Solved

SAMBA Client - domain authentication

Posted on 2003-12-03
64
58,093 Views
Last Modified: 2011-08-18
I'm running Debian 3.0r2 with Samba 2.2.3a-12.3.

I'm not extremely concerned about hosting SMB shares at present, just with connecting to them.

I can connect fine to one WIntel box with smbclient to list all available shares "smbclient -L server1 -U myusername" Then prompts for password and lists all shares fine. Will also mount perfectly.

However, username and password I am using for server1 are local accounts. When I try to connect to a file server on the Win2K AD domain, I get the "NT_STATUS_ACCESS_DENIED" error. I have tried prefixing my username with "DOMAIN\" with no avail.

I have SWAT however it's not the most intuitive console in the world and I'm happy just using vi, but the smb.conf manual is confusing me.

I'm pretty sure the issue lies with this conf file. If somebody can give me a specific set of explained steps to set up domain authentication I'd be most grateful. Cheers.

0
Comment
Question by:GeneriK
  • 31
  • 20
  • 4
  • +6
64 Comments
 
LVL 22

Expert Comment

by:pjedmond
Comment Utility
Can you print out your current smb.conf?
0
 
LVL 18

Expert Comment

by:liddler
Comment Utility
I have seen problems with Windows 2000 machines not allowing plain text password from linux machines.  By default NT allowed plain text password and 2000 doesn't.  I think you need a registry entry

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rdr\Parameters]
"EnablePlainTextPassword"=dword:00000001

To allow a linux box into a 2000 SMB server
0
 
LVL 1

Author Comment

by:GeneriK
Comment Utility

/etc/samba/smb.conf

# Samba config file created using SWAT
# from localhost (127.0.0.1)
# Date: 2003/12/03 12:41:41

# Global parameters
[global]
      workgroup = LINUX
      netbios name = VIPER
      server string = %h server (Samba %v)
      security = SERVER
      encrypt passwords = Yes
      update encrypted = Yes
      obey pam restrictions = Yes
      passwd program = /usr/bin/passwd %u
      passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n .
      syslog = 0
      log file = /var/log/samba/log.%m
      max log size = 1000
      dns proxy = No

[homes]
      comment = Home Directories
      create mask = 0700
      directory mask = 0700
      browseable = No

[printers]
      comment = All Printers
      path = /tmp
      create mask = 0700
      printable = Yes
      browseable = No

-------------------------------------------------------------------------------------

Should have mentioned also that I do not have admin access to the WIntel and therefore cannot make any registry mods etc.
0
 
LVL 1

Author Comment

by:GeneriK
Comment Utility
Do the maintainers of this site realise that it looks crap in galeon?
0
 
LVL 1

Author Comment

by:GeneriK
Comment Utility
frames don't work properly
0
 
LVL 1

Author Comment

by:GeneriK
Comment Utility
Incidentally, a collegue connected successfully with a RH8 box to the same share. Unfortunately he blasted his HDD so I can't compare smb.conf files.
0
 
LVL 20

Expert Comment

by:Gns
Comment Utility
smbclient doesn't use the smb.conf file.

Do
smbclient -L server1 -U myusername -W DOMAIN
where DOMAIN is your AD domain and myusername is a valid user within that domain.
The corresponding smbmount options are "username=...,password=....,workgroup=....", giving the following /etc/fstab entry template:

//server1/share /mnt/server1share smbfs noauto,username=...,password=....,workgroup=.... 0 0

Be sure that the mountpoint directory exist first.
If you have reservations about having plaintext passwords in /etc/fstab you can instead use the credentials=<filename> stratagem (the file contains the username=... and password=... entries on separate lines... only root need be able to read this file) or the environment variable thing mentioned in the smbmount man-page.

-- Glenn
0
 
LVL 1

Author Comment

by:GeneriK
Comment Utility
Glenn - how you doing?

$ smbclient -L server2 -U user.name -W DOMAIN
added interface ip=10.160.21.3 bcast=10.160.23.255 nmask=255.255.252.0
Password:  <password>
Domain=[BC] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager]
tree connect failed: NT_STATUS_ACCESS_DENIED

same error as before. My account is definately valid on the domain as I can see the fileserver from my WIntel box.


cheers,

Erik
0
 
LVL 24

Expert Comment

by:shivsa
Comment Utility
did u turn on the guest account on windows system.
try to create a guest account on windows and then try to connect with the guest account.
0
 
LVL 24

Expert Comment

by:shivsa
Comment Utility
also coult u try to mount the smb share.
smbmount or simple
mount -t smbfs -o <options>  -username=xxx,password=xxx //computer/share /mount/point

0
 
LVL 24

Expert Comment

by:shivsa
Comment Utility
Also check this post. may be related to your problem.
http://www.experts-exchange.com/Networking/Microsoft_Network/Q_20605057.html
0
 
LVL 1

Author Comment

by:GeneriK
Comment Utility
shivsa - read the thread - I do not have admin access to the WIntel file server.

Guest accounts are disabled on the estate for security.

The mount -t smbfs command doesn't work for this server either.
0
 
LVL 20

Expert Comment

by:Gns
Comment Utility
>  smbclient doesn't use the smb.conf file.
... slight amendment: it uses the file, yes, but everything important can be overridden (and probably should be:-). Since you specify the domain/workgroup, the setting "security = SERVER" shouldn't have any effect (for the client. This is the only real diff I can see )... You could try commenting it though.

At the root of your trouble seems to lie the guest (non-)access restriction.
We have this working, since we allow anonymous guest, but have (reportedly... according to our AD guru:) taken steps to minimize the security ramifications it'll have. I can perhaps massage his ego so that he'll share (:-) some info.
Is the server exposed, or do you run a high security shop?

Anyway, regardless of the "browseability", you should still be able to access the shares directly with something like
mount -t smbfs -o username=user.name,password=thepassword,workgroup=BC //server2/name_of_share /mountpoint
(mkdir /mountpoint first etc etc) This will be transformed by the mount.smbfs script to a smbmount command, or /sbin/mount.smbfs might be a symbolic link to smbmount ... anyway, smbmount gets called like
smbmount //server2/name_of_share /mountpoint -o username=user.name,password=thepassword,workgroup=BC
As said, this should work...:)

Have you thought of upgrading samba? 2.2.3a isn't smoking exactly:-)... And I'm a bit ... stumped (unable to reproduce your exact situation).

-- Glenn
0
 
LVL 1

Author Comment

by:GeneriK
Comment Utility
It's relatatively high security here I'm afraid - I'm on a massive enterprise implementation at a client site so no access to production AD configuration for anyone except the outsourced support organisation (it's a production file share).

I might take your advice with the upgrade, but it's not samba I really need to upgrade, is it? I don't really care about hosting shares on Linux box (ftpd works, right?) so it must be smbclient that the problem is with, or maybe some kernel config options? I don't think there is a dependency for smbclient / smbmount for the samba package if you only want to mount shares.

I have read about the anonymous guest access issue (bug?) but don't really understand it - is the problem resolved in later versions of smbclient / smbmount?
0
 
LVL 1

Author Comment

by:GeneriK
Comment Utility
i have also tried the mount -t smbfs command in various permutations but no dice with this either.
0
 
LVL 20

Expert Comment

by:Gns
Comment Utility
I'm looking at bugzilla.... Nothing conclusive as of yet:).

I tend to keep samba and smbclient in "lockstep". It's (of course) the latter that needs upgrading:-).
There are binaries for debian at http://www.samba.org for more recent offerings.

-- Glenn
0
 
LVL 1

Author Comment

by:GeneriK
Comment Utility
glenn

I upgraded to Samba 3 (all components) and smbclient now works - I can list the shares available.

This is great, but... when trying to mount:

# mount -t smbfs -o username-user.name,password=password,rw //server/share /mnt/

cli_negprot: SMB signing is mandatory and we have disabled it.
1743: protocol negotiation failed
SMB connection failed

i've seen this in some other forums and tried adding client signing = yes (as suggested) to my smb.conf but this doesn't seem to work.
0
 
LVL 1

Author Comment

by:GeneriK
Comment Utility
looks like the earlier version of samba can handle authentication to a local host domain, but not to that host's domain controller.
0
 
LVL 1

Author Comment

by:GeneriK
Comment Utility
is no-one prepared to give more help with this one?

otherwise I have to close, sorry.
0
 
LVL 20

Expert Comment

by:Gns
Comment Utility
Sorry Erik, I'm (unfortunately) very busy ATM with Real (paying) Work...
I did a quick search, and turned up a lot of errors of this kind, some more or less fitting your description...
Seems to me like the 3.0 client succeeds authentication, but the subsequent SMB protocol negotiating borks out on the default behaviour for client signing... Do you have
client signing = yes
("client use spnego = yes" should be the default already)
in your smb.conf?

