Solved

samba/Win98

Posted on 2002-04-20
7
237 Views
Last Modified: 2013-12-15
Looks like you get one of these each year...about this time!  Well, I've read two previous answers, but I guess I want my hand held on my specific situation.

First: setup includes 1 Linux (RedHat 7.2) server, 2 pcs, both running Win98.  TCPIP is fine: everybody can ping everybody. smbclient is apparently fine: Linux box can print to HPLJ on one pc.

However, minimal problem is evident in that that pc can't "see" the network to even set up the printer that's on the Linux box.  (At one point it could/did, but when I tried to get file visibility all round I messed up ...probably, a bunch of things.) Network Neighborhood sees NOTHING, not even the workgroup.

At least for the moment, I have no need for any security within this network, so would gladly settle for "share" level access for Samba.  

I had messed with password encryption, some months ago; I think that's what killed all access. Then I tried to undo it.  I no longer have any idea which kind of encryption exists on the Linux box. How do I find out? Which works better? Which is easier to set up?

I also messed with user-level security for samba and tried to undo that.  

The Linux user "guest" was a casualty of this efforts.  It's gone. If I reinstitute, what password do I assign? How to do none? Just CR on password request?

No, I never did add the registry line on the (1st) PC
to make it NOT encrypt passwords.

The second PC is new; it has had nothing more done to it than it takes to get network connectivity. (Not yet even internet connectivity, which the older pc has thru the Linux box, just fine.) For the moment, it doesn't expect any password on bootup. When I try to setup the Linux box's printer on it, it simply sees nothing on the "entire network". No error msg.

I'm pretty sure ipchains is set ok.  Can't figure out how to  capture the output of ipchains -L to paste here. Any howto?

I'll post the smb.conf file here, tho I'm sure it is only secondarily part of the problem.  Can you help me untangle passwords? (user mjustman exists on both Linux and the older PC, with same (mixed case) password.)

smb.conf =

# Samba config file created using SWAT
# from rosalind (192.168.1.101)
# Date: 2002/03/03 18:20:57

# Global parameters
[global]
     workgroup = MYGROUP
     netbios name = EQUIPOISE
     server string = Samba Server
     security = SHARE
     ssl CA certFile = /usr/share/ssl/certs/ca-bundle.crt
#     debug level = 2
     log file = /var/log/samba/%m.log
#     max log size = 0
     socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
     preferred master = Yes

     dns proxy = No
     username = mjustman, guest
     guest account = guest
     hosts allow = rosalind
     printing = lprng

[homes]
     comment = Home Directories
     path = /home   #3/2
     writeable = Yes
     guest ok = Yes

[printers]
     comment = All Printers
     path = /var/spool/samba
     guest ok = Yes
     printable = Yes

[tmp]
     path = /tmp
     writeable = Yes
     guest ok = Yes

[common]
     path = /common
     writeable = Yes
     guest ok = Yes
        browseable = yes

Bottom line:  What to attack first? What queries to use to diagnose? What strategies do you recommend?

Beyond that, a series of steps would be helpful!

Thanks loads

Marilyn Justman

0
Comment
Question by:mjustman
  • 4
  • 3
7 Comments
 
LVL 40

Expert Comment

by:jlevie
Comment Utility
My recommendation is to start by changing the Global section of your smb.conf file to look like:

[global]
    workgroup = MYGROUP
    netbios name = EQUIPOISE
    server string = Samba Server
    security = user
    encrypt passwords = yes
#     debug level = 2
    log file = /var/log/samba/%m.log
#     max log size = 0
    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
    preferred master = Yes
    dns proxy = No
    printing = lprng

Then use smbpassword to set the SMB encrypted password for mjustman (smbpasswd mjustman) and restart Samba.

If we're lucky removing the ssl stuff from Samba will allow the PC to see the server. If not make sure that the PC is in the same workgroup.

If you still can't see it, try temporarily dropping the firewall (/etc/init.d/ipchains stop) and check again. If the server is then visbile you'll know that the firewall rules need modification.

If your firewall is using RH 7.2 native configuration the rules will be in /etc/sysconfig/ipchains (or iptables). Otherwise the rules are likely to be in /etc/init.d/ipchains or /etc/init.d/itpables.

0
 

Author Comment

by:mjustman
Comment Utility
Ok. Can't try this for about an hour (something about WORK?)...but I'll get back, probably today.

Thanks.

Marilyn J.
0
 

Author Comment

by:mjustman
Comment Utility
Early.

Baby steps. Baby success.
Changed smb.conf per your example.
Ran smbpasswd samantha (because she was a newer, cleaner user than mjustman).

