Samba not authenticating users properly

linux-rulz · 07-31-2005, 03:20 AM

Hello all. I'm going to start off by saying I really, truely, hate SAMBA.

Anyways, before I begin, here are the relevant config files

/etc/samba/smb.conf

Code:

# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
#
# Any line which starts with a ; (semi-colon) or a # (hash)
# is a comment and is ignored. In this example we will use a #
# for commentry and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command "testparm"
# to check that you have not made any basic syntactic errors.
#
#======================= Global Settings =====================================
[global]

# workgroup = NT-Domain-Name or Workgroup-Name
	workgroup = OURHOUSE

# server string is the equivalent of the NT Description field
	server string = Ryan's HP

# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page
	hosts allow = 192.168.2.134 192.168.2.109

# if you want to automatically load your printer list rather
# than setting them up individually then you'll need this
	printcap name = /etc/printcap
	load printers = yes

# It should not be necessary to spell out the print system type unless
# yours is non-standard. Currently supported print systems include:
# bsd, sysv, plp, lprng, aix, hpux, qnx
	printing = cups

# This option tells cups that the data has already been rasterized
	cups options = raw

# Uncomment this if you want a guest account, you must add this to /etc/passwd
# otherwise the user "nobody" is used
;  guest account = pcguest

# this tells Samba to use a separate log file for each machine
# that connects
	log file = /var/log/samba/%m.log

# Put a capping on the size of the log files (in Kb).
	max log size = 500

# You may wish to use password encryption. Please read
# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
# Do not enable this option unless you have read those documents
  encrypt passwords = no
  security = share

# Most people will find that this option gives better performance.
# See speed.txt and the manual pages for details
	socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

# Configure Samba to use multiple interfaces
# If you have multiple network interfaces then you must list them
# here. See the man page for details.
;   interfaces = 192.168.12.2/24 192.168.13.2/24

# Configure remote browse list synchronisation here
#  request announcement to, or browse list sync from:
#	a specific host or from / to a whole subnet (see below)
   remote browse sync = 192.168.2.134 192.168.2.109
# Cause this host to announce itself to local subnets here
   remote announce = 192.168.2.134 192.168.2.109

# Where to store roving profiles (only for Win95 and WinNT)
#        %L substitutes for this servers netbios name, %U is username
#        You must uncomment the [Profiles] share below
;   logon path = \\%L\Profiles\%U

# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups. The built-in default for versions 1.9.17 is yes,
# this has been changed in version 1.9.18 to no.
	dns proxy = no

#============================ Share Definitions ==============================
	idmap uid = 16777216-33554431
	idmap gid = 16777216-33554431
	template shell = /bin/false
	winbind use default domain = no

# NOTE: If you have a BSD-style print system there is no need to
# specifically define each individual printer
[printers]
	comment = All Printers
	path = /var/spool/samba
	browseable = yes
	printable = yes
# Set public = yes to allow user 'guest account' to print
	guest ok = yes
	public = yes


[RyanDoc]
   comment = Ryan's Documents
   path = /video/Documents
   valid users = ryan
   public = no
   writable = yes
   printable = no

[Downloads]
   comment = Ryan's Downloads
   path = /video/Downloads
   valid users = ryan matt georgie
   public = no
   writable = no
   printable = no

[Jokes]
   comment = Ryan's Jokes
   path = /video/Jokes
   valid users = ryan matt georgie
   public = no
   writable = no
   printable = no

[Shared]
   comment = Shared Files
   path = /video/share
   valid users = ryan matt georgie
   public = no
   writable = yes
   printable = no

/etc/samba/smbusers

Code:

# Unix_name = SMB_name1 SMB_name2 ...
root = administrator admin
nobody = guest pcguest smbguest
georgie = georgie
matt = matt
ryan = ryan

/etc/samba/smbpasswd

Code:

nobody:99:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[DU         ]:LCT-00000000:
ryan:500:990D918C348B5C2009752A3293831D17:3CFE63C0A7B5576D97B32C509811E249:[U          ]:LCT-42EC8761:
matt:501:7D179C307C16BB24AAD3B435B51404EE:B65F334628E4389934757A5CF6D388ED:[U          ]:LCT-42EC8769:
georgie:502:FEEB7FC6CAB1FD50AAD3B435B51404EE:A637786B4F8252DDB27BD28E3FE58907:[U          ]:LCT-42EC876F:

OK, what I want done is to have 4 directories on the server.

/video/share
/video/Downloads
/video/Documents
/video/Jokes

Now, I want all 3 users (matt, ryan, georgie) to be able to access share, Downloads and Jokes, and only ryan to access Documents, as you can see from my config file.

So, I set that up properly, rebooted the server just to make sure all necessary services were reloaded, and then tried to connect from both a Windows XP and a Ubuntu desktop. It worked for about 5 minutes, and then stopped working. It asks for a password, I enter it, and it asks again, and again, and again, non-stop. I cannot access the shares from another computer.

From the config files, does anyone see anything wrong why this would happen?

twsnnva · 07-31-2005, 02:54 PM

After a failed connection, what is logged in /var/log/samba/log.smbd?

linux-rulz · 07-31-2005, 03:05 PM

I figured out the problem, the permissions of the shares were 666. Now, for some odd reason, it wouldn't let a local user access the files on the server itself (which is odd, 666 should allow it). I changed the permissions to 777 and it now works. Thx for your answer tho!

linux-rulz · 07-31-2005, 07:55 PM

OK, now I am having a new problem. Well, not really, more of a continuation of the first problem.

Now I can authenticate from a Ubuntu desktop to the CentOS Samba server.

However, there are some problems cropping up with the Windows XP and Windows 2000 desktops.

First of all, the connection is really really slow. a have made a desktop shortcut on Ubuntu which runs:

nautilus smb://192.168.2.155

And when it is double clicked, it opens within 3 seconds at the very most, showing all of my shares. Printing across Samba is instant. Authenticating to a share and viewing files is instant.

However, on the Windows boxes, the connection to the Samba server is really slow. And once it does finally load, it cannot authenticate, like both the Windows and Linux boxes couldn't do with my first problem that I fixed. Alright, here we go, I'll post some log files.

/var/log/samba/192.168.2.134.log (this is a computer running Ubuntu 5.04)

Code:

[2005/07/31 18:22:30, 1] smbd/service.c:make_connection_snum(648)
  192.168.2.134 (192.168.2.134) connect to service ml-1710 initially as user georgie (uid=502, gid=502) (pid 15921)
[2005/07/31 18:22:30, 1] smbd/service.c:close_cnum(836)
  192.168.2.134 (192.168.2.134) closed connection to service ml-1710

All that file showed was a file printed from that machine. The file printed perfectly.

/var/log/samba/momsony.log

Code:

[2005/07/31 18:25:50, 1] smbd/service.c:make_connection_snum(648)
  momsony (192.168.2.134) connect to service RyanDoc initially as user ryan (uid=500, gid=500) (pid 15934)
[2005/07/31 18:26:25, 1] smbd/service.c:make_connection_snum(648)
  momsony (192.168.2.134) connect to service Jokes initially as user matt (uid=501, gid=501) (pid 15937)
[2005/07/31 18:28:36, 1] smbd/service.c:make_connection_snum(648)
  momsony (192.168.2.134) connect to service Shared initially as user georgie (uid=502, gid=502) (pid 15945)
[2005/07/31 18:29:53, 1] smbd/service.c:close_cnum(836)
  momsony (192.168.2.134) closed connection to service RyanDoc
[2005/07/31 18:29:53, 1] smbd/service.c:close_cnum(836)
  momsony (192.168.2.134) closed connection to service Jokes
[2005/07/31 18:29:53, 1] smbd/service.c:close_cnum(836)
  momsony (192.168.2.134) closed connection to service Shared

This above shows a connection from the same machine running Ubuntu, where I authenticated to a few different shares as a few different users, deleted and created a couple of files, as well as downloaded some.

Alright, now I am switching to the same computer but running Windows to try and connect to the server (Windows XP to be specific). I will clear the log files so they are fresh.

There is a file /var/log/samba/192.168.2.134.log which has nothing in it, despite me connecting and printing from that computer to the server.

Here is /var/log/samba/nmbd.log

Code:

[2005/07/31 18:36:57, 0] nmbd/nmbd.c:main(669)
  Netbios nameserver version 3.0.10-1.4E started.
  Copyright Andrew Tridgell and the Samba Team 1994-2004
[2005/07/31 18:42:46, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(396)
  *****

  Samba name server RYANHP is now a local master browser for workgroup OURHOUSE
on subnet 192.168.2.155

  *****

Here is /var/log/samba/smbd.log

Code:

[2005/07/31 18:36:57, 0] smbd/server.c:main(760)
  smbd version 3.0.10-1.4E started.
  Copyright Andrew Tridgell and the Samba Team 1992-2004

I'm not going to bother connecting from the Win2K single-boot machine, as it displays the same behaviour as the XP machine.

Do you know why the Windows desktops can see the server but cannot even make the server aware that they are there?

twsnnva · 07-31-2005, 09:42 PM

Make the following modifications to smb.conf, and see if it makes windows happy.

Change

Code:

  encrypt passwords = no
  security = share

to

Code:

  encrypt passwords = yes
  security = user

linux-rulz · 07-31-2005, 10:42 PM

Ah, yes, that fixed the problem. Thank you for your help.