LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 05-24-2003, 02:25 AM   #1
cmoloney
Member
 
Registered: May 2003
Distribution: RedHat 8.0
Posts: 30

Rep: Reputation: 15
Samba authentication


Hi,
I'm looking for some help as a Linux newbie. I am exploring the best way to integrate a network that has Win2K clients & servers and Linux clients and servers. I've setup a small prototype network whose members are a win2k applic server, a win 2k client, a RH9 client, a RH9 file server, another RH9 server configured as a Samba PDC and another box as a gateway to the www using IPCop.

IPCop is also configured as a DHCP server to the internal network which is a private network 192.168.1.0 The internal servers have static ip addresses 12, 11 & 10. The PDC is 192.168.1.12. The domain is a private internal domain "prototype.com."

Right now I've got 3 problems:
1) when I try to configure the win machines to the domain I get an error: Cant recognise the domain "prototype.com"
2) I cant get the win machines to see the pdc using the run command \\ Mercury (the netbios name of the PDC)
3) I cant figure how to get the Linusx server & client to authenticate with the Samba PDC

All help and advice will be appreciated. Does anyone know a good detailed tutorial that might straighten me out?

For the record my smb.conf file from the Samba PDC follows below
many thanks

Chris


================= smb.conf ================
# This file is based on the sample file in the www.ibm.com/developerworks tutorial & modified for the configuration in the original REDHAT install.
# /etc/samba/smb.conf file
# Setup on May 23 2003

# ===========================================

[global]

# basic server setting

workgroup = prototype.com
netbios name = Mercury
server string = Samba PDC running %v
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192

# PDC and Master browser settings

os level = 64
preferred master = yes
local master = yes
domain master = yes

# security and logging settings

security = user
encrypt passwords = yes
log file = /var/log/samba/log.%m
log level = 2
max log size = 50
hosts allow = 127.0.0.1 192.168.1.0 / 255.255.255.0

# user profiles and home directory

add user script = /usr/sbin/useradd -d /dev/null -g machines -s /bin/false -M %u
logon home = \\%L\%U\
logon drive = H:
logon path = \\L%\profiles\%U
logon script = netlogon.bat

# =============== shares ==================

[homes]

comment = Home Directories
browseable = no
writeable = yes


[profiles]

path = /home/samba/profiles
writeable = yes
browseable = no
create mask = 0600
directory mask = 0700

[netlogon]

comment = Network Logon Service
path = /home/netlogon
read only = yes
browseable = no
write list = @administrators
 
Old 05-24-2003, 10:27 AM   #2
jamrock
Member
 
Registered: Jan 2003
Location: Kingston, Jamaica
Posts: 444

Rep: Reputation: 41
Before I tackle your questions, I am going to give you a few links to setting up Samba as a PDC.

http://www-1.ibm.com/servers/esdd/tu...mba/index.html


http://networking.earthweb.com/netos...le.php/1144701

http://networking.earthweb.com/netos...le.php/1151091

These articles have helped a lot of techies.

Quote:
1) when I try to configure the win machines to the domain I get an error: Cant recognise the domain "prototype.com"
workgroup = prototype.com. Not too sure that this format will work. Normally, Windows NT domains just have a name without the .com. I have noticed the .com in Windows 2000 domains. Samba 2.x emulates Windows NT.

Quote:
2) I cant get the win machines to see the pdc using the run command \\ Mercury (the netbios name of the PDC)
You need to add the machines to the Linux box's password file. See the section on client configuration in the tutorials.

Quote:
3) I cant figure how to get the Linusx server & client to authenticate with the Samba PDC
Add the Linux machines to the password files as discussed in client configuration. Open up a command line on the non-PDC machines and type

smbpasswd -j DOMAIN_NAME

Use the name of your domain instead of DOMAIN_NAME.
 
Old 05-24-2003, 12:37 PM   #3
cmoloney
Member
 
Registered: May 2003
Distribution: RedHat 8.0
Posts: 30

Original Poster
Rep: Reputation: 15
Jamrock.

Really appreciate these tips

Thanks very much
Chris
 
Old 05-26-2003, 05:14 AM   #4
cmoloney
Member
 
Registered: May 2003
Distribution: RedHat 8.0
Posts: 30

Original Poster
Rep: Reputation: 15
Samba as a PDC

I have followed the process of setting up the machine accounts exactly as described in the Tutorial of Carla Schroder. (copied in the two paragraphs that follow below

"Create authentication and lock password:
[root@windbag carla]# passwd -l test$
(where "test" is the machine name)
Changing password for user test$
Locking password for user test$
passwd: Success

Now add to /etc/samba/smbpasswd:
[root@windbag carla]# /usr/bin/smbpasswd -a -m test
If /etc/samba/smbpasswd does not exist, smbpasswd will create it. Note that smbpasswd does not require $ appended to the machine name. smbpasswd may not be in /usr/bin/, use the locate command to find it. smbpasswd exists twice: as a command"

However, when I run the suggested tests (below)
"Start Samba: as root, type /etc/rc.d/init.d/smb start
Stop: /etc/rc.d/init.d/smb stop
Test: smbclient -L localhost"

all goes well until I try to test the smbclient. (last line above) At this point I am asked for a Password. I assume this is the machine password (smbpasswd' in the /etc/samba directory)????

