Re: [Nolug] samba 101

From: Christopher M. Jones <cjones_at_partialflow.com>
Date: Fri, 24 Jun 2005 15:03:13 -0500
Message-Id: <1119643393.26969.9.camel@copernicus.inet>

I have been through that. The problem seems to be with authentication.
I've tried in xsmbrowser, smbclient, and nautilus. Getting things
working in nautilus is the goal. I have a samba user, a regular user
account, and an w2k account, all with the same user names and passwords.
I want samba to authenticate me automatically, using one of these. When
I want to browse -shares- (not machines, that works fine) Nautilus tells
me I don't have permissions. smbclient asks for a password which, when
entered, shows the shares. xsmbrowser shows what smbclient shows without
my entering a password:

spawn nmblookup -d 1 MILAN
querying MILAN on 192.168.1.255
192.168.1.5 MILAN<00>
spawn smbclient -N -L MILAN -I 192.168.1.5 -W RMHOME
Domain=[RMHOME] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager]

        Sharename Type Comment
        --------- ---- -------
Error returning browse list: NT_STATUS_ACCESS_DENIED
Domain=[RMHOME] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager]

        Server Comment
        --------- -------
        COPERNICUS copernicus server (Samba 3.0.14a-Debian)
        MILAN
        ROBERTM

        Workgroup Master
        --------- -------
        RMHOME COPERNICUS

I got smbclient to work the way I want by setting USERNAME and PASSWORD
environment variables. This, however, is an smbclient-specific solution
and therefore doesn't help me. Here's my smb.conf, basically the
out-of-the-box version that came with Debian:

#
# Sample configuration file for the Samba suite for Debian GNU/Linux.
#
#
# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options most of which
# are not shown in this example
#
# Any line which starts with a ; (semi-colon) or a # (hash)
# is a comment and is ignored. In this example we will use a #
# for commentary and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command
# "testparm" to check that you have not many any basic syntactic
# errors.
#

#======================= Global Settings =======================

[global]

## Browsing/Identification ###

# Change this to the workgroup/NT-domain name your Samba server will
part of
workgroup = RMHOME

# server string is the equivalent of the NT Description field
server string = %h server (Samba %v)

# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable its WINS
Server
; wins support = no

# WINS Server - Tells the NMBD components of Samba to be a WINS Client
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT
both
; wins server = w.x.y.z

# This will prevent nmbd to search for NetBIOS names through DNS.
dns proxy = no

# What naming service and in what order should we use to resolve host
names
# to IP addresses
; name resolve order = lmhosts host wins bcast

#### Debugging/Accounting ####

# This tells Samba to use a separate log file for each machine
# that connects
log file = /var/log/samba/log.%m

# Put a capping on the size of the log files (in Kb).
max log size = 1000

# If you want Samba to only log through syslog then set the following
# parameter to 'yes'.
; syslog only = no

# We want Samba to log a minimum amount of information to syslog.
Everything
# should go to /var/log/samba/log.{smbd,nmbd} instead. If you want to
log
# through syslog you should set the following parameter to something
higher.
syslog = 0

# Do something sensible when Samba crashes: mail the admin a backtrace
panic action = /usr/share/samba/panic-action %d

####### Authentication #######

# "security = user" is always a good idea. This will require a Unix
account
# in this server for every user accessing the server. See
# /usr/share/doc/samba-doc/htmldocs/ServerType.html in the samba-doc
# package for details.
security = user

# You may wish to use password encryption. See the section on
# 'encrypt passwords' in the smb.conf(5) manpage before enabling.
encrypt passwords = yes

# If you are using encrypted passwords, Samba will need to know what
# password database type you are using.
passdb backend = tdbsam guest

obey pam restrictions = yes

guest account = nobody
invalid users = root

# This boolean parameter controls whether Samba attempts to sync the
Unix
# password with the SMB password when the encrypted SMB password in the
# passdb is changed.
; unix password sync = no

# For Unix password sync to work on a Debian GNU/Linux system, the
following
# parameters must be set (thanks to Augustin Luton
<aluton@hybrigenics.fr> for
# sending the correct chat script for the passwd program in Debian
Potato).
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX
\spassword:* %n\n .

# This boolean controls whether PAM will be used for password changes
# when requested by an SMB client instead of the program listed in
# 'passwd program'. The default is 'no'.
; pam password change = no

; domain administrators (added by me)
; domain admin group = @wheel
; domain admin users = Administrator

########## Printing ##########

# If you want to automatically load your printer list rather
# than setting them up individually then you'll need this
load printers = yes

# lpr(ng) printing. You may wish to override the location of the
# printcap file
; printing = bsd
; printcap name = /etc/printcap

# CUPS printing. See also the cupsaddsmb(8) manpage in the
# cupsys-client package.
; printing = cups
; printcap name = cups

# When using [print$], root is implicitly a 'printer admin', but you can
# also give this right to other users to add drivers and set printer
# properties
; printer admin = @ntadmin

######## File sharing ########

# Name mangling options
; preserve case = yes
; short preserve case = yes

############ Misc ############

# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting
; include = /home/samba/etc/smb.conf.%m

