Solved

samba shares/users

Posted on 2003-11-27
31
1,235 Views
Last Modified: 2010-03-18
I have been setting up a linux server for my own house for fun and I have looked into many, many documents and still am a little confuse on how to set up a samba share with users

here is what I have:
# Samba config file created using SWAT
# from 196.254.251.2 (196.254.251.2)
# Date: 2003/11/27 16:29:26

# Global parameters
# Samba config file created using SWAT
# from 196.254.251.2 (196.254.251.2)
# Date: 2003/11/27 16:30:01

# Global parameters
[global]
      workgroup = PC
      guest account =
      passwd program = /bin/passwd
      unix password sync = Yes
      wins support = Yes
      ldap ssl = no
      valid users = admin, root

[root]
      path = /
      username = admin
      read only = No

[admin]
      path = /tmp
      admin users = admin
      read only = No
      hosts allow = 196.254.251.2
      hosts deny = 196.254., EXCEPT, 196.254.251.2

but when I get to my windows 2000 machine I type int //"name of comp"/ it asks for the username and password
so I type admin (for username) and the corresponding password for that username as if I was on the machine itself
and it keeps telling me that that username or password is incorrect

I have used "useradd" to add the user and have used "passwd admin" to change the password (cause for some reason if I don't use "passwd" I can't logon locally) anyway I hope someone out there in the vast internet can help.
0
Comment
Question by:orinsbelt
  • 18
  • 11
  • 2
31 Comments
 
LVL 9

Expert Comment

by:svenkarlsen
Comment Utility
Hi orinsbelt,

One major issue with SAMBA is to keep the workgroup identical, - either change workgroup to PC on your win-boxes or change the workgroup of SAMBA to WORKGROUP


Kind regards,
Sven
0
 

Author Comment

by:orinsbelt
Comment Utility
ok sorry but it took me a sec to get some more info into here that is vitaly important
my Winboxes are all set to workgroup "Pc" as is the samba server

second evertime I use smbpasswd -a admin password # I get the responce
failed to initialise SAM_ACCOUNT for user admin

and thanks for a quick responce
0
 
LVL 24

Expert Comment

by:shivsa
Comment Utility
u have to first add the user by useradd.
0
 
LVL 9

Expert Comment

by:svenkarlsen
Comment Utility
Here's a copy of my SAMBA config, for what it's worth:

[global]
   alternate permissions = no
   case sensitive = no
   dead time = 5
   debug level = 0
   default case = upper
   delete readonly = yes
   delete veto files = yes
   dns proxy = no
   domain logons = no
   domain master = no
   encrypt passwords = yes
   follow symlinks = yes
   guest account = ftp
   local master = yes
   lock directory = /var/lock/samba
   locking = yes
   log file = /var/log/samba
   mangle case = no
   map hidden = yes
   map system = yes
   max log size = 5000
   oplocks = yes
   os level = 1
   preferred master = yes
   preserve case = yes
   security = user
   server string = cube Samba
   share modes = yes
   short preserve case = yes
   socket options = TCP_NODELAY
   strict locking = yes
   veto files = /Network Trash Folder/
   wide links = yes
   wins support = yes
   workgroup = BAKKEGAARDEN
;
[homes]
   comment = Home Directories
   browseable = yes
   read only = no
   create mask = 0755
;

[home]
  path = /home/groups/home
  public = no
  browseable = yes
  writable = yes
  printable = no
  create mask = 0775
  valid users = admin @home
  force create mode = 0664
  force directory mode = 0775
  hide dot files = yes

That's the general part, - here's a sample of a specific directory.

[archive]
  path = /home/groups/archive
  public = no
  browseable = yes
  writable = yes
  printable = no
  create mask = 0775
  valid users = admin @archive
  force create mode = 0664
  force directory mode = 0775
  hide dot files = yes



Sven  
0
 

Author Comment

by:orinsbelt
Comment Utility
I had done "useradd" first and I can log in locally, after doing useradd I try to add the user using swat and it gives me that error.
0
 
LVL 24

Accepted Solution

by:
shivsa earned 250 total points
Comment Utility
Samba users are different from Unix users. You need to export all the unix users and make them samba users.

cat /etc/passwd |mksmbpasswd.sh > /etc/samba/smbpasswd

This mksmbpasswd.sh command converts and exports all the users in /etc/passwd into smbpasswd file.
Then you need to assign a password for each and every unix user(now call them samba user) seperately using smbpasswd command
smbpasswd root
smbpasswd unix_username
......

