Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am trying to connect my fedora core2 box with my win2k box.
Being new, I am trying to follow the KISS principal, I copied the following as smb.conf:
[global]
workgroup = WORKGROUP
[homes]
guest ok = no
read only = no
my win2k box is also WORKGROUP. When trying from windows, i browse the network neighborhood and timeout to "Workgroup is not accessable". More troubling is when on the fedora box, smbclient //MachineName/Username asks for a password and then responds "NT_STATUS_LOGIN_FAILURE" with the same error message for smbclient -L machineName. ps shows that smbd is running. I have double checked the password.
I've been browsing other Samba posts without any luck. Any troubleshooting ideas?
if a user and password box comes up you'll probably have to log in as a guest or any account you have on your win2k machine.
I usually log in as administrator so I can access all my files.
To log-in to a Samba server, your windows user must have a valid Linux account and a Samba account with the same username and password.
Unless the share has a "guest ok = yes" option.
To add a Samba user:
Code:
smbpasswd -a username
Here is a small sample smb.conf file.
Code:
#======================= Global Settings =====================================
[global]
workgroup = WORKGROUP
netbios name = Linux
server string = My Linux PC
# Security
security = user
encrypt passwords = yes
map to guest = Bad User
hide local users = yes
invalid users = root
# Logging
log file = /var/log/samba/%m.log
max log size = 1000
# Files
unix extensions = Yes
# Services
os level = 36
time server = no
domain master = no
domain logons = no
local master = yes
preferred master = yes
wins support = yes
dns proxy = no
#============================ Share Definitions ==============================
[homes]
comment = Home Directorie for %u
valid users = %u
browseable = yes
writable = yes
create mask = 0640
directory mask = 0750
synaptical posted a link to the "Using Samba" book.
However, you may to take a look at Using Samba, 2nd Edition http://www.oreilly.com/openbook/
>edit: it looks like Mathieu beat me to it, but it's basically all the same idea. and you need to the o'reilly book.
~~~~~~~~~~~~~~~~~~
here's part of my smb.conf (with some comments added), maybe this will help for comparison.
Code:
[global]
netbios name = HOMER
server string = Samba %v
workgroup = WORKGROUP
# [choose which one you want :study:]:
# security = share
security = user
log file = /var/log/samba.log
wins support = yes
# domain master = yes
encrypt passwords = yes # [don't forget that option :study:]
invalid users = root bin daemon adm sync shutdown halt mail news operator
# Networking configuration options [these are optional :study:]
hosts allow = 192.168.0. localhost
hosts deny = 192.168.0.110 192.168.0.111
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 [probably optional -- :study:]
[home]
path = /home/sero
comment = arch home dir
valid users = olv26 sero
guest ok = no
writeable = yes
[mp3]
path = /mnt/media/gift/completed
comment = gift completed files
valid users = olv26 sero
guest ok = no
writeable = yes
Quote:
7. Windows XP/2000
You'll need to enable TCP/IP on your system, as well as configure a
WINS server, from the control panel. The IP address of the WINS server
should be your Samba server (where the nmbd daemon is running).
To map a drive using the Windows GUI, open My Computer. On the toolbar
are many options; look for one that provides a list that includes the
phrase Map Network Drive (under Windows XP this option is under the
Tools menu). Once selected, a new box will open up. In the Drive box,
click a drive letter that you wish to use. In the Folder box, type the
path for the server and path that you wish to connect to.
Alternately, from a Command Prompt, you can type:
NET USE F: \\MYSERVER\PUB /YES
Quote:
Samba has no knowledge of Windows 2000/XP Local Accounts; as far as it
is concerned, there are only multiple users (defined in smbpasswd) and
a single Administrator named root (if defined in smbpasswd). Samba
also has no knowledge(nor does it care) about Windows 2000/XP Local
Groups; all Samba group memberships are defined in /etc/groups.The
reverse is also true -- Windows 2000/XP has no direct knowledge of
Samba Domain Users or the /etc/groups file on the Samba box.
Therefore,it is possible to log into the domain as root (not advised
for the security conscious) yet not have any administrative authority
over the Windows 2000/XP box!Under Windows NT/2000/2003 Servers, you
can add Local Users, Global Users, and Global Groups to Local Groups.
With Samba, you can add Local Users and Global Users to Local Groups.
However, with both Windows NT/2000/2003 Servers and Samba Servers, you
cannot add Local Users and Local Groups to Global Groups.One option to
get around this is to select one account from Samba to add it to each
Windows 2000/XP workstation's Administrators Local Group. This needs
to be done on a per-workstation basis since Local Groups are just that
-- local to the box itself, and to no one else.There is no way to do
this from the Samba server (nor should there be) or even from a
Windows 2000 Server.
