orinsbelt
asked on
samba shares/users
I have been setting up a linux server for my own house for fun and I have looked into many, many documents and still am a little confuse on how to set up a samba share with users
here is what I have:
# Samba config file created using SWAT
# from 196.254.251.2 (196.254.251.2)
# Date: 2003/11/27 16:29:26
# Global parameters
# Samba config file created using SWAT
# from 196.254.251.2 (196.254.251.2)
# Date: 2003/11/27 16:30:01
# Global parameters
[global]
workgroup = PC
guest account =
passwd program = /bin/passwd
unix password sync = Yes
wins support = Yes
ldap ssl = no
valid users = admin, root
[root]
path = /
username = admin
read only = No
[admin]
path = /tmp
admin users = admin
read only = No
hosts allow = 196.254.251.2
hosts deny = 196.254., EXCEPT, 196.254.251.2
but when I get to my windows 2000 machine I type int //"name of comp"/ it asks for the username and password
so I type admin (for username) and the corresponding password for that username as if I was on the machine itself
and it keeps telling me that that username or password is incorrect
I have used "useradd" to add the user and have used "passwd admin" to change the password (cause for some reason if I don't use "passwd" I can't logon locally) anyway I hope someone out there in the vast internet can help.
here is what I have:
# Samba config file created using SWAT
# from 196.254.251.2 (196.254.251.2)
# Date: 2003/11/27 16:29:26
# Global parameters
# Samba config file created using SWAT
# from 196.254.251.2 (196.254.251.2)
# Date: 2003/11/27 16:30:01
# Global parameters
[global]
workgroup = PC
guest account =
passwd program = /bin/passwd
unix password sync = Yes
wins support = Yes
ldap ssl = no
valid users = admin, root
[root]
path = /
username = admin
read only = No
[admin]
path = /tmp
admin users = admin
read only = No
hosts allow = 196.254.251.2
hosts deny = 196.254., EXCEPT, 196.254.251.2
but when I get to my windows 2000 machine I type int //"name of comp"/ it asks for the username and password
so I type admin (for username) and the corresponding password for that username as if I was on the machine itself
and it keeps telling me that that username or password is incorrect
I have used "useradd" to add the user and have used "passwd admin" to change the password (cause for some reason if I don't use "passwd" I can't logon locally) anyway I hope someone out there in the vast internet can help.
ASKER
ok sorry but it took me a sec to get some more info into here that is vitaly important
my Winboxes are all set to workgroup "Pc" as is the samba server
second evertime I use smbpasswd -a admin password # I get the responce
failed to initialise SAM_ACCOUNT for user admin
and thanks for a quick responce
my Winboxes are all set to workgroup "Pc" as is the samba server
second evertime I use smbpasswd -a admin password # I get the responce
failed to initialise SAM_ACCOUNT for user admin
and thanks for a quick responce
u have to first add the user by useradd.
Here's a copy of my SAMBA config, for what it's worth:
[global]
alternate permissions = no
case sensitive = no
dead time = 5
debug level = 0
default case = upper
delete readonly = yes
delete veto files = yes
dns proxy = no
domain logons = no
domain master = no
encrypt passwords = yes
follow symlinks = yes
guest account = ftp
local master = yes
lock directory = /var/lock/samba
locking = yes
log file = /var/log/samba
mangle case = no
map hidden = yes
map system = yes
max log size = 5000
oplocks = yes
os level = 1
preferred master = yes
preserve case = yes
security = user
server string = cube Samba
share modes = yes
short preserve case = yes
socket options = TCP_NODELAY
strict locking = yes
veto files = /Network Trash Folder/
wide links = yes
wins support = yes
workgroup = BAKKEGAARDEN
;
[homes]
comment = Home Directories
browseable = yes
read only = no
create mask = 0755
;
[home]
path = /home/groups/home
public = no
browseable = yes
writable = yes
printable = no
create mask = 0775
valid users = admin @home
force create mode = 0664
force directory mode = 0775
hide dot files = yes
That's the general part, - here's a sample of a specific directory.