# Most people will find that this option gives better performance.
# See smb.conf(5) and /usr/share/doc/samba-doc/htmldocs/speed.html
# for details
# You may want to add the following on a Linux system:
# SO_RCVBUF=8192 SO_SNDBUF=8192
socket options = TCP_NODELAY
restrict anonymous = no
domain master = no
preferred master = no
max protocol = NT
ldap ssl = No
server signing = Auto
; domain logons = yes
; logon path = \\%n\profiles\%u

# The following parameter is useful only if you have the linpopup
package
# installed. The samba maintainer and the linpopup maintainer are
# working to ease installation and configuration of linpopup and samba.
; message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm %s'
&

# Domain Master specifies Samba to be the Domain Master Browser. If this
# machine will be configured as a BDC (a secondary logon server), you
# must set this to 'no'; otherwise, the default behavior is recommended.
; domain master = auto

# Some defaults for winbind (make sure you're not using the ranges
# for something else.)
; idmap uid = 10000-20000
; idmap gid = 10000-20000
; template shell = /bin/bash

#======================= Share Definitions =======================

[homes]
comment = Home Directories
browseable = yes
guest ok = yes
read only = no
# File creation mask is set to 0700 for security reasons. If you want to
# create files with group=rw permissions, set next parameter to 0775.
 create mask = 0700

# Directory creation mask is set to 0700 for security reasons. If you
want to
# create dirs. with group=rw permissions, set next parameter to 0775.
directory mask = 0700

# Un-comment the following and create the netlogon directory for Domain
Logons
# (you need to configure Samba to act as a domain controller too.)
;[netlogon]
; comment = Network Logon Service
; path = /home/samba/netlogon
; guest ok = yes
; writable = no
; share modes = no

[printers]
comment = All Printers
browseable = no
path = /tmp
printable = yes
create mask = 0700

# Windows clients look for this share name as a source of downloadable
# printer drivers
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers

On Tue, 2005-06-21 at 11:17 -0500, David John wrote:
> Have you checked:
> http://us2.samba.org/samba/docs/man/Samba-HOWTO-Collection/install.html#id2532400
> ?
>
> David
>
> On Tue, June 21, 2005 9:23 am, Christopher M. Jones said:
> > I'm trying to get samba running here at home. I have one Linux client,
> > and two w2k clients connected to a router. I've got samba configured
> > correctly enough that, in Gnome, Computer->Network->Windows
> > Network->domain and Computer->Network show the Linux client and the two
> > w2k machines. The problems I have are these:
> >
> > 1. I cannot browse the w2k machines' available shares as I can when I am
> > on one of the w2k machines. I have to know the share, e.g.,
> > machine/Shared Files, put it inot the location bar, and log into the
> > machine.
> >
> > 2. When I first bring up the contents of the share it takes a -long-
> > time to list.
> >
> > 3. I would rather not have to authenticate myself all the time from the
> > Linux client. I have an account on each of the w2k machines that matches
> > my account on the Linux client, and the w2k folder is shared to
> > everyone.
> >
> > 4. The only authentication the w2k machines will accept is the
> > Administrator's. I can't authenticate as any of the users on the w2k
> > machines.
> >
> > Any suggestions for me? Ask me questions and I'll post more and relevant
> > details.
> >
> > --
> > Christopher M. Jones <cjones@partialflow.com>
> >
> > ___________________
> > Nolug mailing list
> > nolug@nolug.org
> >
>
> On Tue, June 21, 2005 9:23 am, Christopher M. Jones said:
> > I'm trying to get samba running here at home. I have one Linux client,
> > and two w2k clients connected to a router. I've got samba configured
> > correctly enough that, in Gnome, Computer->Network->Windows
> > Network->domain and Computer->Network show the Linux client and the two
> > w2k machines. The problems I have are these:
> >
> > 1. I cannot browse the w2k machines' available shares as I can when I am
> > on one of the w2k machines. I have to know the share, e.g.,
> > machine/Shared Files, put it inot the location bar, and log into the
> > machine.
> >
> > 2. When I first bring up the contents of the share it takes a -long-
> > time to list.
> >
> > 3. I would rather not have to authenticate myself all the time from the
> > Linux client. I have an account on each of the w2k machines that matches
> > my account on the Linux client, and the w2k folder is shared to
> > everyone.
> >
> > 4. The only authentication the w2k machines will accept is the
> > Administrator's. I can't authenticate as any of the users on the w2k
> > machines.
> >
> > Any suggestions for me? Ask me questions and I'll post more and relevant
> > details.
> >
> > --
> > Christopher M. Jones <cjones@partialflow.com>
> >
> > ___________________
> > Nolug mailing list
> > nolug@nolug.org
> >
>
>
> ___________________
> Nolug mailing list
> nolug@nolug.org

-- 
Christopher M. Jones <cjones@partialflow.com>
___________________
Nolug mailing list
nolug@nolug.org
Received on 06/24/05

This archive was generated by hypermail 2.2.0 : 12/19/08 EST