SAMBA Help for the newbie

Scott Sabo · ‎06-10-2004

Howdy...

I think that I have Samba running. I checkd the existance of Samba=1 in /etc/rc.config.d/samba, I have SAWT running and can get to it via the browser, I've done the reg fix for windows2000 for Plain passwords, but I cannot seem to hit the Samba share...

here is what I see under "view" in SWAT

# Samba config file created using SWAT
# from proxy.my-pc.com
# Date: 2004/06/10 10:30:16

# Global parameters
[global]
workgroup = NKTECAE
netbios name = FIRE
server string = Samba Server
syslog = 0
log file = /var/opt/samba/log.%m
max log size = 1000
local master = No
read only = No
short preserve case = No
dos filetime resolution = Yes

[homes]
comment = Home Directories
browseable = No

[tmp]
comment = Temporary file space
path = /tmp

[fdata]
path = /data
guest ok = Yes

[myfdata]
path = /data

It seems like there is a share there.... any idea as to why I cannot hit it?

Thanks,
Scott

RAC_1 · ‎06-10-2004

What do you get when you run \\sabma_server\share from WINDOWS??

Anil

There is no substitute to HARDWORK

Scott Sabo · ‎06-10-2004

The mapped network drive could not be created because the following error has occured: The account is not authorized to log in from this workstation.

Perhaps I'm missing something as to what name I should be using for the samba_server name. If I use the \\IP\share (as in above, it would be \\10.208.83.33\fdata), I get nothing.

Geoff Wild · ‎06-10-2004

Looks like you are setup for SECURITY=USER

If your PCs use usernames that are the same as their usernames on the UNIX machine then you will want to use security = user. If you mostly use usernames that don't exist on the UNIX box then use security = share.

So, does your Windows id = unix id?

If not, then you will need to employ username.map file:

/etc/opt/samba/username.map

This option allows you to specify a file containing a mapping of usernames from the clients to the server. This can be used for several purposes. The most common is to map usernames that users use on DOS or Windows machines to those that the UNIX box uses. The other is to map multiple users to a single username so that they can more easily share files.

unixid = ntid

and/or

unixid = ntid1, ntid2

Rgds...Geoff

Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.

Scott Sabo · ‎06-10-2004

security was set to user, so I changed it to share.

I do have id's set up on the unix system that match the Novell/Windows IDs that hit the windows boxes (corp. standard), so do I then need the username.map file?

Now, when I try to map the drive, I do at least get a prompt to log in, but it does not take the user name / password, even as root.

I REALLY appreciate your help.

Geoff Wild · ‎06-10-2004

For SECURITY=SHARE, set:

guest only = YES

on each of the shares...

Rgds...Geoff

Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.

Olivier Decorse · ‎06-10-2004

Hello Scott.

I just have the same problem, some days ago.
I'm sure it is the password encrypted problem (you have to come back to the security = user configuration).
I've read that you already do the modification of the registry for plain password, but can you verify values AND the DATATYPE (REG_DWORD). The document that all explains : http://wwwx.cs.unc.edu/help/network/problems/samba_passwords.html

An other thing : Add the "log level = 3" in your smb.conf and you will have more informations in your logfile.

Good luck.
Olivier.

They say "install windows 2k, xp or better", so i install unix !

Scott Sabo · ‎06-10-2004

Ok, I've checked the reg., and I had to add it manually, and then I also made the changes that you pointed out Geoff, but still no go. I get the login, but it does not take my password.

I'll send you whatever you need, but I'm stuck...

Thanks in advance.

Geoff Wild · ‎06-10-2004

Does the "guest account" exist on the Unix server?

guest account = smbnull

and does smbnull have access to the path's in the shares?

Rgds...Geoff

Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.

Scott Sabo · ‎06-10-2004

There is a smbnull group account, with no users.

Is that correct?

And how can I verify that is has rights to that share path?

(feeling quite lost... but it's getting clearer).

Scott

RAC_1 · ‎06-10-2004

Have you added all users with smbpasswd command??

What error you get in log files?

Anil

There is no substitute to HARDWORK

Geoff Wild · ‎06-10-2004

smbnull has to be in the passwd file:

grep smbnull /etc/passwd

smbnull:*:101:101:DO NOT USE OR DELETE - needed by Samba:/home/smbnull:/sbin/sh

Then the shares either need to be set to smbnull or group smbnull...

something like:

ls a-ld /data

drwxrwxr-x 14 smbnull bin 6144 Jun 10 10:17 /tmp

or

drwxrwxr-x 14 root smbnull 6144 Jun 10 10:17 /tmp

But not needed for /tmp or /home :)

Rgds...Geoff

Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.

Scott Sabo · ‎06-10-2004

ahhh... not in the etc/passwd.

Doh!

should I create an account, or what do you suggest (you're wearing the crown... :) ).

Scott

Scott Sabo · ‎06-10-2004

Cool!

