Solved

Unix Samba and Windows XP

Posted on 2004-08-13
18
26,748 Views
Last Modified: 2013-12-23
Hello all, I just got assigned to this 'little' task of solving a Samba conflict my department has had ever since XP came around. (the previous lab tech who set up the server got assigned elsewhere).

--------------------------------------------------------------------------

We have a Sun Microsystem server running Solaris and Samba 2.2.2 .  According to them, the server works fine for all the Windows 2000, Solaris and SiliconGraphics systems in this lab and still do. But when XP came around, it conflicted with the server settings somewhere. Currently the setup is like this:

there are 2 domains: Domain 1 and Domain 2 (i'll call them D1 and D2 for short)

D1 is setup for use in this particular lab only and is run by an IBM pc running Windows 2000 Server. The Samba is on D2 by itself to allow access to it from another 2 departments we have. D1 is set up as the primary domain controller where the windows users in the lab logs in to.

the Solaris and SGI systems uses the Sun Server as their PDC and logs directly into it. No problem here.

the Windows 2000 system logs into the IBM pc server and maps the SAMBA share drives via ip and netowrk name. No problem here either.

Now comes the Windows XP pro systems... they also log into the IBM PC server... but takes much longer to log in than the Windows 2000 system. Irritating, but at least it still logs in. The XP systems can map to the Samba share drives to a certain extent. It shows up in explorer as share drives. BUT... whenever the user tries to go INTO the drive, he gets this error:

"W:\ refers to a location that is unavailable. It could be on a hard drive on this computer, or on a network. Check to make sure that the disk is properly inserted, or that yuo are connected to the Internet or your network, then try again. If it still cannot be located, the information might have been moved to a different location."

--------------------------------------------------------------------------

Encrypted passwords are enabled, hence the login is fine. The linking of directory doesnt seeem to be wrong since Windows 2000 can also map to the same share using the same ID and Pass without any problems...

has anyone come across this problem before? or am i missing something really simple?

oh yea.. i'm only a mecha eng dip grad. so i'm not too familiar with all these stuff. just so happen i got assigned to this lab with this problem... lol..

Thanks all
0
Comment
Question by:chasepack
  • 5
  • 3
  • 3
  • +4
18 Comments
 
LVL 2

Expert Comment

by:rmharwood
Comment Utility
Ok... a couple of things to try.

Are your XP machines on a different network to D2?  Can you see the Samba server in "network places"?  Can you browse the Samba shares in "network places"?

How are you mapping the usernames and passwords from D1 to D2?

Also, check the Samba logs on D2.  On Red Hat these are in /var/log/samba
0
 

Author Comment

by:chasepack
Comment Utility
D1 and D2 are linked together via the IBM server.

The XP machines can see the samba server in Network Places under its domain.

Mapping should be direct between the machines and Samba. As far as I can see, the IBM server is only as a domain controller. It also holds the scripts that are auto run on startup which basically is the same as direct mapping from that machine to Samba. As for username and password, Samba stores the passwords itself.

hmm... a question comes to mind... does the xp user login to the domain have to to be the same as the username and password to Samba? we are intending to keep the usernames and password to Samba fileshares generic such that they can be used by the same student on any of the computers. This will allow much greater freedom.

The logs show that the XP user has managed to get connected. I'll paste up a snippet of the logs tomorrow.
0
 
LVL 2

Expert Comment

by:rmharwood
Comment Utility
If you can see the Samba server in Network Places, what happens when you double click on it? You should either be presented with a login box or a list of shares on the Samba server. Can you then double click on one of the shares and view its contents?

What does the mapping of drive W: onto the Samba share? Is it done by a login script or is it a mapped drive that is set to automatically reconnect on logon?
0
 
LVL 6

Expert Comment

by:de2Zotjes
Comment Utility
Have you checked the signorseal registry entry?

It should be set to 0 (zero)

The key is at:
HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
requiresignorseal

0
 

Author Comment

by:chasepack
Comment Utility
Clicking on the server presents a log in box. Logging in  brings me to a page that lists out all the shared folders. But this is as far as it goes. Everytime i click on one of them, it shows the error in my question.

de2Zotjes:  Neither I nor my bosses wish to go into editing the XP systems. As this would end up having us to run about the whole campus editing whichever systems we want to give access to. Not to mention every new system that comes in, we have to go over and edit too. Hence we do not deem this as a usable option and is currently ranked rock bottom in terms of viability. neither have we tried this method out since we do not intend to go this route.
0
 
LVL 6

Expert Comment

by:de2Zotjes
Comment Utility
Chasepack, at least try the setting, that way you can find out whether the solution works :-) Because perhaps you don't intend to go that route, but micro$oft certainly sends you there, try and buy something other than the xp os from those guys. Sooner or later you will have to fix the problem, and according to the guys from samba the reg-setting is your problem.

As a next step you could then consider sticking this registry entry in the netlogon/login.cmd script to automate its distribution to other xp machines...
0
 
LVL 2

Expert Comment

by:rmharwood
Comment Utility
That "requiresignorseal" issue seems to be relevant when you're Windows XP clients are authenticating against a Samba server acting as a domain controller, and in this instance that isn't what's happening.

If you can get a list of shares but not attach to one of them then maybe it is to do with permissions on the shares or permissions on the file system itself. Can you post your smb.conf file?
0
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
have you done a smbpasswd for the user's from XP?
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
# on XP try:
HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\requiresignorseal=dword:0
0
 
LVL 6

Expert Comment

by:de2Zotjes
Comment Utility
Back to the signorseal issue...

rmharwood: the list of shares is obtained using an anonymous account, using a non encrypted authentication transport. That is why you can get the list of shares. The moment you try to open a share the xp-authenticates itself to the samba, but it will only do so through a "safe" channel, this then the samba doesn't understand and there is no permission to view the share as anonymous...

You will most likely be able to track this down if you view the log files for the xp machines.
0
 

Author Comment

by:chasepack
Comment Utility
sorry, moved house during the weekend. left myself in a position without internet until i got to work

tried registry editing. it doesnt work. same problem on both edited and unedited systems.

------------------------------------------------------------
Snippet from smb.conf (didnt show the other 100+ user shares... lol)

[global]
# Server configuration parameters
      netbios name = mdl3_p_03
      server string = Samba %v on (%L)
      workgroup = mdlsvr
      security = user
#password server = ibmeprosvr
      encrypt passwords = yes
      smb passwd file = /usr/local/samba/private/smbpasswd
      
      
# Networking configuration
      hosts allow = localhost mdl3_p_03
      hosts deny = none
            
# Debug logging information
      log level = 2
      log file = /var/log/samba.log.%m
      max log size = 50
      debug timestamp = yes
      
# Share directory information
      max disk size = 1000
      

[cshare]
# Share directory on mdl3_p_03
      path = /disk2/student_data/cshare
      comment = mdl3_p_03 SUN StorEdge T3 data storage for any students
      hosts allow = All
      writeable = Yes
      case sensitive = no
      veto files = /.*/
      delete veto files = no
      valid users = cshare
       wins support = yes
       domain logons = yes
       
       
       
[sshare]
# Share directory on mdl3_p_03
      path = /disk3/staff_data/sshare
      comment = mdl3_p_03 SUN StorEdge T3 data storage for any students
      hosts allow = All
      writeable = Yes
      case sensitive = no
      veto files = /.*/
      delete veto files = no
      valid users = sshare
            
------------------------------------------------------------
Win 2000 system -- logfile by Samba

[2004/08/16 08:39:05, 2] lib/access.c:check_access(316)
  Allowed connection from 172.17.171.219 (172.17.171.219)
[2004/08/16 08:39:05, 2] lib/access.c:check_access(316)
  Allowed connection from 172.17.171.219 (172.17.171.219)
[2004/08/16 08:39:05, 1] smbd/service.c:make_connection(610)
  msig-ibm-01 (172.17.171.219) connect to service cshare as user cshare (uid=4000, gid=101) (pid 27327)
[2004/08/16 08:39:05, 2] lib/access.c:check_access(316)
  Allowed connection from 172.17.171.219 (172.17.171.219)
[2004/08/16 08:39:05, 2] lib/access.c:check_access(316)
  Allowed connection from 172.17.171.219 (172.17.171.219)
[2004/08/16 08:39:05, 1] smbd/service.c:make_connection(610)
  msig-ibm-01 (172.17.171.219) connect to service sshare as user sshare (uid=3000, gid=103) (pid 27328)
[2004/08/16 08:39:06, 2] lib/access.c:check_access(316)
  Allowed connection from 172.17.171.219 (172.17.171.219)
[2004/08/16 08:39:06, 1] smbd/service.c:make_connection(610)
  msig-ibm-01 (172.17.171.219) connect to service sshare as user sshare (uid=3000, gid=103) (pid 27328)
[2004/08/16 08:39:06, 1] smbd/service.c:close_cnum(648)
  msig-ibm-01 (172.17.171.219) closed connection to service sshare
[2004/08/16 08:39:06, 2] lib/access.c:check_access(316)
  Allowed connection from 172.17.171.219 (172.17.171.219)
[2004/08/16 08:39:06, 1] smbd/service.c:make_connection(610)
  msig-ibm-01 (172.17.171.219) connect to service cshare as user cshare (uid=4000, gid=101) (pid 27327)
[2004/08/16 08:39:06, 1] smbd/service.c:close_cnum(648)
  msig-ibm-01 (172.17.171.219) closed connection to service cshare
[2004/08/16 08:39:06, 2] lib/access.c:check_access(316)
  Allowed connection from 172.17.171.219 (172.17.171.219)
[2004/08/16 08:39:06, 1] smbd/service.c:make_connection(610)
  msig-ibm-01 (172.17.171.219) connect to service sshare as user sshare (uid=3000, gid=103) (pid 27328)
[2004/08/16 08:39:06, 1] smbd/service.c:close_cnum(648)
  msig-ibm-01 (172.17.171.219) closed connection to service sshare
[2004/08/16 08:41:32, 2] smbd/open.c:open_file(214)
  cshare opened file P/PICS/1.gif read=Yes write=No (numopen=3)
[2004/08/16 08:41:32, 2] smbd/close.c:close_normal_file(206)
  cshare closed file P/PICS/1.gif (numopen=2)
...........................
  cshare closed file P/PICS/1.gif (numopen=1)
[2004/08/16 08:41:38, 2] smbd/open.c:open_file(214)
  cshare opened file P/PICS/1.gif read=Yes write=No (numopen=2)
[2004/08/16 08:41:47, 2] smbd/close.c:close_normal_file(206)
  cshare closed file P/PICS/1.gif (numopen=0)
[2004/08/16 08:41:47, 1] smbd/service.c:close_cnum(648)
  msig-ibm-01 (172.17.171.219) closed connection to service cshare
[2004/08/16 08:41:47, 2] smbd/server.c:exit_server(458)
  Closing connections
[2004/08/16 08:41:47, 1] smbd/service.c:close_cnum(648)
  msig-ibm-01 (172.17.171.219) closed connection to service sshare
[2004/08/16 08:41:47, 2] smbd/server.c:exit_server(458)
  Closing connections

------------------------------------------------------------
Win XP system -- logfile by Samba

[2004/08/16 09:06:20, 2] lib/access.c:check_access(316)
  Allowed connection from 172.17.171.113 (172.17.171.113)
[2004/08/16 09:06:20, 2] lib/access.c:check_access(316)
  Allowed connection from 172.17.171.113 (172.17.171.113)
[2004/08/16 09:06:20, 1] smbd/service.c:make_connection(610)
  msig-s229-03 (172.17.171.113) connect to service cshare as user cshare (uid=4000, gid=101) (pid 27351)
[2004/08/16 09:06:21, 2] lib/access.c:check_access(316)
  Allowed connection from 172.17.171.113 (172.17.171.113)
[2004/08/16 09:06:21, 2] lib/access.c:check_access(316)
  Allowed connection from 172.17.171.113 (172.17.171.113)
[2004/08/16 09:06:21, 1] smbd/service.c:make_connection(610)
  msig-s229-03 (172.17.171.113) connect to service sshare as user sshare (uid=3000, gid=103) (pid 27352)
[2004/08/16 09:06:41, 1] smbd/service.c:close_cnum(648)
  msig-s229-03 (172.17.171.113) closed connection to service cshare
[2004/08/16 09:06:41, 2] smbd/server.c:exit_server(458)
  Closing connections
[2004/08/16 09:06:41, 1] smbd/service.c:close_cnum(648)
  msig-s229-03 (172.17.171.113) closed connection to service sshare
[2004/08/16 09:06:41, 2] smbd/server.c:exit_server(458)
  Closing connections

------------------------------------------------------------



ahoffmann: the users are not fixed to either XP or 2000. they are free to use whichever system that suits their needs.

0
 
LVL 22

Expert Comment

by:pjedmond
Comment Utility
2 things you need to do:

1.   os level = 64 // set the OS level  in the smb.conf file

This stops XP trying to argue with samba over who has control.

2.    sorry......requiressignorseal


Details for this in XP are:

http://www.ccs.uky.edu/docs/samba.htm

HTH:)
0
 
LVL 22

Expert Comment

by:pjedmond
Comment Utility
If you've got loads of users ad need to check what's happening, I recommend in your smb.conf:

       log file = /var/log/samba/%U%m.log

Helps with finding the correct log entries when fault finding. %U=user, %m is machine.
 
0
 

Author Comment

by:chasepack
Comment Utility
#1 added in. didnt see any difference besides a slower logon for both XP and Win2000 machines.
#2 didnt make a difference either...

./smbd stop
./smbd start
these are to restart correct? but somehow when i stop it, i can still connect to the shares from other computers.. whys this?

ohhh.. and i checked the smbd log... found something odd...
------------------------------------------------------------
[2004/08/16 11:29:30, 2] lib/interface.c:add_interface(85)
  added interface ip=172.17.170.53 bcast=172.17.171.255 nmask=255.255.254.0
[2004/08/16 11:29:30, 0] smbd/server.c:main(734)
  standard input is not a socket, assuming -D option
[2004/08/16 11:29:30, 0] lib/util_sock.c:open_socket_in(830)
  bind failed on port 139 socket_addr = 0.0.0.0.
  Error = Address already in use
[2004/08/16 11:29:30, 2] smbd/server.c:exit_server(458)
  Closing connections
-----------------------------------------------------------------
0
 

Author Comment

by:chasepack
Comment Utility
Problem solved.

it has to do with the veto files. somehow it  hides/locks files and folders away from XP while other OS still can access

will be deleting this within 7 days.
0
 

Accepted Solution

by:
CetusMOD earned 0 total points
Comment Utility
PAQed, with points refunded (400)

CetusMOD
Community Support Moderator
0
 

Expert Comment

by:bentbike1
Comment Utility
i basicly have a simular issue  i running xp pro and start linux i have down loaded net scan software which shows linux  and windows with port 80 open  how ever i can only see the windows box i have samba how ever many of line commands do not work like smb.conf i running a linksys dsl router and everything i set to automatcly assaign an adress i have seen sevral web sites indicating that wins sever has to be asigned an adress also i have read that perment adress have to be added in the same work group so i know how to set up an adress in tboth linux and windows  but what is what there is the ip adress the dchp sever adress and the gateway which i am not sure what that is i assume it is the router  then there the internet adress when i found a command for linux ip if found several adress one called broadcast if there is a website for all of this let me know i have been trying to conect the two for athe beeter part of a week basicly all i want is  gain acess to the linu computer so i can use an mp3 program to find files on the linux machine
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Suggested Solutions

Some time ago I was asked to set up a web portal PC to put at our entrance. When customers arrive, they could see a webpage 'promoting' our company. So I tried to set up a windows 7 PC as a kiosk PC.......... I will spare you all the annoyances I…
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now