Samba (via Webmin or SWAT) unable to change pre-encrypted password requirement
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Samba (via Webmin or SWAT) unable to change pre-encrypted password requirement
Hi. I have Samba installed on the Ubuntu 8.04 system I'm setting up as a simple fileserver. It's my first foray into Linux. I installed Webmin in an attempt to easily, quickly get samba shares available for workstation backups.
I have opened the System/Users and Groups module and there see a long list of users, including the three I've created. When I open either root or one of my users, the default password requirement is pre-encrypted password and the field is populated with cryptic-looking 13 characters. I've tried several times to change this option to Normal password, tried it populating the password, leaving it blank, but whichever I try, the change doesn't 'stick.' It comes up every time I reopen it set back to pre-ecrypted. I've changed it as root, as my own admin-level user, same result.
Furthermore, if I try mapping or logging into a share from a Windows machine using either this encrypted password or the normal one, it doesn't work either. I also tried logging in from Windows Map Drive dialog as a "different user" and specified my Linux uid/pwd, to no avail.
Where I'm failing here is not comprehending the basic framework and interrelation between a multitude of Samba configuration options. When I'm studying the books' sections on configuring Samba, I don't know for example, what would make me decide this machine is a Primary Domain Controller or not, but for a SOHO, with as many as six users, my gut says no. Two of the so-called "server" books don't even have an index listing for PDC. If that has little to do with my issue, good clue as to how much of a n00b I am ... and how lost.
I've searched through the several recent titles I bought, Using Samba, Linux Quick Fix Notebook, Beginning Ubuntu Server Administration and I'm coming up even more confused. I want to learn this, but I'm a bit overwhelmed by the sheer volume of configurable options, probably only a few of which pertain to my situation. Don't get me wrong. It's ENCOURAGING to me that there are so many user-manageable aspects of this O/S. I see that only as an improvement over the O/S I've been stuck with since the Amiga died out. Yeah, so what. I'm old.
I'm admittedly at the very base of the learning curve and just need a clue as to where to start on this one. Even though I'm trying to use GUI tools like webmin and SWAT, I believe this is basically a Samba configuration issue, and with some guidance, I see that it would be far more illuminating for me to approach the solution from the command line.
I wish to keep the configuration reasonably simple: this is a small-scale network with fairly simple needs. I will, in the near future, wish to configure for secure remote access, which I gather will involve Apache and SSH so I want to keep that aspect in mind as far as security options. I'd also like to run this box headless and do all my maintenance and configuration from our WinXP and Mac workstations and ultimately, remotely.
Thanks. Also, I'd appreciate it if someone would tell me if I've posted this in an inappropriate section, since it does not seem to be eliciting any responses.
Last edited by booberandpuzz; 05-02-2008 at 02:45 PM.
In Webmin the Pre-Encrypted password field does two things. Firstly it shows the current password in encrypted format (the only way it is stored) and the second is to allow you to enter an encrypted password (perhaps from another system) without having to know what that password is.
Linux doesn't store passwords - instead it stores the hash value generated from the password the user enters when prompted for a password. So when you use the "Normal" password field to enter your password, the password is hashed and then the "encrypted" result is stored. The next time you look at that user in Webmin, you will see the hash version of the password and not the text you entered. That text is "transitory" and never saved.
Webmin has options in the Samba section to keep Samba and Linux users in-sync. I suggest you start with this option "on". Creating a Linux user doesn't automatically give them access to Samba.
I applaud your decision to keep it simple. New Samba users should start with simple configs, and then extend and enhance as they get to understand the many options available. A PDC and remote access are not simple to do, so leave them till later on.
To help us help you more, perhaps you could post your /etc/samba/smb.conf file at the errors you're seeing.
Thanks very much for your reply. Wasn't sure if this was the sort of thing that would belong in the "Newbie" section. I am away from the server at the moment, but upon my return tomorrow I'll make the change you suggested and post the smb.conf file.
Also thanks for the encouragement. I'm completely new to Linux and the main rationale for my KISS approach is so that I might comprehend and maintain some control over what's going on in my very simple system and then build upon it. I hope to eventually learn enough to be more versatile, but I also know it's overly ambitious to think it can be done all at once. Eric Clapton once played "Mary Had a Little Lamb" on his new guitar, though I'm sure he played it well.
Here is smb.conf and I've deleted all the instructional comments for space. Seems like almost all the options are commented out as well and my guess is some of them will be necessary.
Code:
#
# Sample configuration file for the Samba suite for Debian GNU/Linux.
#
#======================= Global Settings =======================
[global]
log file = /var/log/samba/log.%m
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
obey pam restrictions = yes
socket options = TCP_NODELAY
map to guest = bad user
encrypt passwords = true
passwd program = /usr/bin/passwd %u
passdb backend = tdbsam
dns proxy = no
netbios name = ubuntu1616
server string = %h server (Samba, Ubuntu)
invalid users = root
unix password sync = yes
workgroup = 1616george
os level = 20
security = user
syslog = 0
panic action = /usr/share/samba/panic-action %d
usershare allow guests = yes
max log size = 1000
pam password change = yes
## Browsing/Identification ###
; wins support = no
; wins server = w.x.y.z
; name resolve order = lmhosts host wins bcast
#### Networking ####
; interfaces = 127.0.0.0/8 eth0
#### Debugging/Accounting ####
; syslog only = no
####### Authentication #######
; security = user
; guest account = nobody
########## Domains ###########
; domain logons = yes
; logon path = \\%N\profiles\%U
; logon path = \\%N\%U\profile
; logon drive = H:
; logon home = \\%N\%U
; logon script = logon.cmd
; add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u
########## Printing ##########
; load printers = yes
; printing = bsd
; printcap name = /etc/printcap
; printing = cups
; printcap name = cups
############ Misc ############
; include = /home/samba/etc/smb.conf.%m
; message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm %s' &
; domain master = auto
; idmap uid = 10000-20000
; idmap gid = 10000-20000
; template shell = /bin/bash
; winbind enum groups = yes
; winbind enum users = yes
; usershare max shares = 100
#======================= Share Definitions =======================
; comment = Home Directories
; browseable = no
; read only = yes
; create mask = 0700
; directory mask = 0700
; valid users = %S
;[netlogon]
; comment = Network Logon Service
; path = /home/samba/netlogon
; guest ok = yes
; read only = yes
; share modes = no
;[profiles]
; comment = Users profiles
; path = /home/samba/profiles
; guest ok = no
; browseable = no
; create mask = 0600
; directory mask = 0700
[printers]
comment = All Printers
browseable = no
path = /var/spool/samba
printable = yes
guest ok = no
read only = yes
create mask = 0700
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
; write list = root, @ntadmin
;[cdrom]
; comment = Samba server's CD-ROM
; read only = yes
; locking = no
; path = /cdrom
; guest ok = yes
; preexec = /bin/mount /cdrom
; postexec = /bin/umount /cdrom
[TKJ_backups]
comment = Backups for TJDESKTOP08
path = /home/TKJ_backups
[AER_backups]
comment = Backups for AER-G5
path = /home/AER_backups
Sorry, I'm not sure where we're going next. What are you trying to achieve that you can't, or what errors are you getting that are preventing you from moving on? Can you connect to any of your existing shares from Windows PCs or not?
Well, the primary problem is that I cannot access any shares because the password authentication fails. I've been trying this from a WinXP machine using Explorer's Map Drive function. Of course, I've tried with each uid/pwd combination I have. I've also tried the "log in as different user" to no avail.
I have not tried connecting to the shares since we "synced" Samba and Linux user accounts. Could the fix be that easy?
I had already removed the monitor and was trying to get you the smb.conf file using PuTTY, but my login attempts are being rejected there as well, although I think that's a different problem for a different thread, the problem being openssh-server is not installed or configured properly.
Last edited by booberandpuzz; 05-05-2008 at 06:32 PM.
So have you used smbpasswd -a user to create users and smbpasswd -e user to enable them? I think they should be enabled by default, but I do it anyway - belt and braces.
There is a lot of password and pam stuff in your global section that a KISS approach wouldn't have at this stage. These are the only settings I would suggest you have in there to start with.
Code:
[global]
workgroup = 1616george
server string = %h server (Samba, Ubuntu)
security = user
passdb backend = tdbsam
load printers = yes
cups options = raw
Once you get it working you can add features back in and test them at each stage.
Also, look in /var/log/samba/smbd.log to see if you can see anything of interest about your connections or failure to connect.
Last edited by blacky_5251; 05-05-2008 at 07:24 PM.
Reason: Check logs
There is a lot of password and pam stuff in your global section ...
This is the default smb.conf as it was installed. I made no changes other than naming the server and workgroup and then making the change you suggested about synchronizing Linux/Samba user accounts.
I have just remarked out all the lines other than those you listed, rebooted, and I'm still unable to connect to a Samba share from Windows. I try logging in with:
Code:
Username: terrence
Password: *********
and the dialog comes back with
Code:
Connecting to ununtu1616
Username: UBUNTU1616\terrence
Password: ********
but it will still not map the drive as if it does not like the uid/pwd combination. Also, when I "browse" for a share to map, I can see UBUNTU1616 under
Microsoft Windows Network / 1616GEORGE
but I cannot expand to see and shares/folders. If I right-click the server and choose Properties, I get an error that I "do not have appropriate access rights for this server ... " I've also manually entered the servername in lowercase and it still doesn't work.
I think the problem is something so basic that only a complete novice (me) wouldn't see it. I have made no configuration changes other than those in this thread since installing Ubuntu. And I've installed no packages other than Samba, Webmin, and a failed attempt at installing openssh-server.
Here is an excerpt from today's log.smbd: (tjdesktop08 is the machine name of the WinXP platform I'm trying to connect from)
Code:
[2008/05/06 13:06:40, 0] lib/util_sock.c:get_peer_addr(1232)
getpeername failed. Error was Transport endpoint is not connected
[2008/05/06 13:06:40, 0] lib/util_sock.c:write_data(562)
write_data: write failure in writing to client 192.168.0.194. Error Connection reset by peer
[2008/05/06 13:06:40, 0] lib/util_sock.c:send_smb(769)
Error writing 4 bytes to client. -1. (Connection reset by peer)
[2008/05/06 13:09:15, 0] param/loadparm.c:process_usershare_file(4606)
process_usershare_file: stat of /var/lib/samba/usershares/usr failed. Permission denied
[2008/05/06 13:09:23, 0] param/loadparm.c:process_usershare_file(4606)
process_usershare_file: stat of /var/lib/samba/usershares/usr failed. Permission denied
[2008/05/06 13:09:25, 0] param/loadparm.c:process_usershare_file(4606)
process_usershare_file: stat of /var/lib/samba/usershares/usr failed. Permission denied
[2008/05/06 13:09:36, 0] param/loadparm.c:process_usershare_file(4606)
process_usershare_file: stat of /var/lib/samba/usershares/usr failed. Permission denied
[2008/05/06 13:09:36, 0] param/loadparm.c:process_usershare_file(4606)
process_usershare_file: stat of /var/lib/samba/usershares/usr failed. No such file or directory
[2008/05/06 13:09:36, 0] smbd/service.c:make_connection(1191)
tjdesktop08 (192.168.0.194) couldn't find service usr
[2008/05/06 13:10:03, 0] param/loadparm.c:process_usershare_file(4606)
process_usershare_file: stat of /var/lib/samba/usershares/usr failed. Permission denied
[2008/05/06 13:10:04, 0] param/loadparm.c:process_usershare_file(4606)
process_usershare_file: stat of /var/lib/samba/usershares/usr failed. No such file or directory
[2008/05/06 13:10:04, 0] smbd/service.c:make_connection(1191)
tjdesktop08 (192.168.0.194) couldn't find service usr
[2008/05/06 13:15:15, 0] param/loadparm.c:process_usershare_file(4606)
process_usershare_file: stat of /var/lib/samba/usershares/home failed. Permission denied
[2008/05/06 13:15:22, 0] param/loadparm.c:process_usershare_file(4606)
process_usershare_file: stat of /var/lib/samba/usershares/home failed. Permission denied
[2008/05/06 13:15:50, 0] param/loadparm.c:process_usershare_file(4606)
process_usershare_file: stat of /var/lib/samba/usershares/home failed. Permission denied
[2008/05/06 13:16:14, 0] param/loadparm.c:process_usershare_file(4606)
process_usershare_file: stat of /var/lib/samba/usershares/home failed. Permission denied
[2008/05/06 13:16:21, 0] param/loadparm.c:process_usershare_file(4606)
process_usershare_file: stat of /var/lib/samba/usershares/home failed. Permission denied
[2008/05/06 13:17:15, 0] param/loadparm.c:process_usershare_file(4606)
process_usershare_file: stat of /var/lib/samba/usershares/home failed. Permission denied
[2008/05/06 13:17:22, 0] param/loadparm.c:process_usershare_file(4606)
process_usershare_file: stat of /var/lib/samba/usershares/home failed. Permission denied
[2008/05/06 13:42:09, 0] lib/util_sock.c:get_peer_addr(1232)
getpeername failed. Error was Transport endpoint is not connected
[2008/05/06 13:42:09, 0] lib/util_sock.c:get_peer_addr(1232)
getpeername failed. Error was Transport endpoint is not connected
[2008/05/06 13:42:09, 0] lib/util_sock.c:write_data(562)
write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer
[2008/05/06 13:42:09, 0] lib/util_sock.c:send_smb(769)
Error writing 4 bytes to client. -1. (Connection reset by peer)
[2008/05/06 13:42:10, 0] param/loadparm.c:process_usershare_file(4606)
process_usershare_file: stat of /var/lib/samba/usershares/home failed. Permission denied
[2008/05/06 13:42:44, 0] lib/util_sock.c:get_peer_addr(1232)
getpeername failed. Error was Transport endpoint is not connected
[2008/05/06 13:42:44, 0] lib/util_sock.c:get_peer_addr(1232)
getpeername failed. Error was Transport endpoint is not connected
[2008/05/06 13:42:44, 0] lib/util_sock.c:write_data(562)
write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer
[2008/05/06 13:42:44, 0] lib/util_sock.c:send_smb(769)
Error writing 4 bytes to client. -1. (Connection reset by peer)
[2008/05/06 13:49:44, 0] lib/util_sock.c:read_data(534)
read_data: read failure for 4 bytes to client 192.168.0.194. Error = Connection reset by peer
[2008/05/06 13:49:45, 0] param/loadparm.c:process_usershare_file(4606)
process_usershare_file: stat of /var/lib/samba/usershares/home failed. Permission denied
[2008/05/06 13:49:46, 0] param/loadparm.c:process_usershare_file(4606)
process_usershare_file: stat of /var/lib/samba/usershares/home failed. Permission denied
[2008/05/06 13:49:47, 0] param/loadparm.c:process_usershare_file(4606)
process_usershare_file: stat of /var/lib/samba/usershares/home failed. Permission denied
[2008/05/06 13:55:59, 0] param/loadparm.c:process_usershare_file(4606)
process_usershare_file: stat of /var/lib/samba/usershares/home failed. Permission denied
[2008/05/06 13:56:33, 0] param/loadparm.c:process_usershare_file(4606)
process_usershare_file: stat of /var/lib/samba/usershares/home failed. Permission denied
[2008/05/06 13:56:35, 0] param/loadparm.c:process_usershare_file(4606)
process_usershare_file: stat of /var/lib/samba/usershares/home failed. Permission denied
[2008/05/06 13:56:47, 0] param/loadparm.c:process_usershare_file(4606)
process_usershare_file: stat of /var/lib/samba/usershares/home failed. Permission denied
Last edited by booberandpuzz; 05-06-2008 at 01:12 PM.
Let's see if we can talk to Samba locally. Run this command from the Linux prompt:-
Code:
smbclient -U terrence //localhost/TKJ_backups
Enter your password when prompted to. If you see the "smb: \>" prompt issue the "dir" command to see what is in that share. If not, post the error messages.
If this works, then perhaps it is a firewall or network issue.
OK, so you've proved that your user id and password work using smbclient to connect locally.
Your tests from your new book don't really help much because we've already proven your local connection works, and the nmblookup commands aren't relevant.
Are you running a firewall on your server? It could be that you need to open some ports to get it working. Samba uses ports 137 udp, 138 udp , 139 tcp and 445 tcp.
Sorry for striking out on my own. I'm trying to be diligent and learn what I can so that I will not always be so dependent on the expertise of others. I know, however, when you're trying to help someone, it makes it difficult when they want to improvise on your instructions.
In Webmin, the Linux firewall settings are listed as:
Code:
No IP tables have been set on your system ...
My understanding of the router we have is that all our LAN machines are behind the hardware firewall on the router/DNS server.
If I'm going to suspect the WinXP firewall, it's just surprising that I've had such an easy time with my wife's MacOSX/Samba shares. Those have worked flawlessly since my first attempts to configure after we bought both her Macs in 2005. At that time I had zero Mac experience so I mistakenly thought this would be as easy.
I have to ask you, at what point do I post something on this public forum that could be used to hack my system? Should I be thinking along those lines?
Last edited by booberandpuzz; 05-07-2008 at 09:47 PM.
I wasn't criticizing you for striking out - sorry if that was the impression - on the contrary I applaud it. Use the "man" pages a little though and you'll see that nmblookup is working in the wrong direction and it is a little irrelevant that your samba server can see your PC's - because your problem is the PC's accessing the server. Also I doubt that you have PC's with names of "_SAMBA_" or "samba-server" so those nmblookup commands were always going to fail.
Regarding hacking, you are posting IP addresses that can't be routed and are "private", so no one can access your machines using those IP addresses. The 192.168.x.x range is for internal networks only, and the Internet doesn't use those addresses for anything - so nothing can find you when you use those address and post them to the forum. You are correct to be concerned about hackers and the info you post to the internet.
Since your XP box works with Mac/Samba then I agree it isn't the cause. I've just re-read your posts and some of the error messages, and I suspect the problem is related to file-system permissions more than anything else. The /var/lib directory might not be writable by non-root users on your system. An upper level directory with insufficient privileges can block lower-level directories with supposedly "full" access. Can you move the share to somewhere else - perhaps /var/shares - and give that location full rwx access for all users? Let me know how you get on.
Finally, I agree that Samba should be easy. When it is you're in heaven, when it isn't, you're in the other place
PS: Even though I have a firewall in my router, I still have a dedicated IPCop firewall device sitting right behind the router, and a firewall running on my CentOS Linux server as well. My theory is you can never have too much protection from those idiots that want to abuse your hardware.
These folders will be relocated to a mirrored pair of drives I have on the system but haven't formatted yet. (I'm waiting 'til I get the basics working.)
From WinXP, I can see ubuntu1616, but cannot browse to any part of the file system at all. I ran SWAT locally on the server and ALL the documentation links on the opening page are broken (i.e., "file not found"). Makes me wonder if I might also have a damaged installation of Samba.
BTW, I didn't take any comment as criticism ... I truly appreciate your help and don't want to make the process more difficult. Whatever I do beyond your suggestions I'll document. I'm perusing these books, but the sheer volume of information is staggering. At your suggestion, I'm trying to use the man pages first when I'm trying to sort something out, but necessarily using the books to figure out what commands might apply to my situation.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.