The Engineer\Unix guy and I added in the smbnull with your parameters, and we can do it now! Sweet!

Thanks for your help. ITRC is the best...
(better than F1... )

Should that account have been there in the first place? IF the group was there, why was not the account?

Scott

Geoff Wild · ‎06-10-2004

Yes - that account should have been there - now that you have it working - with those security settings - you are wide open - that is anyone in your network can connect to those shares - if you don't need write access, you may want to change the shares in Samba to be read-only.

Someone may have removed the account at one time...

Rgds...Geoff

Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.

Scott Sabo · ‎06-10-2004

I don't really have an issue with using passwords. We have user accounts on the UNIX boxes, so what is the best way to protect the files? All the users that need to hit the shares are members of another group. Can I do it that way?

(btw: I am scheduled for training thru hp... :) ).

Geoff Wild · ‎06-10-2004

What I use is SECURITY=SERVER

then point to Windows Domain Controllers as PASSWORD SERVERS - that way all authentication happens at the Windows level.

You might at the least, use SECURITY=USER.

Great docs are online on your server via SWAT.

Go to the Globals section, then click on the "help" link next to "security" :)

Rgds...Geoff

Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.

Scott Sabo · ‎06-10-2004

I'll do some reading. We need to button down the shares, so I'll follow up on this.

Once again, thank you for all of your help.

Scott

Spike Burkhardt · ‎06-11-2004

Scott,

I'd recommend several things. First is to have your workstations send the password encrypted across the network. When you do this, you'll need to put 'encrypt passwords = Yes' in the global section. I would also second the motion that you use Windows password authentication. For this option you'll need to use the 'password server' line in the global section as well. At first I had your problem as well. What actually fixed it for me was to have this line: 'password level = 8'. I'm not sure what it does but it worked for me! Of course all these recommendations assume that you change the security option to 'security = SERVER'.

HTH,

Spik

Hey, I've got three teenage boys!

Scott Sabo · ‎06-22-2004

Ok, so after a week of running, it seems that all of the files are owned by smbnull. That causes a problem. All of the users cannot get to the files, unless they log in as root.

If I have my users in a group called CAEUsers, how can I associate the Samba files to that account?

John Kittel · ‎06-22-2004

use the samba share configuration options, "force user", "force group", "create mask", "force create mode", etc.

Are you using swat? ( swat = samba web admin tool ). I use it; it makes picking options, and reading the documentation of the options, very easy, user friendly.

- John

Scott Sabo · ‎06-22-2004

John,

That worked like a charm. Thank you.

Scott

Darren Prior · ‎06-22-2004

Hi Scott,

If users are appearing as smbnull that strongly suggests that any authentication is failing and that everyone is using guest access. I did note earlier in this thread that you were going to tighten security later, now might be a good time as anyone will be able to access those files.

regards,

Darren.

Calm down. It's only ones and zeros...

Scott Sabo · ‎06-23-2004

What's the best way to lock these files down?

I guess I'm still foggy on how to get them locked down. How do I require the users to have to user their Unix logins to map the drives from Windows?

Darren Prior · ‎06-23-2004

Hi Scott,

It's quite tricky to provide every step required to set up the authentication process. You may have special requirements that we do not know.

As a starting point I'd recommend that you read Chapter 6 "User, Security, and Domains" of the O'Reilly "Using Samba" book - it's available through SWAT on your server. http://:901

There are basically 3 main ways to authenticate :
1) against a separate password file on your server

2) against the password file of another server or PDC

3) within a Windows domain via the PDC.

The O'Reilly book details how to configure each of these options, and also discusses the username map file which is to alias between the Windows usernames and HP-UX usernames. You will still (in general) need to have a HP-UX user in /etc/passwd for each Windows user.

regards,

Darren.

Calm down. It's only ones and zeros...

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

SAMBA Help for the newbie

SAMBA Help for the newbie

Re: SAMBA Help for the newbie

Re: SAMBA Help for the newbie

Re: SAMBA Help for the newbie

Re: SAMBA Help for the newbie

Re: SAMBA Help for the newbie

Re: SAMBA Help for the newbie

Re: SAMBA Help for the newbie

Re: SAMBA Help for the newbie

Re: SAMBA Help for the newbie

Re: SAMBA Help for the newbie

Re: SAMBA Help for the newbie

Re: SAMBA Help for the newbie

Re: SAMBA Help for the newbie

Re: SAMBA Help for the newbie

Re: SAMBA Help for the newbie

Re: SAMBA Help for the newbie

Re: SAMBA Help for the newbie

Re: SAMBA Help for the newbie

Re: SAMBA Help for the newbie

Re: SAMBA Help for the newbie

Re: SAMBA Help for the newbie

Re: SAMBA Help for the newbie

Re: SAMBA Help for the newbie

Re: SAMBA Help for the newbie