samba shares/users

I have been setting up a linux server for my own house for fun and I have looked into many, many documents and still am a little confuse on how to set up a samba share with users

here is what I have:
# Samba config file created using SWAT
# from (
# Date: 2003/11/27 16:29:26

# Global parameters
# Samba config file created using SWAT
# from (
# Date: 2003/11/27 16:30:01

# Global parameters
      workgroup = PC
      guest account =
      passwd program = /bin/passwd
      unix password sync = Yes
      wins support = Yes
      ldap ssl = no
      valid users = admin, root

      path = /
      username = admin
      read only = No

      path = /tmp
      admin users = admin
      read only = No
      hosts allow =
      hosts deny = 196.254., EXCEPT,

but when I get to my windows 2000 machine I type int //"name of comp"/ it asks for the username and password
so I type admin (for username) and the corresponding password for that username as if I was on the machine itself
and it keeps telling me that that username or password is incorrect

I have used "useradd" to add the user and have used "passwd admin" to change the password (cause for some reason if I don't use "passwd" I can't logon locally) anyway I hope someone out there in the vast internet can help.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Hi orinsbelt,

One major issue with SAMBA is to keep the workgroup identical, - either change workgroup to PC on your win-boxes or change the workgroup of SAMBA to WORKGROUP

Kind regards,
orinsbeltAuthor Commented:
ok sorry but it took me a sec to get some more info into here that is vitaly important
my Winboxes are all set to workgroup "Pc" as is the samba server

second evertime I use smbpasswd -a admin password # I get the responce
failed to initialise SAM_ACCOUNT for user admin

and thanks for a quick responce
u have to first add the user by useradd.
Introduction to Web Design

Develop a strong foundation and understanding of web design by learning HTML, CSS, and additional tools to help you develop your own website.

Here's a copy of my SAMBA config, for what it's worth:

   alternate permissions = no
   case sensitive = no
   dead time = 5
   debug level = 0
   default case = upper
   delete readonly = yes
   delete veto files = yes
   dns proxy = no
   domain logons = no
   domain master = no
   encrypt passwords = yes
   follow symlinks = yes
   guest account = ftp
   local master = yes
   lock directory = /var/lock/samba
   locking = yes
   log file = /var/log/samba
   mangle case = no
   map hidden = yes
   map system = yes
   max log size = 5000
   oplocks = yes
   os level = 1
   preferred master = yes
   preserve case = yes
   security = user
   server string = cube Samba
   share modes = yes
   short preserve case = yes
   socket options = TCP_NODELAY
   strict locking = yes
   veto files = /Network Trash Folder/
   wide links = yes
   wins support = yes
   workgroup = BAKKEGAARDEN
   comment = Home Directories
   browseable = yes
   read only = no
   create mask = 0755

  path = /home/groups/home
  public = no
  browseable = yes
  writable = yes
  printable = no
  create mask = 0775
  valid users = admin @home
  force create mode = 0664
  force directory mode = 0775
  hide dot files = yes

That's the general part, - here's a sample of a specific directory.

  path = /home/groups/archive
  public = no
  browseable = yes
  writable = yes
  printable = no
  create mask = 0775
  valid users = admin @archive
  force create mode = 0664
  force directory mode = 0775
  hide dot files = yes

orinsbeltAuthor Commented:
I had done "useradd" first and I can log in locally, after doing useradd I try to add the user using swat and it gives me that error.
Samba users are different from Unix users. You need to export all the unix users and make them samba users.

cat /etc/passwd | > /etc/samba/smbpasswd

This command converts and exports all the users in /etc/passwd into smbpasswd file.
Then you need to assign a password for each and every unix user(now call them samba user) seperately using smbpasswd command
smbpasswd root
smbpasswd unix_username

Then try to access your share using this username and password.
If you add any user in unix system after this export you need to add them to samba seperately and assign the samba password.

smbadduser username samba_username
smbpasswd samba_username

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
orinsbeltAuthor Commented:
I take it that in the line:
smbpasswd unix_username
"unix_username" is whatever username I want to add?
and same with "samba_username" ?
orinsbeltAuthor Commented:
well I have tried your suggestion and smbadduser -- command not found -- file or directory not found
orinsbeltAuthor Commented:
If I hadn't made it clear before I am using samba 3.0 and have compiled from source. I'm using a distro that doesn't have lots of support.  it is called core distro
well u tried on linux system.