[archive]
path = /home/groups/archive
public = no
browseable = yes
writable = yes
printable = no
create mask = 0775
valid users = admin @archive
force create mode = 0664
force directory mode = 0775
hide dot files = yes
Sven
[global]
alternate permissions = no
case sensitive = no
dead time = 5
debug level = 0
default case = upper
delete readonly = yes
delete veto files = yes
dns proxy = no
domain logons = no
domain master = no
encrypt passwords = yes
follow symlinks = yes
guest account = ftp
local master = yes
lock directory = /var/lock/samba
locking = yes
log file = /var/log/samba
mangle case = no
map hidden = yes
map system = yes
max log size = 5000
oplocks = yes
os level = 1
preferred master = yes
preserve case = yes
security = user
server string = cube Samba
share modes = yes
short preserve case = yes
socket options = TCP_NODELAY
strict locking = yes
veto files = /Network Trash Folder/
wide links = yes
wins support = yes
workgroup = BAKKEGAARDEN
;
[homes]
comment = Home Directories
browseable = yes
read only = no
create mask = 0755
;
[home]
path = /home/groups/home
public = no
browseable = yes
writable = yes
printable = no
create mask = 0775
valid users = admin @home
force create mode = 0664
force directory mode = 0775
hide dot files = yes
That's the general part, - here's a sample of a specific directory.
[archive]
path = /home/groups/archive
public = no
browseable = yes
writable = yes
printable = no
create mask = 0775
valid users = admin @archive
force create mode = 0664
force directory mode = 0775
hide dot files = yes
Sven
ASKER
I had done "useradd" first and I can log in locally, after doing useradd I try to add the user using swat and it gives me that error.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I take it that in the line:
smbpasswd unix_username
"unix_username" is whatever username I want to add?
and same with "samba_username" ?
smbpasswd unix_username
"unix_username" is whatever username I want to add?
and same with "samba_username" ?
yes.
ASKER
well I have tried your suggestion and smbadduser -- command not found
mksmbpasswd.sh -- file or directory not found
mksmbpasswd.sh -- file or directory not found
ASKER
If I hadn't made it clear before I am using samba 3.0 and have compiled from source. I'm using a distro that doesn't have lots of support. it is called core distro http://coredistro.sourceforge.net
well u tried on linux system.
try to locate these command by
find / -name smbadduser -print
mostly it should be /usr/local/bin or u just look around in these directory.
/usr/local/<sms-version>/b
try to locate these command by
find / -name smbadduser -print
mostly it should be /usr/local/bin or u just look around in these directory.
/usr/local/<sms-version>/b
ASKER
I found the smbadduser but that is just the beggining of the problems now
it requires "csh" and all I have on my system is "bash" command line inturpreter.
and smbadduser is in my /usr/src/samba-3.0.0/sourc
and mksmbpasswd.sh " "/scripts directory
it requires "csh" and all I have on my system is "bash" command line inturpreter.
and smbadduser is in my /usr/src/samba-3.0.0/sourc
and mksmbpasswd.sh " "/scripts directory
i do not if csh files will on bash or not.
but give it a try.
also try to add this path to your PATH env variable.
like this.
PATH=$PATH:/usr/src/samba-
export PATH
and then try to execute these.
but give it a try.
also try to add this path to your PATH env variable.
like this.
PATH=$PATH:/usr/src/samba-
export PATH
and then try to execute these.
ASKER
I've known for a while now that csh scripts don't work on bash or that the commands being given won't work. now the problem is very basic yet the solution is out of my knoledege.
now if anyone can give me a link or a basic explenation of how to setup a share so that it uses the current unix users
to connect to the linux samba server.
I have tried to set it up as:
[global]
security = user
but it doesn't seem to work if anyone know in depth how this works and can either explain it to me or give me a link to
where they do know how to in depth
sorry, but the current answer haven't given me much more info then I know
thanks for the help though
and every time I do /usr/local/samba/smbpasswd
it doesn't work and I looked at the contents of smbpasswd and it was empty
and every time I try to add it through swat I get this error:
Failed initialise SAM_ACCOUNT for user <username>
now if anyone can give me a link or a basic explenation of how to setup a share so that it uses the current unix users
to connect to the linux samba server.
I have tried to set it up as:
[global]
security = user
but it doesn't seem to work if anyone know in depth how this works and can either explain it to me or give me a link to
where they do know how to in depth
sorry, but the current answer haven't given me much more info then I know
thanks for the help though
and every time I do /usr/local/samba/smbpasswd
it doesn't work and I looked at the contents of smbpasswd and it was empty
and every time I try to add it through swat I get this error:
Failed initialise SAM_ACCOUNT for user <username>
here is link for HOW-TO.
http://www.redhat.com/mirrors/LDP/HOWTO/SMB-HOWTO.html
http://www.redhat.com/mirrors/LDP/HOWTO/SMB-HOWTO.html
Directions on configuring SAMBA with SWAT. This will let you configure SAMBA to use encrypted passwords if need be.
Anyway here is how to use it. When I say to edit a file use your favorite
text editor.
1) become root
2) cd /etc
3) Edit the inetd.conf file
4) find the line:
swat stream tcp nowait.400 root /usr/sbin/swat swat
(note the above line is contained wholly on a single line). It may have a # in front of it. If it does remove the #, if the line is not there copy it exactly as I have it into the file. Save and exit the file.
5) edit the services file, find the line (usally the last line in the file):
swat 901/tcp # Add swat service used via inetd
(note the above line is contained wholly on a single line). If the line has a # in front of it remove the #, if the line does not exist add it exactly as above. Save and exit the file.
6) At a root promp type
# /etc/rc.d/init.d/inet stop <CR>
# /etc/rc.d/init.d/inet start <CR>
7) Start X running if it is not already and start netscape
8) go to the following URL: http://localhost:901
You will be presented with a password prompt enter root and the root password. (Only do this from the from the machine you are configuring because you are using the root password)
Now you will be at a menu prompt from which you can configure SAMBA. The first page is help files which explain the usage of SAMBA across the top there are 7 icons:
HOME, GLOBALS, SHARES, PRINTERS, STATUS, VIEW, and PASSWORD
You are on the HOME page, click on GLOBALS. Here you can set the workgroup SAMBA will show up in, the machines netbios name, server string and other items. Most important is the Security options. If you network is using encrypted passwords on windows (Win 98 and Nt do by default, Win 95 does if you have added SP3) make sure to set the encrypted passwords to yes. You can read the help files for the rest of the of this page. Commit the changes before leaving this page.
The Shares icon will let you share out sections of the filesystem as desired. Also commit changes before leaving this page.
If you selected encrypted passwords go to the status icon and restart both smbd and nmbd. Now go to the password Icon and using the server password Management area enter your user name and password, do this for each user on the box. SAMBA will make encrypted passwords when you do this.
At this point all should be well and you should be able to get a share mounted from windows.
Anyway here is how to use it. When I say to edit a file use your favorite
text editor.
1) become root
2) cd /etc
3) Edit the inetd.conf file
4) find the line:
swat stream tcp nowait.400 root /usr/sbin/swat swat
(note the above line is contained wholly on a single line). It may have a # in front of it. If it does remove the #, if the line is not there copy it exactly as I have it into the file. Save and exit the file.
5) edit the services file, find the line (usally the last line in the file):
swat 901/tcp # Add swat service used via inetd
(note the above line is contained wholly on a single line). If the line has a # in front of it remove the #, if the line does not exist add it exactly as above. Save and exit the file.
6) At a root promp type
# /etc/rc.d/init.d/inet stop <CR>
# /etc/rc.d/init.d/inet start <CR>
7) Start X running if it is not already and start netscape
8) go to the following URL: http://localhost:901
You will be presented with a password prompt enter root and the root password. (Only do this from the from the machine you are configuring because you are using the root password)
Now you will be at a menu prompt from which you can configure SAMBA. The first page is help files which explain the usage of SAMBA across the top there are 7 icons:
HOME, GLOBALS, SHARES, PRINTERS, STATUS, VIEW, and PASSWORD
You are on the HOME page, click on GLOBALS. Here you can set the workgroup SAMBA will show up in, the machines netbios name, server string and other items. Most important is the Security options. If you network is using encrypted passwords on windows (Win 98 and Nt do by default, Win 95 does if you have added SP3) make sure to set the encrypted passwords to yes. You can read the help files for the rest of the of this page. Commit the changes before leaving this page.
The Shares icon will let you share out sections of the filesystem as desired. Also commit changes before leaving this page.
If you selected encrypted passwords go to the status icon and restart both smbd and nmbd. Now go to the password Icon and using the server password Management area enter your user name and password, do this for each user on the box. SAMBA will make encrypted passwords when you do this.
At this point all should be well and you should be able to get a share mounted from windows.
ASKER
ok, I know that most of this is my fault and one of the many things that prevented me from adding users was
that I didn't specify a guest account. now that I can add accounts I have added the "admin" and "root" accounts with
passwords. Now with encrypted passwords it just doesn't accept the passwords I pass to the linux box from windows 2000 and when I dissable encrypted passwords it says i don't have enough access.
ok here it is in a simple explenation:
encrypted passwords = yes then I restart server and change the password
then on connection from windows 2000 it doesn't accept the password
encrypted passwords = no then I restart server and change the password
then on connection from windows 2000 it connects and says I am not permitted to connect
from this workstation.
and your help has been appreciated shivsa
that I didn't specify a guest account. now that I can add accounts I have added the "admin" and "root" accounts with
passwords. Now with encrypted passwords it just doesn't accept the passwords I pass to the linux box from windows 2000 and when I dissable encrypted passwords it says i don't have enough access.
ok here it is in a simple explenation:
encrypted passwords = yes then I restart server and change the password
then on connection from windows 2000 it doesn't accept the password
encrypted passwords = no then I restart server and change the password
then on connection from windows 2000 it connects and says I am not permitted to connect
from this workstation.
and your help has been appreciated shivsa
ASKER
p.s. I have checked the log files and there are no errors there
on windows 2000 I try to connect type in "root" and < password>
but it just asks me for the username and password again (with encrypted passwords)
on windows 2000 I try to connect type in "root" and < password>
but it just asks me for the username and password again (with encrypted passwords)
if encrypted passwords = yes,
did u restart both smbd and nmbd, since it will make encrypted passwords.
--------------------------
If you selected encrypted passwords go to the status icon and restart both smbd and nmbd. Now go to the password Icon and using the server password Management area enter your user name and password, do this for each user on the box. SAMBA will make encrypted passwords when you do this.
At this point all should be well and you should be able to get a share mounted from windows.
--------------------------
did u restart both smbd and nmbd, since it will make encrypted passwords.
--------------------------
If you selected encrypted passwords go to the status icon and restart both smbd and nmbd. Now go to the password Icon and using the server password Management area enter your user name and password, do this for each user on the box. SAMBA will make encrypted passwords when you do this.
At this point all should be well and you should be able to get a share mounted from windows.
--------------------------
ASKER
ok what I did is after I set the option encrypted passwords = yes
I hit the restart all button on the status page then I waited till it restarted
and then I went to the password page and in the server password management area
typed in root for user name and supplied the password and retype password
it didn't give me anymore errors.
but when I try to connect from a remote machine it just doesn't do anything except ask me
for the username and password again.
I hit the restart all button on the status page then I waited till it restarted
and then I went to the password page and in the server password management area
typed in root for user name and supplied the password and retype password
it didn't give me anymore errors.
but when I try to connect from a remote machine it just doesn't do anything except ask me
for the username and password again.
ASKER
I also enabled the user "root" as to have no problems but still it doesn't connect
try with other users.
also could u check this document.
/usr/share/doc/samba-versi
/usr/share/doc/samba-versi
ASKER
I went to the directory /usr/share/ and looked for the directory named doc which was nowhere to be found.
I did a "find" for all directorys named doc and none of them were for samba.
I don't know if it helps but I am using samba 3.0.0 and I compiled it from source
and if need be I can recompile. if I do need to recompile any suggestions on
what I should include such as parameters so that I have not such a hard time with it.
p.s. I might just recompile so that I don't have as many problems
any dependancys that you can think of?
besides "make", "gcc", and other build utils.
I did a "find" for all directorys named doc and none of them were for samba.
I don't know if it helps but I am using samba 3.0.0 and I compiled it from source
and if need be I can recompile. if I do need to recompile any suggestions on
what I should include such as parameters so that I have not such a hard time with it.
p.s. I might just recompile so that I don't have as many problems
any dependancys that you can think of?
besides "make", "gcc", and other build utils.
ASKER
ok, I had to re-install samba. I had accidentally deleted the binary file "smbpasswd" now I have it back
and the only problem is now I can't add machine users
ex. ./smbpasswd -aem root
it responds with
Failed initialise SAM_ACCOUNT for user root$
Failed to modify password entry for user root$
once you tell me how to do that then this question should be closed
p.s. I read somewhere that windows 2000/XP require a machine account
to connect to the samba share.
and the only problem is now I can't add machine users
ex. ./smbpasswd -aem root
it responds with
Failed initialise SAM_ACCOUNT for user root$
Failed to modify password entry for user root$
once you tell me how to do that then this question should be closed
p.s. I read somewhere that windows 2000/XP require a machine account
to connect to the samba share.
ASKER
well, last post for a while.
I added the root machine account and it still won't let me connect to the share
the only responce I get from the server is in the log file I deemed log.samba
[2003/11/30 15:11:23, 0] smbd/service.c:make_connec
Can't become connected user!
it just keeps repeating this message for every time I try to connect to the share
any help will very much be appreciated.
I added the root machine account and it still won't let me connect to the share
the only responce I get from the server is in the log file I deemed log.samba
[2003/11/30 15:11:23, 0] smbd/service.c:make_connec
Can't become connected user!
it just keeps repeating this message for every time I try to connect to the share
any help will very much be appreciated.
sorry i was away from my computer.
now since u have smbpasswd and all.
u can use the previous comment above where i listed all the step with smbpasswd and all.
( refer to Date: 11/27/2003 02:39PM PST)
now since u have smbpasswd and all.
u can use the previous comment above where i listed all the step with smbpasswd and all.
( refer to Date: 11/27/2003 02:39PM PST)
ASKER
ok, I have done that already. But it still gives me these errors in the log "log.samba", it just keeps
repeating that message over and over in that log.
I have added the Unix_users into the smbpasswd and have configured samba to use the
appropriate smbpasswd as the program and the other as the users list.
anyway that one error keeps poping up, I have looked that error up on the internet and have
yet to find someone that knew what the problem was and you are my last resort.
repeating that message over and over in that log.
I have added the Unix_users into the smbpasswd and have configured samba to use the
appropriate smbpasswd as the program and the other as the users list.
anyway that one error keeps poping up, I have looked that error up on the internet and have
yet to find someone that knew what the problem was and you are my last resort.
ASKER
well, I have found the problem yet am seeking the solution.
I know you have worked very hard to help me so I'm upping the points
and second of all the problem resides in the fact that:
windows 2000 (win 2k from now on) sends username and password to server ------> Server says username and password are incorrect.
now somewhere during the sending or recieving of the username and password it is in the correct format or something
I have tried just NTLMv2, lanman, ntlm auth and combinations of all of those
and have had no luck, the users and groups are all added to the password database
it just won't accept the passwords I send to it either the passwords being sent aren't of the acceptable type
or it is recieving the right passwords and won't authenticate or something.
I know you have worked very hard to help me so I'm upping the points
and second of all the problem resides in the fact that:
windows 2000 (win 2k from now on) sends username and password to server ------> Server says username and password are incorrect.
now somewhere during the sending or recieving of the username and password it is in the correct format or something
I have tried just NTLMv2, lanman, ntlm auth and combinations of all of those
and have had no luck, the users and groups are all added to the password database
it just won't accept the passwords I send to it either the passwords being sent aren't of the acceptable type
or it is recieving the right passwords and won't authenticate or something.
ASKER
forgot to mention that if the user has a null password it will let me connect to the share using the username and null for
password but once I assign a password to that user it doesn't let me connect even if I supply the correct username and
password.
and as always your help has been appreciated
0rinsb3lt
password but once I assign a password to that user it doesn't let me connect even if I supply the correct username and
password.
and as always your help has been appreciated
0rinsb3lt
ASKER
ok, I have solved the last problem and the points are yours!
the solution to the problem was when I assigned the password to samba (e.g. smbpasswd -a root)
it didn't match the password int password program (e.g. passwd root) so I just changed the passoword
on the samba side (e.g. smbpasswd -a root) to equal the unix/local password and now I can connect using
encrypted passwords
thanx for all your help you have actually taught me more that I knew you where
(e.g. how to debug samba problems)
my journey must go on!
the solution to the problem was when I assigned the password to samba (e.g. smbpasswd -a root)
it didn't match the password int password program (e.g. passwd root) so I just changed the passoword
on the samba side (e.g. smbpasswd -a root) to equal the unix/local password and now I can connect using
encrypted passwords
thanx for all your help you have actually taught me more that I knew you where
(e.g. how to debug samba problems)
my journey must go on!
One major issue with SAMBA is to keep the workgroup identical, - either change workgroup to PC on your win-boxes or change the workgroup of SAMBA to WORKGROUP
Kind regards,
Sven