Then try to access your share using this username and password.
If you add any user in unix system after this export you need to add them to samba seperately and assign the samba password.

smbadduser username samba_username
smbpasswd samba_username
0
 

Author Comment

by:orinsbelt
Comment Utility
I take it that in the line:
smbpasswd unix_username
"unix_username" is whatever username I want to add?
and same with "samba_username" ?
0
 
LVL 24

Expert Comment

by:shivsa
Comment Utility
yes.
0
 

Author Comment

by:orinsbelt
Comment Utility
well I have tried your suggestion and smbadduser -- command not found
mksmbpasswd.sh -- file or directory not found
0
 

Author Comment

by:orinsbelt
Comment Utility
If I hadn't made it clear before I am using samba 3.0 and have compiled from source. I'm using a distro that doesn't have lots of support.  it is called core distro http://coredistro.sourceforge.net
0
 
LVL 24

Expert Comment

by:shivsa
Comment Utility
well u tried on linux system.

try to locate these command by
find / -name smbadduser -print

mostly it should be /usr/local/bin or u just look around in these directory.
/usr/local/<sms-version>/bin  or something.
0
 

Author Comment

by:orinsbelt
Comment Utility
I found the smbadduser but that is just the beggining of the problems now
it requires "csh" and all I have on my system is "bash" command line inturpreter.
and smbadduser is in my /usr/src/samba-3.0.0/source directory
   and mksmbpasswd.sh  "                             "/scripts directory
0
 
LVL 24

Expert Comment

by:shivsa
Comment Utility
i do not if csh files will on bash or not.
but give it a try.

also try to add this path to your PATH env variable.
like this.
PATH=$PATH:/usr/src/samba-3.0.0/source/bin   ( this path is where your smbpasswd files are ie pwd information when u r in that directory).
export PATH

and then try to execute these.
0
 

Author Comment

by:orinsbelt
Comment Utility
I've known for a while now that csh scripts don't work on bash or that the commands being given won't work.  now the problem is very basic yet the solution is out of my knoledege.

now if anyone can give me a link or a basic explenation of how to setup a share so that it uses the current unix users
to connect to the linux samba server.  

I have tried to set it up as:
[global]
security = user

but it doesn't seem to work if anyone know in depth how this works and can either explain it to me or give me a link to
where they do know how to in depth

sorry, but the current answer haven't given me much more info then I know
thanks for the help though

and every time I do /usr/local/samba/smbpasswd -a <user> <password>
it doesn't work and I looked at the contents of smbpasswd and it was empty
and every time I try to add it through swat I get this error:

Failed initialise SAM_ACCOUNT for user <username>
0
 
LVL 24

Expert Comment

by:shivsa
Comment Utility
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 24

Expert Comment

by:shivsa
Comment Utility
Directions on configuring SAMBA with SWAT. This will let you configure SAMBA to use encrypted passwords if need be.

Anyway here is how to use it. When I say to edit a file use your favorite
text editor.

1) become root
2) cd /etc
3) Edit the inetd.conf file
4) find the line:

swat      stream  tcp     nowait.400      root /usr/sbin/swat swat

(note the above line is contained wholly on a single line). It may have a # in front of it. If it does remove the #, if the line is not there copy it exactly as I have it into the file. Save and exit the file.

5) edit the services file, find the line (usally the last line in the file):

swat              901/tcp                         # Add swat service used via inetd

(note the above line is contained wholly on a single line). If the line has a # in front of it remove the #, if the line does not exist add it exactly as above. Save and exit the file.

6) At a root promp type

# /etc/rc.d/init.d/inet stop <CR>
# /etc/rc.d/init.d/inet start <CR>

7) Start X running if it is not already and start netscape
8) go to the following URL: http://localhost:901

You will be presented with a password prompt enter root and the root password. (Only do this from the from the machine you are configuring because you are using the root password)

Now you will be at a menu prompt from which you can configure SAMBA. The first page is help files which explain the usage of SAMBA across the top there are 7 icons:
HOME, GLOBALS, SHARES, PRINTERS, STATUS, VIEW, and PASSWORD

You are on the HOME page, click on GLOBALS. Here you can set the workgroup SAMBA will show up in, the machines netbios name, server string and other items. Most important is the Security options. If you network is using encrypted passwords on windows (Win 98 and Nt do by default, Win 95 does if you have added SP3) make sure to set the encrypted passwords to yes. You can read the help files for the rest of the of this page. Commit the changes before leaving this page.

The Shares icon will let you share out sections of the filesystem as desired. Also commit changes before leaving this page.

If you selected encrypted passwords go to the status icon and restart both smbd and nmbd. Now go to the password Icon and using the server password Management area enter your user name and password, do this for each user on the box. SAMBA will make encrypted passwords when you do this.

At this point all should be well and you should be able to get a share mounted from windows.

0
 

Author Comment

by:orinsbelt
Comment Utility
ok, I know that most of this is my fault and one of the many things that prevented me from adding users was
that I didn't specify a guest account. now that I can add accounts I have added the "admin" and "root" accounts with
passwords. Now with encrypted passwords it just doesn't accept the passwords I pass to the linux box from windows 2000 and when I dissable encrypted passwords it says i don't  have enough access.

ok here it is in a simple explenation:
encrypted passwords = yes then I restart server and change the password
then on connection from windows 2000 it doesn't accept the password

encrypted passwords = no then I restart server and change the password
then on connection from windows 2000 it connects and says I am not permitted to connect
from this workstation.

and your help has been appreciated shivsa
0
 

Author Comment

by:orinsbelt
Comment Utility
p.s. I have checked the log files and there are no errors there
on windows 2000 I try to connect type in "root" and < password>
but it just asks me for the username and password again (with encrypted passwords)
0
 
LVL 24

Expert Comment

by:shivsa
Comment Utility
if encrypted passwords = yes,

did u restart both smbd and nmbd, since it will make encrypted passwords.
--------------------------------

If you selected encrypted passwords go to the status icon and restart both smbd and nmbd. Now go to the password Icon and using the server password Management area enter your user name and password, do this for each user on the box. SAMBA will make encrypted passwords when you do this.

At this point all should be well and you should be able to get a share mounted from windows.
--------------------------------
0
 

Author Comment

by:orinsbelt
Comment Utility
ok what I did is after I set the option encrypted passwords = yes
I hit the restart all button on the status page then I waited till it restarted
and then I went to the password page and in the server password management area
typed in root for user name and supplied the password and retype password
it didn't give me anymore errors.

but when I try to connect from a remote machine it just doesn't do anything except ask me
for the username and password again.
0
 

Author Comment

by:orinsbelt
Comment Utility
I also enabled the user "root" as to have no problems but still it doesn't connect
0
 
LVL 24

Expert Comment

by:shivsa
Comment Utility
try with other users.
0
 
LVL 24

Expert Comment

by:shivsa
Comment Utility
also could u check this document.
/usr/share/doc/samba-version-number/docs/encryption.txt.

0
 

Author Comment

by:orinsbelt
Comment Utility
I went to the directory /usr/share/ and looked for the directory named doc which was nowhere to be found.
I did a "find" for all directorys named doc and none of them were for samba.

I don't know if it helps but I am using samba 3.0.0 and I compiled it from source
and if need be I can recompile. if I do need to recompile any suggestions on
what I should include such as parameters so that I have not such a hard time with it.

p.s. I might just recompile so that I don't have as many problems
any dependancys that you can think of?
besides "make", "gcc", and other build utils.
0
 

Author Comment

by:orinsbelt
Comment Utility
ok, I had to re-install samba. I had accidentally deleted the binary file "smbpasswd" now I have it back
and the only problem is now I can't add machine users
ex. ./smbpasswd -aem root
it responds with
Failed initialise SAM_ACCOUNT for user root$
Failed to modify password entry for user root$

once you tell me how to do that then this question should be closed

p.s. I read somewhere that windows 2000/XP require a machine account
to connect to the samba share.
0
 

Author Comment

by:orinsbelt
Comment Utility
well, last post for a while.
I added the root machine account and it still won't let me connect to the share
the only responce I get from the server is in the log file I deemed log.samba

[2003/11/30 15:11:23, 0] smbd/service.c:make_connection_snum(620)
  Can't become connected user!

it just keeps repeating this message for every time I try to connect to the share
any help will very much be appreciated.
0
 
LVL 24

Expert Comment

by:shivsa
Comment Utility
sorry i was away from my computer.
now since u have smbpasswd and all.
u can use the previous comment above where i listed all the step with smbpasswd and all.
( refer to Date: 11/27/2003 02:39PM PST)
0
 

Author Comment

by:orinsbelt
Comment Utility
ok, I have done that already.  But it still gives me these errors in the log "log.samba", it just keeps
repeating that message over and over in that log.

I have added the Unix_users into the smbpasswd and have configured samba to use the
appropriate smbpasswd as the program and the other as the users list.

anyway that one error keeps poping up, I have looked that error up on the internet and have
yet to find someone that knew what the problem was and you are my last resort.
0
 

Author Comment

by:orinsbelt
Comment Utility
well, I have found the problem yet am seeking the solution.
I know you have worked very hard to help me so I'm upping the points
and second of all the problem resides in the fact that:

windows 2000 (win 2k from now on) sends username and password to server ------> Server says username and password are incorrect.

now somewhere during the sending or recieving of the username and password it is in the correct format or something

I have tried just NTLMv2, lanman, ntlm auth and combinations of all of those
and have had no luck, the users and groups are all added to the password database

it just won't accept the passwords I send to it either the passwords being sent aren't of the acceptable type
or it is recieving the right passwords and won't authenticate or something.
0
 

Author Comment

by:orinsbelt
Comment Utility
forgot to mention that if the user has a null password it will let me connect to the share using the username and null for
password but once I assign a password to that user it doesn't let me connect even if I supply the correct username and
password.


and as always your help has been appreciated
    0rinsb3lt
0
 

Author Comment

by:orinsbelt
Comment Utility
ok, I have solved the last problem and the points are yours!

  the solution to the problem was when I assigned the password to samba (e.g. smbpasswd -a root)
it didn't match the password int password program (e.g. passwd root) so I just changed the passoword
on the samba side (e.g. smbpasswd -a root) to equal the unix/local password and now I can connect using
encrypted passwords

thanx for all your help you have actually taught me more that I knew you where
(e.g. how to debug samba problems)

my journey must go on!
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now