try to locate these command by
find / -name smbadduser -print

mostly it should be /usr/local/bin or u just look around in these directory.
/usr/local/<sms-version>/bin  or something.
orinsbeltAuthor Commented:
I found the smbadduser but that is just the beggining of the problems now
it requires "csh" and all I have on my system is "bash" command line inturpreter.
and smbadduser is in my /usr/src/samba-3.0.0/source directory
   and  "                             "/scripts directory
i do not if csh files will on bash or not.
but give it a try.

also try to add this path to your PATH env variable.
like this.
PATH=$PATH:/usr/src/samba-3.0.0/source/bin   ( this path is where your smbpasswd files are ie pwd information when u r in that directory).
export PATH

and then try to execute these.
orinsbeltAuthor Commented:
I've known for a while now that csh scripts don't work on bash or that the commands being given won't work.  now the problem is very basic yet the solution is out of my knoledege.

now if anyone can give me a link or a basic explenation of how to setup a share so that it uses the current unix users
to connect to the linux samba server.  

I have tried to set it up as:
security = user

but it doesn't seem to work if anyone know in depth how this works and can either explain it to me or give me a link to
where they do know how to in depth

sorry, but the current answer haven't given me much more info then I know
thanks for the help though

and every time I do /usr/local/samba/smbpasswd -a <user> <password>
it doesn't work and I looked at the contents of smbpasswd and it was empty
and every time I try to add it through swat I get this error:

Failed initialise SAM_ACCOUNT for user <username>
Directions on configuring SAMBA with SWAT. This will let you configure SAMBA to use encrypted passwords if need be.

Anyway here is how to use it. When I say to edit a file use your favorite
text editor.

1) become root
2) cd /etc
3) Edit the inetd.conf file
4) find the line:

swat      stream  tcp     nowait.400      root /usr/sbin/swat swat

(note the above line is contained wholly on a single line). It may have a # in front of it. If it does remove the #, if the line is not there copy it exactly as I have it into the file. Save and exit the file.

5) edit the services file, find the line (usally the last line in the file):

swat              901/tcp                         # Add swat service used via inetd

(note the above line is contained wholly on a single line). If the line has a # in front of it remove the #, if the line does not exist add it exactly as above. Save and exit the file.

6) At a root promp type

# /etc/rc.d/init.d/inet stop <CR>
# /etc/rc.d/init.d/inet start <CR>

7) Start X running if it is not already and start netscape
8) go to the following URL: http://localhost:901

You will be presented with a password prompt enter root and the root password. (Only do this from the from the machine you are configuring because you are using the root password)

Now you will be at a menu prompt from which you can configure SAMBA. The first page is help files which explain the usage of SAMBA across the top there are 7 icons:

You are on the HOME page, click on GLOBALS. Here you can set the workgroup SAMBA will show up in, the machines netbios name, server string and other items. Most important is the Security options. If you network is using encrypted passwords on windows (Win 98 and Nt do by default, Win 95 does if you have added SP3) make sure to set the encrypted passwords to yes. You can read the help files for the rest of the of this page. Commit the changes before leaving this page.

The Shares icon will let you share out sections of the filesystem as desired. Also commit changes before leaving this page.

If you selected encrypted passwords go to the status icon and restart both smbd and nmbd. Now go to the password Icon and using the server password Management area enter your user name and password, do this for each user on the box. SAMBA will make encrypted passwords when you do this.

At this point all should be well and you should be able to get a share mounted from windows.

orinsbeltAuthor Commented:
ok, I know that most of this is my fault and one of the many things that prevented me from adding users was
that I didn't specify a guest account. now that I can add accounts I have added the "admin" and "root" accounts with
passwords. Now with encrypted passwords it just doesn't accept the passwords I pass to the linux box from windows 2000 and when I dissable encrypted passwords it says i don't  have enough access.

ok here it is in a simple explenation:
encrypted passwords = yes then I restart server and change the password
then on connection from windows 2000 it doesn't accept the password

encrypted passwords = no then I restart server and change the password
then on connection from windows 2000 it connects and says I am not permitted to connect
from this workstation.

and your help has been appreciated shivsa
orinsbeltAuthor Commented:
p.s. I have checked the log files and there are no errors there
on windows 2000 I try to connect type in "root" and < password>
but it just asks me for the username and password again (with encrypted passwords)
if encrypted passwords = yes,

did u restart both smbd and nmbd, since it will make encrypted passwords.

