HPE Community
Operating System - HP-UX
1832977 Members
2533 Online
110048 Solutions
New Discussion

Samba gone sour

 
Scott Sabo
Frequent Advisor

‎09-22-2004 02:52 AM

‎09-22-2004 02:52 AM

Samba gone sour

I need some help!

I had a perfectly fine samba install going, and then something has gone wrong.

From my w2k workstation, I can map a drive to any of the shared volumes on my HPUX 10.23 boxes. However, others cannot. They get prompted for a password every time.

The only thing I can think that may have changed is some minor changes to accounts on the HP systems. My account is also on there, but I don't think we made any changes to my stuff, thus the reason I may be ok.

Any ideas?

I know it's a little broad, but let me know what you may need to know to help, and I will GLADLY get it to you.

Thanks,

Scott
0 Kudos
Reply
15 REPLIES 15
Geoff Wild
Honored Contributor

‎09-22-2004 02:55 AM

‎09-22-2004 02:55 AM

Re: Samba gone sour

What are you doing for authentication?

What is SECURITY set to?

I had something like this happen where NT is lost - usually just a restart of samba fixes it.

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎09-22-2004 02:58 AM

‎09-22-2004 02:58 AM

Re: Samba gone sour

Look at the /etc/opt/samba/smb.conf file

If security = user

smbpasswd -a user password

That will update the smbpasswd file. The user will be prompted for a password. If you don't care about security windows has a box that will let you cache the password.

If security = server

Then you're probably handling security on a windows PDC and need to deal with changes in that environment.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Scott Sabo
Frequent Advisor

‎09-22-2004 03:48 AM

‎09-22-2004 03:48 AM

Re: Samba gone sour

Here's the globals:

# Global parameters
[global]
workgroup = NKTECAE
netbios name = WYNCOMPUTE1.WYANDOTT.BASF-CORP.COM
server string = Samba Server
security = SHARE
log level = 3
syslog = 0
log file = /var/opt/samba/log.%m
max log size = 1000
local master = No
read only = No
short preserve case = No
dos filetime resolution = Yes


Aargh.
Scott
0 Kudos
Reply
Darren Prior
Honored Contributor

‎09-22-2004 03:51 AM

‎09-22-2004 03:51 AM

Re: Samba gone sour

Hi Scott,

You say that there may be minor changes to the HP-UX accounts. Check smb.conf to see if you use a username map file. It's possible that you've changed usernames in /etc/passwd, but left the map file alone.

I'd also check the log.smbd file or log. if you have configured individual log files.

regards,

Darren.
Calm down. It's only ones and zeros...
0 Kudos
Reply
Geoff Wild
Honored Contributor

‎09-22-2004 03:58 AM

‎09-22-2004 03:58 AM

Re: Samba gone sour

From Samba help:

SECURITY = SHARE

When clients connect to a share level security server they need not log onto the server with a valid username and password before attempting to connect to a shared resource (although modern clients such as Windows 95/98 and Windows NT will send a logon request with a username but no password when talking to a security = share server). Instead, the clients send authentication information (passwords) on a per-share basis, at the time they attempt to connect to that share.

Note that smbd ALWAYS uses a valid UNIX user to act on behalf of the client, even in security = share level security.

As clients are not required to send a username to the server in share level security, smbd uses several techniques to determine the correct UNIX user to use on behalf of the client.

A list of possible UNIX usernames to match with the given client password is constructed using the following methods :


If the guest only parameter is set, then all the other stages are missed and only the guest account username is checked.

Is a username is sent with the share connection request, then this username (after mapping - see username map), is added as a potential username.

If the client did a previous logon request (the SessionSetup SMB call) then the username sent in this SMB will be added as a potential username.

The name of the service the client requested is added as a potential username.

The NetBIOS name of the client is added to the list as a potential username.

Any users on the user list are added as potential usernames.

If the guest only parameter is not set, then this list is then tried with the supplied password. The first user for whom the password matches will be used as the UNIX user.

If the guest only parameter is set, or no username can be determined then if the share is marked as available to the guest account, then this guest user will be used, otherwise access is denied.

Note that it can be very confusing in share-level security as to which UNIX username will eventually be used in granting access.

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
Sundar_7
Honored Contributor

‎09-22-2004 05:49 AM

‎09-22-2004 05:49 AM

Re: Samba gone sour

SHARE level security is not "reliable", so to speak.

If you cannot authenticate your windows users against any PDC, I would suggest you use USER level security.

# vi /etc/opt/samba/smb.conf
..
security=user
..
#

# /opt/samba/bin/syncsmbpasswd

# stopsmb
# startsmb

Now give it a try.
Learn What to do ,How to do and more importantly When to do ?
0 Kudos
Reply
Scott Sabo
Frequent Advisor

‎09-23-2004 06:32 AM

‎09-23-2004 06:32 AM

Re: Samba gone sour

odd...

If I change the security level to user, I get prompted for a userID and password, which I enter, and it works for me, but the others get denied. It really tries to work,but no-go.

Now, if I put it back to share, no one gets prompted for a pw, and all is good, but it's wide open.

What the heck is going on?

Scott
0 Kudos
Reply
Sundar_7
Honored Contributor

‎09-23-2004 06:39 AM

‎09-23-2004 06:39 AM

Re: Samba gone sour

Increase the log level to 10. Change the security to user

# vi /etc/opt/samba/smb.conf
security=user
log level =10
#

# stopsmb
Null all the log files in /var/opt/samba/logs

# startsmb

Now try to connect as some other user who is denied access.

Review the log files or post it here.
Learn What to do ,How to do and more importantly When to do ?
0 Kudos
Reply
Scott Sabo
Frequent Advisor

‎09-23-2004 06:54 AM

‎09-23-2004 06:54 AM

Re: Samba gone sour

Is there a quick way to nul all the log*. files?
0 Kudos
Reply
Geoff Wild
Honored Contributor

‎09-23-2004 07:54 AM

‎09-23-2004 07:54 AM

Re: Samba gone sour

Sure - just cat /dev/null to them....

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
Geoff Wild
Honored Contributor

‎09-23-2004 08:03 AM

‎09-23-2004 08:03 AM

Re: Samba gone sour

course, if you want a script:

for i in `ls /var/opt/samba/log.* |grep -v log.smbd | grep -v log.nmbd`
do
cat /dev/null > $i
done

You want to keep the smb and nmb logs...

Rgds...Geoff

Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
Scott Sabo
Frequent Advisor

‎09-23-2004 08:11 AM

‎09-23-2004 08:11 AM

Re: Samba gone sour

(showoff... :))

Here's the log file.

Man, I need to take some classes OR spend some real time on these boxes.

Scott
0 Kudos
Reply
Sundar_7
Honored Contributor

‎09-23-2004 08:32 AM

‎09-23-2004 08:32 AM

Re: Samba gone sour

Scott,

I think you have attached log.smbd file. That is not going to help us much in troubleshooting the problem since you have defined log file=/var/opt/samba/log/log.%m.

If you are trying to connect to the samba share from node1, for example, you will have a log file with the name /var/opt/samba/log/log.node1.

Post the contents of this log file.

- Sundar.
Learn What to do ,How to do and more importantly When to do ?
0 Kudos
Reply
Scott Sabo
Frequent Advisor

‎09-23-2004 08:40 AM

‎09-23-2004 08:40 AM

Re: Samba gone sour

that is the file named log.df9n0q31, which is the netbois name of that pc.

It's the same format as the one for my PC.

0 Kudos
Reply
Sundar_7
Honored Contributor

‎09-23-2004 08:47 AM

‎09-23-2004 08:47 AM

Re: Samba gone sour

hmm, I am running out of suggestions :-)

Couple of things

1) You have defined a FQDN as the netbios name for the server. Change it a single word netbios name without any domain names

2) Dont limit the log file size. Set the log level = 10.

Learn What to do ,How to do and more importantly When to do ?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.