However, to this point I havent actually entered a password of my choosing and when I lookup the contents of the smbpasswd file in /etc/samba it gives me a very long set of numbers - hardly a useful password.

I'm sure I'm missing something.
Regards
Chris
 
Old 05-27-2003, 08:55 AM   #5
jamrock
Member
 
Registered: Jan 2003
Location: Kingston, Jamaica
Posts: 444

Rep: Reputation: 41
Note that the samba service needs to be started before you test the smbclient.

Secondly, you need to create the user accounts as well as the machine accounts.

The machine accounts allow Windows NT/2000/XP machines to join the domain. They will not complete the domain logon unless accounts have been set up on the server. After this, they logon in the background. Windows 9.x machines don't need machine accounts.

The request for a password is for the user. Like Windows NT, Samba requires that users enter a username and password in order to access resources.

The tutorials explain how to add users to the passwd and smbpasswd files.

I prefer the IBM tutorial. If you still have issues, I will go in detail later.
 
Old 05-27-2003, 11:05 AM   #6
cmoloney
Member
 
Registered: May 2003
Distribution: RedHat 8.0
Posts: 30

Original Poster
Rep: Reputation: 15
Samba authentication

Thanks Jamrock,

Clearly I'm missing something since I thought I had covered all these. I'll go back through it all step by step
Cheers
Chris
 
Old 05-29-2003, 12:01 PM   #7
cmoloney
Member
 
Registered: May 2003
Distribution: RedHat 8.0
Posts: 30

Original Poster
Rep: Reputation: 15
Well. I've been back over everything many times now. I'm sure I have a Samba setup that mirrors the ibm tutorial. No luck with win2k finding the Samba pdc.
Today i junked the w2k server and put a new install of nt server on the win server - thinking it must be the win2k end giving the problems ... but nope. as soon as i try to configure the win server for the domain (by entering the domain name and creating a computer account for root) I get the same error: "The Domain controller for this domain cannot be located".
The win server can ping the Samba PDC and the Samba PDC can ping the win server.

My smbusers file contains only this text:
# Unix_name = SMB_name1 SMB_name2 ...
root = administrator admin
nobody = guest pcguest smbguest

My smbpasswd file contains these entries (only):
mars$:5011CDC97A8AF3E1F1AAD3B435B51404EE:9AE0BB19376CFBB171AD5DA76E39FD42:[W ]:LCT-3ED61236:
root:0:10D981DB54DF3CBB4A3B108F3FA6CB6D:2138A09506D9DF28FDD7DDA7E6CD81A3:[UX ]:LCT-3ED61F1A:

Do these look OK? What else should I be looking at to try to figure the problem?
regards
Chris
 
Old 05-29-2003, 06:38 PM   #8
jamrock
Member
 
Registered: Jan 2003
Location: Kingston, Jamaica
Posts: 444

Rep: Reputation: 41
It appears as if you have not yet added any ordinary users to the smbpasswd file.

First add the users to the Linux password file.

useradd cmoloney

Change the password for the user

passwd cmoloney

Add the user to the Samba password file

smbpasswd -a cmoloney

The user will now be added to Linux and Samba.

Let me know how it goes. We may have to sort out a few other issues.
 
Old 05-30-2003, 12:29 AM   #9
cmoloney
Member
 
Registered: May 2003
Distribution: RedHat 8.0
Posts: 30

Original Poster
Rep: Reputation: 15
... this is a challenge. I really appreciate the help. I created the additional user (cmoloney) but without success. The win server still cant find the domain.

When I look at the /etc/samba/smbpasswd file I can see the new user "cmoloney" is there.. But its not there in the /etc/samba/smbusers file though. Nor is mars$ (the win server).
Is that significant?

As well, I can log onto the samba server as cmoloney and when I run RedHat-config-samba I can see both cmoloney and mars$ in the list of samba users.

Any more suggestions?
 
Old 05-30-2003, 07:50 AM   #10
jamrock
Member
 
Registered: Jan 2003
Location: Kingston, Jamaica
Posts: 444

Rep: Reputation: 41
Quote:
The win server still cant find the domain.
Explain exactly what is happening here. Are there error messages or anything like that? Give me some details.

What version of Samba are you using?

Are you using Swat or Webmin or anything like that to configure Samba?
 
Old 05-30-2003, 08:37 PM   #11
cmoloney
Member
 
Registered: May 2003
Distribution: RedHat 8.0
Posts: 30

Original Poster
Rep: Reputation: 15
When I go to the Win server (Win2k server in this example), & open the Network Identification Tab (from the Advanced menu in the Local Area Connection dialogue) I enter the computer name (mars) and click the "domain "radio button. I then enter the domain name ("prototype"). Windows gows away for a few moments to look for the domain and then comes back with the error: "The following error occured validating the name 'prototype' . The specified domain either does not exist or canot be contacted"

Back on the samba server, I 'm using gnome and redhat-config tools to see what is going on. Selecting "Network Servers" from the action menu I am presented with two icons. One is " workgroup" and the other is "Prototype" (the domain name). When I open prototype I can only see my pdc (mercury). When I open workgroup I can only see "marigold" my win client. (I havent configured marigold in any way except that it is getting an ip address by dhcp from the IPCop gateway server. Strange I cant see mars there too (?)

Checking the ip address configuration on mars all seems ok (192.168.1.11/255.255.255.0 IPCop gateway 192.168.1.1. DNS 192.168.1.1). Everything pings properly.

I'm using samba version 2.2.7a-8.9.0
 
Old 05-30-2003, 10:00 PM   #12
jamrock
Member
 
Registered: Jan 2003
Location: Kingston, Jamaica
Posts: 444

Rep: Reputation: 41
Okay,

Now I understand. You are unable to add the clients to the domain because they are unable to see the domain.

Very often, this is caused by the Linux firewall. Red Hat installs the firewall by default and it blocks out all traffic from the network.

You need to disable the firewall or configure it to see the network card as a trusted device.

Gnome should have a tool for configuring the firewall. You can also go to a command line and type "lokkit" to bring up a firewall configuration tool.

I have heard reports that lokkit sometimes doesn't work on Red Hat 8.0.

You can also disable the firewall by preventing the Ipchains and Iptables daemons (services) from starting. To do this go to the command prompt and type ntsysv. Scroll down until you see both daemons. Remove the asterisk and close the utility.

Let me know what happens.
 
Old 05-30-2003, 10:32 PM   #13
jamrock
Member
 
Registered: Jan 2003
Location: Kingston, Jamaica
Posts: 444

Rep: Reputation: 41
By the way, I don't expect your Linux tools to see the Windows machines.

Windows and Linux communicate using the smb protocol. Samba is the Linux implementation of the smb protocol.

Your regular Linux tools don't speak or understand smb so they will sit right beside a Windows machine and not be able to browse it.

They can communicate via tcp/ip so they can send smtp, pop, etc. information. For this reason, you can set up a Linux mail server and have the Windows machines send and receive mail.

See the following link for more info. on the smb protocol and network neighborhood.

http://www.linux-mag.com/2001-05/smb_01.html
 
Old 06-02-2003, 12:51 AM   #14
cmoloney
Member
 
Registered: May 2003
Distribution: RedHat 8.0
Posts: 30

Original Poster
Rep: Reputation: 15
This look promising, Jamrock but I'm not quite out of the woods yet. The firewall was set at High.
Within Gnome I first reconfigured the firewall to treat the eth0 port as a trusted device but without effect. (Win server still unable to see the network). Then I reset the firewall from the default High to No Firewall and rebooted.

Now I have a new problem that seems to be a documented bug in Gnome. SMB wont start because Gnome Throbber (whatever that is??) crashes and the result is described as a segmentation issue. The crash occurs in the final phase of the reboot after the root login.
 
Old 06-02-2003, 09:52 AM   #15
cmoloney
Member
 
Registered: May 2003
Distribution: RedHat 8.0
Posts: 30

Original Poster
Rep: Reputation: 15
I dont understand why Gnome would be trying to start samba? SMB seems to load long before Gnome in the normal boot sequence. Maybe if I Gnome didnt start at all, Samba might work properly. Is there some way to prevent Gnome from starting?

Maybe I'm clutching at straws?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Samba without authentication maginotjr Slackware 6 11-21-2005 06:07 PM
Samba Authentication Methods garullon245136 Linux - Newbie 2 08-07-2005 02:20 PM
Samba Authentication Methods garullon245136 Linux - Networking 2 07-12-2005 07:31 PM
Samba authentication leeloo2 Linux - Newbie 2 12-13-2004 06:32 PM
Samba authentication ltrain Linux - Networking 1 06-13-2001 04:44 PM


All times are GMT -5. The time now is 01:19 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration