Another quick samba question
 

I have been setting up a samba server 3.x on Red Hat ES3 and it has been working like a champ. Now, when users are logged into their Windows workstation and they click on the mapped drive to the samba server, they have to re-enter thir user name and password. It wasn't doing that last week. Wierd. The user names and passwords are all the same across the board (Windows, Unix, Samba).
Here is the smb.conf

# smb.conf is the main Samba configuration file.
# Date: 2005-02-12
[global]
workgroup = workgroup
server string = File Server on Fileserver
hosts allow = 192.168.1. 127.
printcap name = /etc/printcap
load printers = Yes
printing = CUPS
log file = /var/log/samba/%m.log
max log size = 0
smb passwd file = /etc/samba/smbpasswd
security = user
encrypt passwords = Yes
unix password sync = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd: *all*authentication*tokens*updated*successfully*
pam password change = Yes
obey pam restrictions = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
username map = /etc/samba/smbusers
dns proxy = no
;; ldap server = 127.0.0.1

[homes]
comment = Home Directories
browseable = no
writeable = yes
valid users = %S
create mode = 0664
directory mode = 0775

[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
guest ok = no
writable = no
browseable = no

[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @ntadmin root
force group = ntadmin
create mask = 0664
directory mask = 0775
browseable = yes
printable = no

[company]
comment = Company Documents
path = /home/company
force create mode = 0664
force create directory = 0775
writeable = yes
guest ok = yes

Any ideas what I am missing?

Thanks for all the help this forum has provided.

I'm wondering if you could include the contents of the /etc/pam.d/samba file.

Ok, seems as though I figured it out and it wasn't an issue with samba.

The client side of the network was once a peer to peer hodg-podge of Windows XP Home/ Windows 2000/ Windows Me. I noticed that I wasn't having the issue on the 2000 & Me systems. I switched gears from samba troubleshooting to Windows troubleshooting. I found that even though I renamed the users from the standard "Owner" account that the system was logging onto the samba shares with the now renamed account. I disconnected the mapped drives and when I re-mapped the samba shares I selected "Connect using a different user name". I typed the samba user name and password and selected "Reconnect at logon". Works like a champ. There must be something buggy w/ XP that leaves the old user credentials in cache somewhere even after you change the user name (and after adding users to the system).
Lesson learned?
Don't bee too quick to blame samba.

Thanks all!

FYI XP Home doesn't do user or domain based authentication. This means it treats shares similar to the way Samba does in security=share mode and assigns a (user/)pass to each share rather than matching the logon credentials. Win9x, and I belive ME, do this too although you can set them up either way where as XP Home is stuck (crippled by M$) that way.

I know that is true for NT4 or Active Directory Domain Security. But I believe you can use User Level Security as long as you are using stand alone machines.



Having a machine that can't join a domain, use TCP/IP instead of NetBIOS! That is really is doing a number on unsuspecting users. Imagine going through the network setup on windows XP home, and you come to the part were you need to produce a floppy disk to set up Windows 95/98/ME clients. Only problem is that you have a new Laptop (with XP preinstalled) which doesn't have a floppy disk!

User and share level security appear a lot alike, compared to logging into a domain. The difference is when they do verification. With share level security, there is one password (it accepts any username since authentication is done with a user/pass combo) per share and each share can have different passwords. With user level security, a user is granted access to some resource and they are authenticated once on that system for all the connections made (shares, printers, etc.) You can connect to one type from the other, but you will usually get asked for credentials more often because the two expect/assume verification at different times.

This is what rayber2000 appears to have run into. He changed the username on a windows system and that didn't change the authentication of network shares because the system is using share based security and it uses (and stores) a user/pass for each network drive, no matter who is logged on.

If the user level security is USER rather than SERVER, DOMAIN, or ADS, and you use stand alone servers (no domain controllers) or network logon, then the server with the share you want to access I believe that what an XP home computer cannot do is join any type of Domain Security facility.

If a stand-alone machine with USER security is a local Domain , then I guess XP Home can't do that either.