If you selected encrypted passwords go to the status icon and restart both smbd and nmbd. Now go to the password Icon and using the server password Management area enter your user name and password, do this for each user on the box. SAMBA will make encrypted passwords when you do this.

At this point all should be well and you should be able to get a share mounted from windows.
orinsbeltAuthor Commented:
ok what I did is after I set the option encrypted passwords = yes
I hit the restart all button on the status page then I waited till it restarted
and then I went to the password page and in the server password management area
typed in root for user name and supplied the password and retype password
it didn't give me anymore errors.

but when I try to connect from a remote machine it just doesn't do anything except ask me
for the username and password again.
orinsbeltAuthor Commented:
I also enabled the user "root" as to have no problems but still it doesn't connect
try with other users.
also could u check this document.

orinsbeltAuthor Commented:
I went to the directory /usr/share/ and looked for the directory named doc which was nowhere to be found.
I did a "find" for all directorys named doc and none of them were for samba.

I don't know if it helps but I am using samba 3.0.0 and I compiled it from source
and if need be I can recompile. if I do need to recompile any suggestions on
what I should include such as parameters so that I have not such a hard time with it.

p.s. I might just recompile so that I don't have as many problems
any dependancys that you can think of?
besides "make", "gcc", and other build utils.
orinsbeltAuthor Commented:
ok, I had to re-install samba. I had accidentally deleted the binary file "smbpasswd" now I have it back
and the only problem is now I can't add machine users
ex. ./smbpasswd -aem root
it responds with
Failed initialise SAM_ACCOUNT for user root$
Failed to modify password entry for user root$

once you tell me how to do that then this question should be closed

p.s. I read somewhere that windows 2000/XP require a machine account
to connect to the samba share.
orinsbeltAuthor Commented:
well, last post for a while.
I added the root machine account and it still won't let me connect to the share
the only responce I get from the server is in the log file I deemed log.samba

[2003/11/30 15:11:23, 0] smbd/service.c:make_connection_snum(620)
  Can't become connected user!

it just keeps repeating this message for every time I try to connect to the share
any help will very much be appreciated.
sorry i was away from my computer.
now since u have smbpasswd and all.
u can use the previous comment above where i listed all the step with smbpasswd and all.
( refer to Date: 11/27/2003 02:39PM PST)
orinsbeltAuthor Commented:
ok, I have done that already.  But it still gives me these errors in the log "log.samba", it just keeps
repeating that message over and over in that log.

I have added the Unix_users into the smbpasswd and have configured samba to use the
appropriate smbpasswd as the program and the other as the users list.

anyway that one error keeps poping up, I have looked that error up on the internet and have
yet to find someone that knew what the problem was and you are my last resort.
orinsbeltAuthor Commented:
well, I have found the problem yet am seeking the solution.
I know you have worked very hard to help me so I'm upping the points
and second of all the problem resides in the fact that:

windows 2000 (win 2k from now on) sends username and password to server ------> Server says username and password are incorrect.

now somewhere during the sending or recieving of the username and password it is in the correct format or something

I have tried just NTLMv2, lanman, ntlm auth and combinations of all of those
and have had no luck, the users and groups are all added to the password database

it just won't accept the passwords I send to it either the passwords being sent aren't of the acceptable type
or it is recieving the right passwords and won't authenticate or something.
orinsbeltAuthor Commented:
forgot to mention that if the user has a null password it will let me connect to the share using the username and null for
password but once I assign a password to that user it doesn't let me connect even if I supply the correct username and

and as always your help has been appreciated
orinsbeltAuthor Commented:
ok, I have solved the last problem and the points are yours!

  the solution to the problem was when I assigned the password to samba (e.g. smbpasswd -a root)
it didn't match the password int password program (e.g. passwd root) so I just changed the passoword
on the samba side (e.g. smbpasswd -a root) to equal the unix/local password and now I can connect using
encrypted passwords

thanx for all your help you have actually taught me more that I knew you where
(e.g. how to debug samba problems)

my journey must go on!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Networking

From novice to tech pro — start learning today.