If that didn't work, this post http://www.spinics.net/lists/samba/msg09710.html hints that http://www.samba.org/samba/Linux_CIFS_client.html might be your solution.

-- Glenn
0
 
LVL 1

Author Comment

by:GeneriK
Comment Utility
thanks - i'll try it
0
 
LVL 2

Expert Comment

by:arecord
Comment Utility
do you have the right to join domain?

[global]
     workgroup =YOUR DOMAIN NAME
     netbios name = VIPER
     security = domain
    password server=*


then join domain, type: smbpasswd -j YOUR DOMAIN NAME -r DOMAIN DC -U ADMINISTRATOR'S NAME

after you join the domain, you shouldn't have any problem to mount the file server share

mount -t smbfs //file server name/share /mount point

remember to ask your admin to add root in the win2k domain as a user.
use file server's name then ip.
0
 
LVL 1

Author Comment

by:GeneriK
Comment Utility
I cannot join the domain - only authenticate to shares on it to which I have been granted access.

>> remember to ask your admin to add root in the win2k domain as a user.
err... why? I already have an account on the domain controller.

looks like CIFS is the best option but I haven't had time to set it up yet.

0
 
LVL 20

Expert Comment

by:Gns
Comment Utility
Well, since 2.6.0 (which include CIFS vfs) is released you could combine the fun of testing out the new kernel and fixing this problem;-). As usual get it from http://www.kernel.org (... or is there already an unstable package for Debian to just apt-get?-).

-- Glenn
0
 
LVL 1

Author Comment

by:GeneriK
Comment Utility
wow! i've been out of action for too long! never realised 2.6 was out of beta yet!

that settles it - eat my dust 2.4.23, it was good while it lasted (but here comes the daddy).
0
 
LVL 1

Author Comment

by:GeneriK
Comment Utility
sorry for returning to this after so long

I know this is not a 2.6.1 issues thread - but I reckon you could tell me where I can find a list of required QT packages to install in order get the kernel configuration GUI to work.

the 2.4.x GUIs were fine ...

i'm on Debian 3.0 r2
0
 
LVL 20

Expert Comment

by:Gns
Comment Utility
Nope, sorry.... I've not used GUI method in years... (wasn't xconfig tcl/tk back then:-). menuconfig usually suit my mood:-)
Documentation/Changes should mention it, but doesn't... bummer. Don't really have time to dig today... Sorry.
It doesn't fly with what you've got then? Neither gtkconfig nor xconfig?

-- Glenn
0
 
LVL 1

Author Comment

by:GeneriK
Comment Utility
yeah - sorry - i'm used to the GUI. i didn't know there was an option for GTK though

i will try that

thanks
0
 
LVL 20

Expert Comment

by:Gns
Comment Utility
Ooops... gtkconfig should be gconfig (for gtk)...

-- Glenn (a.k.a. Le Grand Typo)
0
 
LVL 1

Author Comment

by:GeneriK
Comment Utility
tak
0
 
LVL 1

Author Comment

by:GeneriK
Comment Utility
Right

Back to Samba - sorry again this has been such a massive thread.

I'm nw running 2.6.4 (yay!)

but smbclient still isn't working. New error message though:

  SMB Signature verification failed on incoming packet!
session setup failed: Server packet had invalid SMB signature!

Ring any bells? Let me know if you need more info
0
 
LVL 20

Expert Comment

by:Gns
Comment Utility
Um, shouldn't you be using mount.cifs mount helper program (part of samba 3)... Look at the use instructions etc at http://cvs.samba.org/cgi-bin/cvsweb/cifsvfs/fs/cifs/README?rev=1.20&content-type=text/x-cvsweb-markup
mount -t cifs .....

-- Glenn
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 1

Author Comment

by:GeneriK
Comment Utility
CONFIG_CIFS=y


When I use mount (rather than smbclient) tried both cifs and smbfs for this

mount -t cifs -o username="DOMAIN\user.name",password="password",uid=user,gid=group,rw //server/share /mnt
mount: Connection refused

and

mount -t smbfs -o username="DOMAIN\user.name",password="password",uid=user,gid=group,rw //server/share /mnt
cli_negprot: SMB signing is mandatory and we have disabled it.
1089: protocol negotiation failed
SMB connection failed
0
 
LVL 20

Expert Comment

by:Gns
Comment Utility
mount -t cifs -o username="user.name",password="password",domain="DOMAIN",uid=user,gid=group,rw //server/share /mnt
... perhaps would work better? The readme lists some more tips and tricks.

