Mailinglist Archive: opensuse-edu (103 mails)
| < Previous | Next > |
Re: [suse-linux-uk-schools] Re: SAMBA setup
- From: "Bill Antonia" <at@xxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 5 Dec 2000 15:26:38 +0000 (UTC)
- Message-id: <005301c05ece$e25948f0$0107a8c0@xxxxxxxxxxxxxxxxxxxxxxxxx>
Your /etc/smb.conf file contains no information on what type of security is
required. If the samba server is to authenticate it's own users in it's own
domain, set
security = user
domain master = yes
domain logons = yes
encrypt passwords = no
This allows Win 95 clients before second release and NT4 clients before
service pack 4 to connect to the domain of your linux box. This is because
by default, clear text passwords were sent over the network. Since then,
Win95SE, Win98, NT service pack 4 onwards and Win2000 all use encrypted
passwords by default. In which case you would have to set
encrypt passwords = yes
This also means you have to have a separate /etc/smbpasswd file to hold the
encrypted passwords, whereas using encrypt passwords = no, the normal Linux
passwords would be used.
If however you wish to authenticate using an existing NT domain, set
security = server
# The following is just an example,
#you put in your own IP address of your own domain server
password server = 192.168.7.1
domain master = no
encrypt passwords = yes
In this case no /etc/smbpasswd file is required however the users of the NT
domain still need to be created locally on the Linux box for it to work. As
an added thing, I usually edit the /etc/shadow file and place a * where the
encrypted password would be. This stops users telnetting to the Linux box.
I am assuming you have put on a recent NT service pack 4 to 6a to your
server so the need for encrypt passwords to be yes.
Regards
Bill
>Which all brings me to the final problem...connecting to the LINUX box from
a
>remote station. (smbclient //localhost/test -U% works fine)
>
>
>My test samba config file is:
>
>[global]
>log level=1
>max log size = 1000
>socket options = TCP_NODELAY IPTOS_LOWDELAY
>guest ok = no
>workgroup=BHEADS (my NT Domain name so that it appears in the right browse
list)
>[homes]
>browseable = no
>map archive = yes
>[printers]
>path = /usr/tmp
>guest ok = yes
>printable = yes
>min print space = 2000
>[test]
>browseable = yes
>read only = no
>guest ok = yes
>public = yes
>path = /test
>
>
>Entering the share from the brwose list on the NT server brings up a
>logon/password box (which surprises me - as I thought guest logon was ok).
>
>Using a LINUX username and password The subsequent error message on the NT
box reads
>'The account is not authorised to login from this station'
>
>Is this a problem with encrypted passwords? I add the line 'encrypt
passwords= yes'
>to my smb/conf file (as per page 73, Reilly) and ....testparm doesn't like
it.
>
>Later in Reilly it states 'encrypted passwords = yes' which it also doesn't
like.
>
>What should it be? Perhaps I should ask NT to do password authenication..
>
>The hosts.deny file only contains a http-rman: all line.
>
>--
>Alan Davies
>Head of Computing
>Birkenhead School
>
>
required. If the samba server is to authenticate it's own users in it's own
domain, set
security = user
domain master = yes
domain logons = yes
encrypt passwords = no
This allows Win 95 clients before second release and NT4 clients before
service pack 4 to connect to the domain of your linux box. This is because
by default, clear text passwords were sent over the network. Since then,
Win95SE, Win98, NT service pack 4 onwards and Win2000 all use encrypted
passwords by default. In which case you would have to set
encrypt passwords = yes
This also means you have to have a separate /etc/smbpasswd file to hold the
encrypted passwords, whereas using encrypt passwords = no, the normal Linux
passwords would be used.
If however you wish to authenticate using an existing NT domain, set
security = server
# The following is just an example,
#you put in your own IP address of your own domain server
password server = 192.168.7.1
domain master = no
encrypt passwords = yes
In this case no /etc/smbpasswd file is required however the users of the NT
domain still need to be created locally on the Linux box for it to work. As
an added thing, I usually edit the /etc/shadow file and place a * where the
encrypted password would be. This stops users telnetting to the Linux box.
I am assuming you have put on a recent NT service pack 4 to 6a to your
server so the need for encrypt passwords to be yes.
Regards
Bill
>Which all brings me to the final problem...connecting to the LINUX box from
a
>remote station. (smbclient //localhost/test -U% works fine)
>
>
>My test samba config file is:
>
>[global]
>log level=1
>max log size = 1000
>socket options = TCP_NODELAY IPTOS_LOWDELAY
>guest ok = no
>workgroup=BHEADS (my NT Domain name so that it appears in the right browse
list)
>[homes]
>browseable = no
>map archive = yes
>[printers]
>path = /usr/tmp
>guest ok = yes
>printable = yes
>min print space = 2000
>[test]
>browseable = yes
>read only = no
>guest ok = yes
>public = yes
>path = /test
>
>
>Entering the share from the brwose list on the NT server brings up a
>logon/password box (which surprises me - as I thought guest logon was ok).
>
>Using a LINUX username and password The subsequent error message on the NT
box reads
>'The account is not authorised to login from this station'
>
>Is this a problem with encrypted passwords? I add the line 'encrypt
passwords= yes'
>to my smb/conf file (as per page 73, Reilly) and ....testparm doesn't like
it.
>
>Later in Reilly it states 'encrypted passwords = yes' which it also doesn't
like.
>
>What should it be? Perhaps I should ask NT to do password authenication..
>
>The hosts.deny file only contains a http-rman: all line.
>
>--
>Alan Davies
>Head of Computing
>Birkenhead School
>
>
| < Previous | Next > |