LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 02-19-2004, 11:04 AM   #1
calabash
Member
 
Registered: Sep 2003
Distribution: FC11
Posts: 128

Rep: Reputation: 15
Understanding the guest account


I am new to both Linux & Samba. I am still running Samba 2.2.8a. I have just received new PCs and they are XP based. The rest of my network is Win98 boxes. I have studied Using Samba by O'Reilly press and cannot quite seem to grasp the following:

When the guest account is mapped to the default: "nobody" and my Win98 boxes log in, very frequently (but not always) their home directory will map to / on the Samba box and in "My Computer" it will show as: "nobody on S:" for the drive description.

This is easily stopped - change the guest account to "what" and add "nobody" to invalid users. There is no "what" account.

Now I have XP. With no valid guest account, I cannot log onto the Samba PDC.

I vaguely understand that 98 and XP use different methods of joining a Domain. (98 really doesn't join) But I can't seem to translate this to how to have my cake and eat it too. Or in other words: guest account for XP and proper home drive mapping for 98.

Can someone point me in the right direction?

T.I.A.
 
Old 02-20-2004, 05:09 PM   #2
calabash
Member
 
Registered: Sep 2003
Distribution: FC11
Posts: 128

Original Poster
Rep: Reputation: 15
Logon order

Let's ask the question another way:

Why does 98 & XP use the guest account to initiate a session?
 
Old 02-21-2004, 11:47 AM   #3
ronadinihari
LQ Newbie
 
Registered: Feb 2004
Location: Indonesia
Distribution: Redhat Linux 9
Posts: 15

Rep: Reputation: 0
because you haven't add 98 & XP usernames in samba valid users?
nobody is a built in username. make a new samba guest name. guest name is used when bad username or bad password.
 
Old 02-21-2004, 12:10 PM   #4
calabash
Member
 
Registered: Sep 2003
Distribution: FC11
Posts: 128

Original Poster
Rep: Reputation: 15
No. I added all of my users via smbpasswd -a username. And the XP boxes have machine accounts.

Looking at the log files the 98 boxes (when nobody is removed) initiate as my fake guest what, then default to Lanman password and then log on properly.

When nobody is enabled, the XP boxes initiate as nobody and then roll over to the password/username/machine set and log on properly.

I just don't get it. And I can't find anything on the web. I may just have to admit defeat and go back to share/no security now that I have a mixed environment. <sigh>
 
Old 02-21-2004, 02:12 PM   #5
sidmark-2850
Member
 
Registered: Aug 2003
Posts: 133

Rep: Reputation: 15
Wasn't this rectified in SAMBA - nobody account maps /home to "nobody"?

Please post the contents of your smb.conf file.

Last edited by sidmark-2850; 02-21-2004 at 02:13 PM.
 
Old 02-21-2004, 02:43 PM   #6
calabash
Member
 
Registered: Sep 2003
Distribution: FC11
Posts: 128

Original Poster
Rep: Reputation: 15
Sidmark! Good to hear from you!

The Win98 portion _was_ rectified in that thread. But to get the Win XP boxes to log onto the Domain, throws it back out of whack.

I can't post my .conf file right now as I am at home, but I will post it up on Monday. This coming week is a holiday for the kids, so the network is all mine to twist with. <bwahhhahahah> I will also post, at log level 3, the differing results for the two OS' when the nobody account is disabled and enabled.
 
Old 02-21-2004, 02:53 PM   #7
sidmark-2850
Member
 
Registered: Aug 2003
Posts: 133

Rep: Reputation: 15
Ok, I assume that the windows xp boxes are professional edition and are joined to the domain, right?
 
Old 02-21-2004, 03:46 PM   #8
calabash
Member
 
Registered: Sep 2003
Distribution: FC11
Posts: 128

Original Poster
Rep: Reputation: 15
Yes. And they will log in wonderfully.. as long as the "nobody" account is enabled.
Of course, as soon as I do this I'm back to nobody"s" logging in and improper home drive mapping for those logging in on 98.

Very frustrating.
 
Old 02-21-2004, 06:06 PM   #9
sidmark-2850
Member
 
Registered: Aug 2003
Posts: 133

Rep: Reputation: 15
Well, I guess, we will have to wait for you to post the smb.conf file.

Sid
 
Old 02-23-2004, 02:01 PM   #10
calabash
Member
 
Registered: Sep 2003
Distribution: FC11
Posts: 128

Original Poster
Rep: Reputation: 15
smb.conf file

# Samba config file created using SWAT
# from localhost (127.0.0.1)
# Date: 2003/10/20 16:30:34

# Global parameters
[global]
workgroup = ACORN
netbios name = CAP
encrypt passwords = Yes
log level = 2
log file = /etc/samba/smblog-%m.txt
logon path = \\%L\profiles\%u\%m
logon script = logon.bat
logon home = \\%L\%u\.win_profile\%m
time server = Yes
add user script = /usr/sbin/useradd -d /dev/null -g machines -s /bin/false -M %u
preferred master = Yes
domain master = Yes
local master = Yes
os level = 65
security = user
domain logons = yes
domain admin group = root
wins support = Yes
guest account = nobody
invalid users = bin daemon adm sync shutdown

<< this is the difference! the above two lines allow my XP boxes to log on, but Win98 clients to map to "nobody". When I want my 98 boxes to log on properly, I change the guest account to "what" and put "nobody" in the invalid users list>>

oplocks = No
level2 oplocks = No

[netlogon]
path = /usr/local/samba/lib/netlogon
create mask = 0600
directory mask = 0700
browseable = No

[profiles]
path = /ovs/home/samba-ntprof
browsable = no
writable = yes
create mask = 0600
directory mask = 0700

[homes]
read only = No
browseable = No

[faculty]
comment = OVS Faculty Directory
writable = yes
valid users = @faculty
path = /ovs/faculty
create mode = 0660
directory mode = 0770
browseable = No

[move]
comment = Move the files
writable = yes
path = /ovs/move
browseable = Yes
guest ok = Yes
 
Old 02-23-2004, 07:13 PM   #11
sidmark-2850
Member
 
Registered: Aug 2003
Posts: 133

Rep: Reputation: 15
What do you have for a logon script?

Did you ever try my suggestion from the last thread?

Quote:
Idea! Something just popped up. Why don't you change logon home = \\%L\%u\.win_profile\%m to logon home = \\Cap\Homes. You can try to change your logon script from net use s: /home to net use s: \\Cap\Homes /y. I have a strong feeling that the logon home = \\%L\%u\.win_profile\%m is the root of all evil.
I had problems with specifying the logon drive and logon home parameters for my xp machines. I noticed that the drive would intermittently become hidden but still accessible. Hidden, in that it would not show up in explorer, but you could still type in s: and open it up. I should try it again and double check.

I had to explicitly put:
logon drive =
logon home =
in my smb.conf file and manually map it from the logon script.
 
Old 02-23-2004, 07:51 PM   #12
calabash
Member
 
Registered: Sep 2003
Distribution: FC11
Posts: 128

Original Poster
Rep: Reputation: 15
Yes. I did try that suggestion. It did not change the behavior.

I have noticed that when Samba people have a Win98 farm they do not seem to run a PDC. I think this is why I can't find info on this.

Here is what we definitely know: a valid guest user account causes Win98, when logging into a Samba PDC to incorrectly be identified as that user on a seemingly Random basis.

I can turn this behavior on and off at will. Every time.

So, now since I can't believe that it is just me.. that means that something is _not_ configured properly.

Since Samba, itself, seems to be config'd properly, what Linux configuration could affect user login? Permissions? Guest account setup?

I don't know any of the answers to this, I'm just throwing it out.

Tomorrow, I will introduce a lag time into the logon.bat file when mapping the home directory. That may stop the behavior, but it still won't explain it..

I'll let you know what happens.
 
Old 02-26-2004, 06:02 PM   #13
sidmark-2850
Member
 
Registered: Aug 2003
Posts: 133

Rep: Reputation: 15
calabash, I appologise for not replying sooner. I have been trying to play catch up with work and other stuff. I will build a box and try your config file. Have you tried setting "map to guest = never"?

Also, do the following:

paste the content of:

getent passwd
getent group

You don't need to paste everything, but make sure you paste at least 5 users from the 1st command, 3 workstations from the 1st, the group the students are in or if they have user private groups, the corresponding entries and the group the machine accounts belong to. You can just type in user1 user2 user3 etc if want, but make sure you match the corresponding user and group entries when you do.

Last edited by sidmark-2850; 02-26-2004 at 06:23 PM.
 
Old 03-02-2004, 06:02 PM   #14
calabash
Member
 
Registered: Sep 2003
Distribution: FC11
Posts: 128

Original Poster
Rep: Reputation: 15
My turn to apologize.. I had to put out 19 PCs so by Monday I was beat.

Passwords stuff:
5 users

facuser1:x:851:800:name:/ovs/home/facuser1:/bin/bash
facuser2:x:852:800:name:/ovs/home/facuser2:/bin/bash
student1:x:608:700:name:/ovs/home/student1:/bin/bash
student2:x:609:700:name:/ovs/home/student2:/bin/bash
student3:x:610:700:name:/ovs/home/student3:/bin/bash

3 workstations

09$:x:1017:100::/dev/null:/bin/false
12$:x:1018:100::/dev/null:/bin/false
13$:x:1019:100::/dev/null:/bin/false

Group stuff:

student:x:700:and then the usernames delimited by ,

faculty:x:800dd here, only two usernames, but I have a lot of fac-users in my db properly saying 800.

machines:x:100:

I have more to update, but I have to run. I will post more tomorrow. More problems have resulted from the deployment, of course. Mainly that unless I elevate my logged in domain user to Administrator, MS Publisher (2003) won't run! Auughh!

-Moondance
 
Old 03-03-2004, 12:44 PM   #15
calabash
Member
 
Registered: Sep 2003
Distribution: FC11
Posts: 128

Original Poster
Rep: Reputation: 15
Well, tracked down the problem w/permissions on XP for Domain Users.

Roaming Profiles

I had copied a profile that I set up to the server, then created symlinks for the students and copied that profile into the WinXP directory. Then Chowned.

Remove the symlinks (un-roam) and the user logs in properly and can use Publisher.

So we will un-roam until I can track down what the heck is going on. <sigh>

Back to guest account:

no, I will add map to guest = nobody to my smb.conf. Apparently yesterday, I was showing a lot of "nobody"s on my smbstatus listing, but the student's home drives were properly mapped. Go figure.

I really just want to know why my clients are logging in as nobody first, then defaulting to Lanman in the logs. Why is this? Is it my setup? Or is that the way it works for everyone?

Cheers,

Moondance
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Forced timed logout for guest account proglottis Linux - General 2 11-27-2005 07:43 PM
samba guest account questions gsgleason Linux - Software 1 10-21-2005 08:59 PM
creating a guest account tardigrade Linux - General 2 02-04-2005 03:33 PM
SAMBA, guest account, Windows xp home and passwords woppa30 Linux - Networking 6 01-19-2005 02:57 AM
Accessing from Windoze: How to activate guest account? Seppel Linux - Networking 2 09-17-2003 05:14 AM


All times are GMT -5. The time now is 02:36 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration