Re: CIFS server user isses

SM_3 · ‎09-17-2003

I'm using the latest version of CIFS server for HP-UX 11.00.

Have installed the software and can see a few file systems from the windows client.
This only occurs since I have chosen the Security level as "share."

With Security level "User"
I have created the user accounts and used smbpasswd.

When I do logon as user "pluto1$" and enter passwd I recieve another logon prompt and therefore no access to the file system.

As said this does not occur if I chose security level share.

Where am I going wrong?

RAC_1 · ‎09-17-2003

What does the log file say?
With security level set to server, the clients will have to provide the username and password.

There is no substitute to HARDWORK

jbjbjb · ‎09-17-2003

In order to use user level security CIFS must be configured for encrytped password. Under the [global] section have:
security = user
encrypt passwords = yes
smb passwd file = /path to smbpasswd.

Any other problems please post your smb.conf file.

John

Brian Bergstrand · ‎09-17-2003

If you are using NT clients, then you must make sure encrypted passwords are enabled. NT clients cannot use cleartext passwords like Win9x (at least not without some registry hacks). This could be part of the problem.

Also, take a look at security_level.txt in /opt/samba/docs/textdocs.

HTH.

John Dvorchak · ‎09-17-2003

That userid of pluto1$ doesn't look right to me. Are you sure that is a valid username? I was thinking that NT considers the dollar sign a special character meaning Administrator or something. Maybe I am thinking of a share name on NT. Could you create a different userid for testing without a trailing $ sign? If the client is an NT workstation it will by default send passwords encrypted, you have to hack the registry to make it send plain text (security issue). As others have said make sure your smb.conf file, under the "GLOBAL" section has encrypt passwords = Yes

I also find it easier to configure CIFS (Samba) with the swat utility for newbies.

If it has wheels or a skirt, you can't afford it.

Steven E. Protter · ‎09-17-2003

user id's with special characters in them make HP-UX unhappy.

Have you done smbpasswd -a for that user?

What were the results?

smpasswd -a pluto$ password

# lets check the return code.
rc=$?

echo $rc

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

SM_3 · ‎09-17-2003

I changed the user id to pluto!
Also changed the passwd successfully

#echo $?
#0

still same problem
keep on facing the logon prompt regardless

hang on will post the smb.conf file

thanks

SM_3 · ‎09-17-2003

pluto not pluto!

SM_3 · ‎09-17-2003

still having the user issues

here is the smb.conf

thanks for all the help!

John Dvorchak · ‎09-17-2003

Now I am confused. Do you still have the CIFS server set to share not user? If it is set to share you will have to really look at permissions on those "shares" from the UNIX side. It could be that you are trying to see or use an exported "share" that the user pluto doesn't have access to.

I would advise using user instead of share, and really suggest that you use SWAT to configure shares, users, global parameters etc. The help files are great for explaining what each selection does. I am normally not a fan of GUI's or web based admins, but I used to drive my self nuts with the smb.conf file until I found SWAT. Now I rarely have problems.

If it has wheels or a skirt, you can't afford it.

John Dvorchak · ‎09-17-2003

Thank you for the post of the smb.conf file. Fist thing that jumps out to me is that you have it still set to SHARE and you have a password server defined. Is that address an NT server? Is this a member of a domain or a workgroup? If that address points to an NT server then it is looking on that NT server for the username pluto and never asks itself for the username password combination. So all of the work you did with smbpasswd is wasted.

If it has wheels or a skirt, you can't afford it.

SM_3 · ‎09-17-2003

I am using SWAT.

not it's set to user
(I changed to share so I could grab the smb.conf file)

so right now I'm set to User and access to the file systems is denied- no login prompt

John Dvorchak · ‎09-17-2003

One more observation, you have
hosts allow = 192.168.1.1
is that the IP address of the client you are trying to connect from?

I don't mean to insult your intelligence if these questions seem pretty basic. When I have worked on a frustrating problem for a while I appreciate someone else looking at my work to make sure I didn't overlook something.

If it has wheels or a skirt, you can't afford it.

SM_3 · ‎09-17-2003

The password server is a HP-UX box (192.168.1.78)

this is the file

thanks

SM_3 · ‎09-17-2003

Yes 192.168.1.1 is the client I'm connecting from (win2k)

thanks for the help

John Dvorchak · ‎09-17-2003

You may want to verify this but I am pretty sure that the "password server" name has to be an NT or Win2k Domain controller or another Samba server set to exchange encrypted passwords.

You may want to verify that the password server does in fact use encrypted, and pluto is defined on that system and the passwords are synced up.

If it has wheels or a skirt, you can't afford it.

John Dvorchak · ‎09-17-2003

When you said that the password server is an HPUX box, is this the HP box that you are running on? If it the same box, you should remove the address for the password server, it will handle the authentication. It could be trying to send a request to itself and losing it on network.

If it has wheels or a skirt, you can't afford it.

Rajesh SB · ‎09-17-2003

Hi,

For your information.

When you set the parameter "security=share"
samba acts like Windows workgoup.
In case of security=user act like PDC.

When you are using security=user like PDC.
On samba server, unix user account and also samba user account also must be created.

Normally, in NT/2000 workstation logon problem due to password athentication failing.
Fix for this by updating the registry at client.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkStatio
n\Parameters]
"EnablePlainTextPassword"=dword:00000001

Good luck,

Cheers,
Rajesh

jbjbjb · ‎09-17-2003

Install webmin it has a nice samba interface for configuration.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: CIFS server user isses

CIFS server user isses