-- Glenn
0
 
LVL 1

Author Comment

by:GeneriK
Comment Utility
OK - thanks but I just upgraded to an even newer version of Samba and now it appears I can connect with CIFS to the server.

Running this command (as you suggested)

mount -t cifs -o username="user.name",password="password",domain="DOMAIN",uid=user,gid=group,rw //server/share /mnt

Now gives me this mount error:
mount: cannot mount block device //feltfps0005/gengrpshare0020/ read-only

I have also tried to mount rw - same problem
mount: block device //feltfps0005/gengrpshare0020/ is write-protected, mounting read-only
mount: cannot mount block device //feltfps0005/gengrpshare0020/ read-only

My mount directory has nothing else in it, is not listed in /etc/fstab and has permissions set to 777
0
 
LVL 1

Author Comment

by:GeneriK
Comment Utility
am I missing a block device kernel driver?
0
 
LVL 1

Author Comment

by:GeneriK
Comment Utility
CONFIG_BLK_DEV_NBD is not set

this could be the problem.

Let me quickly reconfigure and recompile and I'll come back
0
 
LVL 20

Expert Comment

by:Gns
Comment Utility
(Just to make sure... You have the mount.cifs "helper executable" in /sbin?).
You're probably on to it... When you've got cifs in the kernel you should be able to increase verbosity by
echo 1 > /proc/fs/cifs/cifsFYI
... or even
echo 1 > /proc/fs/cifs/traceSMB
... But you knew this from the README;).

-- Glenn
0
 
LVL 1

Author Comment

by:GeneriK
Comment Utility
OK I can now browse with smbclient (yay!) but still get the same

mount: cannot mount block device //feltfps0005/gengrpshare0020/ read-only

error with mount -t cifs

thoughts on this?
0
 
LVL 1

Author Comment

by:GeneriK
Comment Utility
I don't have a helper executable
0
 
LVL 20

Expert Comment

by:Gns
Comment Utility
Bummer (at least a reaction, if not a true "thought":-).
Do you get this with any share? ... Probably, since I think this is a problem with mount rather than anything else... Perhaps failing to use the mount.cifs helper.

-- Glenn
0
 
LVL 1

Author Comment

by:GeneriK
Comment Utility
Kernel log output with verbose CIFS debugging

Mar 17 11:50:07 viper kernel:  fs/cifs/cifsfs.c: Devname: //<server>/<share>/ flags: 1
Mar 17 11:50:07 viper kernel:  fs/cifs/connect.c: CIFS VFS: in cifs_mount as Xid: 4 with uid: 0
Mar 17 11:50:07 viper kernel:  fs/cifs/connect.c: Entering cifs_mount. Xid: 4 with: username=<user.name>,password=<password>,domain=<domain>,uid=0,gid=0
Mar 17 11:50:07 viper kernel:  fs/cifs/connect.c: Domain name set
Mar 17 11:50:07 viper kernel:  fs/cifs/connect.c: Username: <user.name>
Mar 17 11:50:07 viper kernel:  fs/cifs/connect.c: UNC: \\<server>/<share>/  
Mar 17 11:50:07 viper kernel:  fs/cifs/connect.c: Socket created
Mar 17 11:50:07 viper kernel:  fs/cifs/connect.c: Existing smb sess not found
Mar 17 11:50:07 viper kernel:  fs/cifs/transport.c: For smb_command 114
Mar 17 11:50:07 viper kernel:  fs/cifs/transport.c: Sending smb of length 47
Mar 17 11:50:07 viper kernel:  fs/cifs/connect.c: Demultiplex PID: 579
Mar 17 11:50:07 viper kernel:  fs/cifs/connect.c: Peek length rcvd: 36 with smb length: 97
Mar 17 11:50:07 viper kernel:  fs/cifs/connect.c:  Mid 0x9 matched - waking up
Mar 17 11:50:07 viper kernel:  fs/cifs/asn1.c: cls = 1 con = 0 tag = 1
Mar 17 11:50:07 viper kernel:  fs/cifs/connect.c: Security Mode: 0x1 Capabilities: 0x80e3fd Time Zone: 0
Mar 17 11:50:07 viper kernel:  fs/cifs/connect.c: In sesssetup
Mar 17 11:50:07 viper kernel:  fs/cifs/transport.c: For smb_command 115
Mar 17 11:50:07 viper kernel:  fs/cifs/transport.c: Sending smb of length 228
Mar 17 11:50:08 viper kernel:  fs/cifs/connect.c: Peek length rcvd: 36 with smb length: 39
Mar 17 11:50:08 viper kernel:  fs/cifs/connect.c:  Mid 0xa matched - waking up
Mar 17 11:50:08 viper kernel: Status code returned 0xc000006d NT_STATUS_LOGON_FAILURE
Mar 17 11:50:08 viper kernel:  fs/cifs/netmisc.c:  !!Mapping smb error code 5 to POSIX err -13 !!
Mar 17 11:50:08 viper kernel:  CIFS VFS: Send error in SessSetup = -13
Mar 17 11:50:08 viper kernel:  fs/cifs/connect.c: About to exit from demultiplex thread
mount: cannot mount block device  //<server>/<share>/ read-only
viper:/var/log# Mar 17 11:50:09 viper kernel:  fs/cifs/connect.c: CIFS VFS: leaving cifs_mount (xid = 4) rc = -13
Mar 17 11:50:09 viper kernel:  CIFS VFS: cifs_mount failed w/return code = -13
0
 
LVL 20

Expert Comment

by:Gns
Comment Utility
(note the "colliding comment effect" here:-) You can either get ity from the cifs page, or from the samba 3.0 sourcetree... Let's see if I can find a link ....
Here's a prebuilt one http://www.samba.org/samba/ftp/cifs-cvs/mount.cifs
and here's source http://cvs.samba.org/cgi-bin/cvsweb/samba/source/client/mount.cifs.c
and finally a manpage for mount.cifs (unformatted, need be placed in a man directory....:-) http://www.samba.org/samba/ftp/cifs-cvs/mount.cifs.8

-- Glenn
0
 
LVL 20

Expert Comment

by:Gns
Comment Utility
> Mar 17 11:50:08 viper kernel: Status code returned 0xc000006d NT_STATUS_LOGON_FAILURE
> Mar 17 11:50:08 viper kernel:  fs/cifs/netmisc.c:  !!Mapping smb error code 5 to POSIX err -13 !!
...
> mount: cannot mount block device  //<server>/<share>/ read-only
How very dissapointing!

On a slightly different tack, you say
>  OK I can now browse with smbclient (yay!) but still get the same
... So whatif you use smbclient in its "textmode ftp-looking" mode to actually access the share? Does that work too?
Would be a little fall in the right direction, since then you'd at least be able to up/download files....:-).

-- Glenn
0
 
LVL 1

Author Comment

by:GeneriK
Comment Utility
Alright, let's re-synchronise here:

I had already downloaded and installed the mount helper, but this makes no difference - I get the same output from the kernel log except now there is a "permission denied" error from mount.cifs. There is some sort of logon problem here - keep seeing that NT_STATUS_LOGON failure message as if it's a wrong username/password (which it clearly is not)

Yes, smbclient does work and I can use those "FTP-like" commands but it's a bit rubbish - I'll settle for it if there's no way to get this working but I can't believe that to be the case. If it works on RH8 with an old kernel and Samba, it's damn well gonna work on Debian with the latest version of the kernel, Samba and CIFS. RH8, by the way, does not appear to use CIFS at all, yet can still connect to this server!




0
 
LVL 20

Expert Comment

by:Gns
Comment Utility
.... Ok, this is new, and potentially important, information... At least as far as I rememnber this thread (yeah, I'm lazy... didn't take the time to read through it again:-). Might be wrong though.

We made a great leap in versions here (from "mumified" to "bleeding edge":-) and probably jumped past the version RH8 uses (which BTW uses smbfs in the kernel).
This also tells us that we strictly speaking shouldn't need CIFS kernel support. Hohum, and now... with the smbclient working, if you use smbmount (which is what the mount.smbfs mount helper should do... on some distros it's even just a link to smbmount) or
mount -t smbfs username="user.name",password="password",workgroup="DOMAIN",uid=user,gid=group,rw //server/share /mnt
it comes back with pretty much the same error? (Sorry for the repetitions Erik... Things seem to have changed a lot, so we need cover some "old ground" again)

While you try this, I might have some moments to look through the thread again.

-- Glenn
0
 
LVL 1

Author Comment

by:GeneriK
Comment Utility
Thanks Glenn - you're right - my mount.smbfs is a symlink to smbmount. I'm pretty sure smbclient wouldn't work here without CIFS in the kernel - this was the situation before and the main reason for me to upgrade.

And yes, pretty much I still get the original error if I try to use mount -t smbfs or smbmount
cli_negprot: SMB signing is mandatory and we have disabled it.
1095: protocol negotiation failed
SMB connection failed

My smb.conf file did get overwritten when i upgraded today but I added:
client signing = yes
client use spnego = yes
as you suggested some time ago.
I have also just now posted a question to the samba and cifs mailing lists with a link to this thread so hopefully those guys can give some helpful input.
0
 
LVL 20

Expert Comment

by:Gns
Comment Utility
Ok... Just one more "stupid thing"... The user.name isn't locked out or somesuch? Perhaps due to the ... test activity...:-)? The same user that works with smbclient?

Over to CIFS... You could try forcing PackeSigning (by setting it to 2)
echo 2 > /proc/fs/cifs/PacketSigningEnabled
and/or setting spnego with
echo 1 > /proc/fs/cifs/ExtendedSecurity
or even
echo 1 > /proc/fs/cifs/NTLMV2Enabled

cifs vfs really doesn't read the smb.conf for these things.

-- Glenn
0
 
LVL 1

Author Comment

by:GeneriK
Comment Utility
Account is not locked, and unfortunately none of those options worked :(
0
 
LVL 20

Expert Comment

by:Gns
Comment Utility
Then I'm out of ideas... Sorry.

-- Glenn
0
 

Expert Comment

by:adnano
Comment Utility
Note: You should install Active Directory on the server, run Windows Update to load the latest updates from Microsoft, and then reboot the server before disabling SMB signing as described below.
Preferred method to disable SMB signing
Microsoft has a help topic that describes how to disable SMB signing on domain controllers so that clients (such as PCs or RocketVault™) that do not have this capability can connect to the server. You can view this Microsoft help topic by starting Help and Support on the server console and searching for "smb signing". An excerpt from the Microsoft help topic is shown below:
1.      Open Active Directory Users and Computers.
2.      In the console tree, right-click Domain Controllers, click Properties, and then click the Group Policy tab.
3.      Click Default Domain Controllers Policy, and then click Edit.
4.      Under Security Options, right-click Microsoft network server: Digitally sign communications (always), click Properties, and then click Disabled.
Alternative method to disable SMB signing
If you do not want to use the preferred method described above, you can edit the Windows registry directly, as described below:
1.      Start Registry Editor (Regedt32.exe).
2.      Locate and select the following key in the registry:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\
Service\lanmanserver\parameters
3.      Double-click the RequireSecuritySignature value, type 0 in the Value data box, and then click OK.
4.      Double-click the EnableSecuritySignature value, type 0 in the Value data box, and then click OK.
5.      Quit Registry Editor.
6.      Reboot the server for the Registry changes to take effect.
Note: You can edit the registry by using Registry Editor (Regedit.exe or Regedt32.exe). If you use Registry Editor incorrectly, you can cause serious problems that may require you to reinstall your operating system. Microsoft does not guarantee that problems that you cause by using Registry Editor incorrectly can be resolved. Use Registry Editor at your own risk. Before you modify the registry, make sure to back up the registry, and make sure that you understand how to restore the registry if a problem occurs. For additional information about backing up and restoring the registry, click the following article number to view the article in the Microsoft Knowledge Base: 322756 HOW TO: Back Up, Edit, and Restore the Registry in Windows XP and Windows Server 2003.


If it works for you, please let me know and I have a question that you can help me answer too
0
 
LVL 1

Author Comment

by:GeneriK
Comment Utility
adnano,

I'm sorry this is a really long thread and you may not have seen it near the top, but administrative access to this machine (well, all machines on this domain) is impossible. Thanks for your input though.

If you raise your issue in a new thread and post the link here I'll have a look and see if what i've learned from this can help you.
0
 
LVL 20

Accepted Solution

by:
Gns earned 300 total points
Comment Utility
Well Erik... It's been fun but very very frustrating, hasn't it ?-) At least for me:-). As it stands now (tantalizingly close to working in some ways... eons away in others) one would really want to start tinker with the server side to see what changes would suddenly "make it work". I suspect there are several venues that would lead to success... But as you say, that route's been blocked since the outset. Sigh.

At least you've got a bandaid (slightly decrepit smbclient:-).

Adnano: Bring on your question, I'm sure there are several people that can give valuable input...;-). If you want to make sure Erik or I don't miss it, please post a link to it here.

-- Glenn
0
 

Expert Comment

by:adnano
Comment Utility
Oh...I have posted my question under LinuxNet as it was relating to mounting Windows 2003 or XP server using CIFS....

but here is the link.................

http://www.experts-exchange.com/Networking/Linux_Networking/Q_20925060.html

I really need to get this working....................:=)
0
 
LVL 1

Author Comment

by:GeneriK
Comment Utility
Thanks Glenn for all your time and help

i can cope with smbclient, it suits my needs for now. Mounting the share was more of a "nice to have".

I'll keep tweaking config files until it works - i think the only way forward here is "trial & error" fixing.
0
 

Expert Comment

by:cmgolf
Comment Utility
One more note about samba and digital signing.  Once you change the security options per adnano's post, you do not have to reboot.  Domain controller policies refresh automatically every 5 minutes by default. Or you can use the DOS command line and type in "gpupdate" and the policy change will refresh immediately.
0
 

Expert Comment

by:tamitutor
Comment Utility
I know this is "closed", but the answer is to use cifs as the mount type instead of smbfs.  Example: mount -t cifs -o username=<username>,password=<skeeter> //server/directory /mnt/mountpoint/
0
 

Expert Comment

by:tamitutor
Comment Utility
Sorry, one more thing I forgot to add to my comment above:  this is in the case one is trying to access a Windows 2003 Server directory.  SMB signing is turned on by "default" in Win 2003 server when a share is created, so making the above change to your mount will enable samba to talk to the Win 2003 share.
0
 
LVL 20

Expert Comment

by:Gns
Comment Utility
Hm, guys (or gals, what do I know:) .... You're commenting on an issue approximately one and a half year old.
What was the true state of things back then and what is now just don't match. Nice "addendum info" though, so thanks for that.

-- Glenn
0
 

Expert Comment

by:tamitutor
Comment Utility
Glenn,

It's an issue we are just running into.  Do you have any new info you would like to share?  We would love to hear it.
0
 
LVL 20

Expert Comment

by:Gns
Comment Utility
Are you saying you have no admin rights (on the DCs) and run into the problems described above? With cifs too? I'd have thought they'd solved that by now... Or perhaps that is exactly what you are saying(?).

-- Glenn
0
 

Expert Comment

by:tamitutor
Comment Utility
Hi Glenn,

We have admin rights to both machines.  I think I should put this in a new thread, but cifs seems to be unreliable (weird synching problems with the Win2003 Server).  We can "mount" if you will, but some times the refresh time on the directory list is very slow (ls -l can take up to 12 minutes), and it appears we can have only one cifs-type mount at a time.  Also, we don't want to mess with putting AD on the 2003 box because it's over-kill for what we need it for.  We've discussed running a cron-job that touches all the files in the share so that cifs (or Samba, I'm not sure which would be in charge of this portion) wakes up and says "oh yeah, I've got new files, I have changed files, or I have less files", as you will.  I've seen a thread on this in the aims group lists http://marc.theaimsgroup.com/?l=samba-technical&m=112471315417425&w=2 which describes similar anomalies we are seeing.  I think I will start a new thread/question on this.  If you could give any new help/insite, I'll definitely give you the points.  Also, any new news about whether or not smbfs will work with smb signing yet, or will it never work with smb signing?

Thanks Glenn!

Tami (girl)
0
 
LVL 20

Expert Comment

by:Gns
Comment Utility
Are you trying to do something similar to what Saman Benham is? If so, youd probably have the same oplocking woes:-(... Unless it's been fixed in a recent cifs version...
https://bugzilla.samba.org/buglist.cgi?query_format=specific&order=relevance+desc&bug_status=__open__&product=CifsVFS&content= does give any immediate hint that it *isn't* fixed though:).
I wouldn't hold my breath regarding smbfs and "new features"... CIFS is more or less here to replace it.

-- Glenn (man)
0
 
LVL 1

Author Comment

by:GeneriK
Comment Utility
this is an ancient question and should have been deleted a long time ago.

please do not post further comments here. i will move to close it down.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

How many times have you wanted to quickly do the same thing to a list but found yourself typing it again and again? I first figured out a small time saver with the up arrow to recall the last command but that can only get you so far if you have a bi…
SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now