellect distinguishes between the possible and the impossible; reason distinguishes between the sensible and the senseless. Even the possible can be senseless."
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.