Got response:
getsmbfilepwent malformed password entry (UID not number)
about 50 times
then a comment to the effect that nothing done.

Rebooted linux.
Rebooted pc and logged in with samantha's login.

Aha!  Now network neighborhood SEES equipoise.  (This is the baby success.)  Does this mean I don't have to worry about ipchains?

But: attempt to set up network printer failed.  Wants password for \\equipoise\IPC$  (think that's right). Won't be happy with anything I give it, including samantha's, root's, etc.

Next step?

Not incidentally, since I've obviously screwed up passwords...I somehow (probably manually) changed mjustman's password to read "500:501" where everybody else has (and she used to have) the same exact number on both sides of that colon.  Should I change it back?  How many places might I have propagated it to?  Should I change all of them? (Are they all in /etc/samba? that's easy.  Where else?)

Thanks.

MJ
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 40

Accepted Solution

by:
jlevie earned 200 total points
Comment Utility
Lets deal with the password file first.

By default linux will create user accounts such that each user will be their own group. And if not told to do otherwise the UID (first number in the password file) will be the next free UID beginning at 500. So, the first account you created (mjustman) got UID 500 and an mjustman group was created with  a numerically equal GID (500). The next user will be UID=501, GID=501, etc. The reason for doing this is to increase the security of a user session by having each user be in their own group. To share files between users you have to add other users to your group and then they have to do a newgrp to "join" your group... kinda of a hassle but arguably more secure.

So if you look at /etc/group you should see an entry like:

mjustman:x:500:

And the GID (500 for you) should be the second number in your entry in passwd.

Another thing that you need to know is that normally both /etc/passwd and /etc/shadow are used for Linux authentication. The user info is in passwd and the user's encrypted password is stored in shadow. The last time I checked, Linux required those two files to have a line-to-line correspondence by username. If you've futzed around with either of the files that may no longer be the case and there could be problems.

So the next thing that you need to do is to check your passwd file against the group file and fix any problems with the GID's. Then check to be sure that the shadow file matches, by username, the lines in passwd.

Then we need to be sure that each user's home dir has the correct ownership. Again, since the user and group will have the same name by default you can do:

# chown -R mjustman:mjustman /home/mjustman

and similar commands for each other user.

Now as to the error that you got above. I tend to forget that not everybody reads the man pages before trying a command...

To add a user name to the SMB passwd file one uses:

# smbpasswd -a username

without the -a option smbpasswd will try to change the password for a user that already exists. In this case samantha apparently isn't in the SMB passwd file. Also remember that each and every Samba user must also be a Linux user of the same name (case is important).

On your PC's you'll need to have them configured to login and the username and password used to access windows must be exactly the same as you've set those users up in Linux and the SMB password file.

When all that's straightened out I believe you'll be able to access your Linux printer(s) and each windows user will have access to their home dir and other shares.

Hmm, upon looking closely at your smb.conf I see that you need to delete "path = /home   #3/2" from the [homes] definition. Samba knows how to associate each user's home dir with [homes].
0
 

Author Comment

by:mjustman
Comment Utility
Perfectly happy, like nothing was wrong!  (Don't you hate when computers put on that supercilious smile after you've been sweating bullets?  Teachers, at least, say "nice work", or SOMETHING.)

And all I did (I had switched mj back to her own group earlier) was to run smbpasswd with the -a switch.  (Still got the scary error messages, tho.).  Passwords and group were fine.
 
There's some residual junk around, but I THINK I can now clean that up by myself.

oh: even tho I'm closing this, I've got one more question:  The pcs are sharing files, too.  How do I see those from equipoise, and how can he push/pull these (let's assume they're ascii or ps files) over to his hard drives?  If that's not a one-liner, say so, and I'll make a new official question.

THANK YOU  THANK YOU  Equipoise thanks you. Rosalind thanks you.  Even Stewball will thank you soon....!

Marilyn Justman

note: as racehorses, both equipoise and rosalind were famous for their even tempers and dependable performance. I was hoping the names would have a good effect....;)
0
 
LVL 40

Expert Comment

by:jlevie
Comment Utility
Have a look at the man page for smbmount. With that utility you can access a volume that's been shared by a windows box.

Not quite a one-liner, but...

Horses and computers do have some points in common. Both can handle large loads and both have been known to bolt or panic when confronted by the unexpected...
0
 

Author Comment

by:mjustman
Comment Utility
Thanks again! Over and out for now.

Marilyn Justman
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Currently, there is not an RPM package available under the RHEL/Fedora/CentOS distributions that gives you a quick and easy way to allow PHP to interface with Oracle. As a result, I have included a set of instructions on how to do this with minimal …
Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now