To join a Samba Domain, you'll need to first enable a Samba password
for the root account on your Samba box. Make sure to choose a secure
password! You can accomplish this with something like the following
(below). Note that if you have a directive like 'invalid users = root'
in your smb.conf file, you're guilty of not thinking with your head!
Make make the following changes to your /etc/passwd file:
myworkstation$:x:5000:5000::/dev/null:/bin/false
Make make the following changes to your /etc/shadow file:
myworkstation$:*:9797:0:::::
Note: In the above two examples, it is critical to add the dollar sign
($) at the end of each and every workstation name!
Next, make make the following changes to your /etc/group file:
workstation::5000
Finally, run the following commands on your server. Note the lack
of a dollar-sign ($) at the end of the workstation name! This is
frequently overlooked and a cause of many headaches...
$ smbpasswd -a root
$ smbpasswd -m -a myworkstation
On your Windows machine, make the following changes to your registry
and reboot:
Next, log on to your Windows workstation with a local account that
does not have the same name as any account on your Samba server.
Administrator is a popular choice. Next, make sure that there are no
lingering connections to the Samba server with:
NET USE * /DELETE /YES
Finally, open up the Windows Control Panel and activate the System
icon (sysdm.cpl). Find the tab labeled Computer Name section and
activate it. Then, click Change. Finally, you will be able to change
the computer from belonging to a workgroup to belonging to a domain.
After clicking 'Change', you can join your Samba domain (which is the
"workgroup" parameter from your smb.conf file). You'll be prompted for
a name and password of an account with permissions to join the domain;
only the user account "root" will work here, and the account must
exist in your smbpasswd file (and not be disabled either - FYI!).
If you can't seem to get your workstation to join your Samba domain,
make sure you've reviewed the following checklist:
1. Make sure that there is not a firewall between you and your Samba
server.
2. Make sure that your Samba server is not blocking traffic between
you and it. This includes ports 137/udp, 138/udp, 139/tcp,
445/tcp, and ICMP types 3 and 4.
3. Stop and restart your Samba server by hand -- not by any fancy
script or graphical administration tool. If in doubt, you'll need
to read up on either man 1 kill or man 1 killall.
4. Restart your Windows workstation -- this cannot be overstated
enough.
If all of this still fails, increase the log level of your Samba
server to either 2 or 3, and review the output. You don't need to
understand everything the log is saying; but you do need to know
enough about your server to be able to look for error messages.
an easier way to make user accounts in samba (i put this right in my smb.conf file so i don't have to remember it each time i add a user):
### add user to /etc/samba/private/smbpasswd
### user:1001:32Xs:32Xs:[U1234567890]:LCT-00000000:
### then change passwd with smbpasswd user
some amplification:
-- in the second line, replace "1001" with the actual user number (found in /etc/passwd).
-- "32Xs" means just that: you enter 32 upper case X, followed by a colon, then 32 more X.
-- [U1234567890] means a U followed by 10 blank spaces
-- LCT-00000000: is literal
-- this method presupposes you have made the user (e.g., with adduser), and that the user exists on the windows box
-- make sure the password is the same as the password for that user on the windows computer
gl, it's all in the o'reilly and unoffical books (except for my custom user-making procedure), but if you'd rather read it here than in the books, be my guest.
Last edited by synaptical; 08-24-2004 at 11:25 AM.
I used Mathieu's config file and am almost there. Now I can browse from the win2k machine via and see the linux machine. However, it asks for user name and password and refuses any response I give.
currently win2k username/password = linux username/password = samba username/password. I tried adding the share parameter = OK as suggested, but that had no effect.
Any ideas? Additionally, I think I should be able to change the linux password, leaving the samba and windows passwords equal. is that correct?
did you restart windows after making the samba changes? also check the permissions on the directories you're trying to access. if you don't have at least read permissions for users who don't own the directories who are trying to access from win2k, access will fail.
Excellent suggestions. However, yes, I did reboot. I used chmod 777 on my home directory as there were no r/w permissions for others. Another reboot on the win2k box. But still the same result.
not to be annoying, but you are restarting samba after making the changes, right? otherwise, i would just strip down the shares in smb.conf as much as possible, something like:
while you're at it, strip out all extraneous options for now until you get it working, e.g. all the stuff in the services section (except wins -- keep wins support = yes), map to guest, unix extensions (obsolete in samba 3.0), the permission masks, etc. the key to samba is to strip it down as much as possible, then only add things one at a time once it's working (unless you totally know what you're doing, which i don't, so i do it the "foolproof" way ). and don't forget to restart samba after each change.
you are obviously very, very, wise. I thought I had been doing this (indeed, I know I've rebooted the machines involved) but after a /etc/init.d/smb restart, it's working!
Thank you very much! Now, I'm off to tackle adding a printer!
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.