LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 07-06-2004, 11:02 AM   #1
JimBass
Senior Member
 
Registered: Oct 2003
Location: New York City
Distribution: Debian Sid 2.6.32
Posts: 2,100

Rep: Reputation: 48
unencrypted passwd samba-client 3.0.4


Hello everyone. I'm having a problem with samba common/client 3.0.4, and I thought it best to ask in here. My office has a window$ domain, and both domain controllers are running server 2003. I have administrative access to those machines.

I can open nautilus, and see the domain title, click through and see all the machines on the domain, but when I try to get a layer below that, and actually see the contents of any of the machines that I get into trouble. The problem (I'm 95%+ sure) is unencrypted passwords. Even though I have encrypt passwords = yes in my smb.conf, they are being transmitted unencrypted, so the domain controller is rejecting them. Here is my set up:

I have winbind starting at boot
I use runlevel 3, and before I startx I su and give the command [mybox]# net join -S <domanincontroller name> -U <my username>%<mypass> That ends with the line joined <domain>. Here is my /etc/samba/smb.conf:

[global]
netbios name = Jim
security = domain
workgroup = GENXWIFI
log file = /var/log/samba.log
log level = 1
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192
wins support = yes
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
os level =20
password server = *
winbind uid = 10000-20000
winbind gid = 10000-20000

I know my username and pass are fine, they are the same that allows me to read exchange email off the server, and that allow the net join to work. When I try to see the contents of the fileserver, it asks for a username and password, and it says they will be transmitted unencrypted. I would think from the smb.conf, they should be encrypted, but I guess for whatever reason they aren't. When I put in my username/password, it sends them, and then the user/pass box returns in about 2 seconds. I don't run samba as a server, strictly as a client. If anyone has an idea that involve creating a new domain account or changing any of my configs I can do that, I have administrative access to the domain controller. I will also gladly affero anyone that solves this, it has been bothering me for months.

Thanks & Peace,
JimBass
 
Old 07-06-2004, 11:59 AM   #2
LanRx
Member
 
Registered: Jul 2004
Posts: 85

Rep: Reputation: 15
Re: unencrypted passwd samba-client 3.0.4

Quote:
Originally posted by JimBass
Hello everyone. I'm having a problem with samba common/client 3.0.4, and I thought it best to ask in here. My office has a window$ domain, and both domain controllers are running server 2003. I have administrative access to those machines.

I can open nautilus, and see the domain title, click through and see all the machines on the domain, but when I try to get a layer below that, and actually see the contents of any of the machines that I get into trouble. The problem (I'm 95%+ sure) is unencrypted passwords. Even though I have encrypt passwords = yes in my smb.conf, they are being transmitted unencrypted, so the domain controller is rejecting them. Here is my set up:

I have winbind starting at boot
I use runlevel 3, and before I startx I su and give the command [mybox]# net join -S <domanincontroller name> -U <my username>%<mypass> That ends with the line joined <domain>. Here is my /etc/samba/smb.conf:

[global]
netbios name = Jim
security = domain
workgroup = GENXWIFI
log file = /var/log/samba.log
log level = 1
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192
wins support = yes
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
os level =20
password server = *
winbind uid = 10000-20000
winbind gid = 10000-20000

I know my username and pass are fine, they are the same that allows me to read exchange email off the server, and that allow the net join to work. When I try to see the contents of the fileserver, it asks for a username and password, and it says they will be transmitted unencrypted. I would think from the smb.conf, they should be encrypted, but I guess for whatever reason they aren't. When I put in my username/password, it sends them, and then the user/pass box returns in about 2 seconds. I don't run samba as a server, strictly as a client. If anyone has an idea that involve creating a new domain account or changing any of my configs I can do that, I have administrative access to the domain controller. I will also gladly affero anyone that solves this, it has been bothering me for months.

Thanks & Peace,
JimBass
Did you perform the Samba 3/AD integration? By doing so, it will first leverage the Kerberos/AD membership, which will provide you with a clean integration. I have a document up on my website Linux/Samba3 Integration with Windows Server 2003 Native Mode that gives full instructions on this, if you need them. I think that the document is pretty concise. If you have further questions, let me know.
 
Old 07-06-2004, 12:05 PM   #3
JimBass
Senior Member
 
Registered: Oct 2003
Location: New York City
Distribution: Debian Sid 2.6.32
Posts: 2,100

Original Poster
Rep: Reputation: 48
I haven't done that. I will get started now. I don't use Kerberos at all at present, will I have to in order to get things working? Also, I see there is a fix from microsoft to make windows2003 compliant with other authentication - yet they don't have an installer on that site you link to, just registry modifications. Will those mods alone do it, or do I have to do what the article says, and call them up, and fight with their people to give me the hotfix for free?

Thanks for your help so far!

Peace,
JimBass
 
Old 07-06-2004, 12:10 PM   #4
LanRx
Member
 
Registered: Jul 2004
Posts: 85

Rep: Reputation: 15
For the time being, if you send me an e-mail, I'll send you a copy of the patch. I have not put it up on a download site yet. my e-mail address is eanderson at lanrx.com

As far as the kerberos stuff, I would just recommend it, as it will make your integration run smoothly and seamlessly...your Windows users will be able to browse with no authentication, just like to a windows share. You will also, I'm told, be able to manage all of your shares via the microsoft tools (MMC, etc).


When I called them, I didn't have to fight them. Your mileage may vary.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Can't change NIs passwd at client end wanch Linux - Networking 3 04-30-2010 05:57 AM
unencrypted transmissions youneedaclue Linux - Networking 1 06-27-2004 05:36 PM
Samba guests and changes in /etc/passwd krajzega Linux - Networking 1 03-08-2004 08:53 AM
network Unencrypted huno Linux - General 1 02-12-2003 08:13 AM
Samba blew my passwd? oneiltj Linux - Software 2 01-18-2003 01:47 PM


All times are GMT -5. The time now is 03:20 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration