I'm using Slackware 8.1 and Samba 2.2.4.
I've been following the instructions in the Using Samba book that is included in the Samba docs.

Samba daemon is executed upon boot-up by way of /etc/inetd.conf.

My Win 98 clients have been configured according to Chapter 3 of Using Samba and see the Samba box under Win98 Network Neighborhood. When I highlight the icon and name (Finky) it shows up as:

\\Finky
Samba 2.2.4

However, when I double-click on the Finky icon, Win98 asks for a password, which means things are not functioning properly. See quote from Chapter 3:

WARNING: If you are presented with a dialog requesting the password for a user IPC$, then Samba did not accept the password that was sent from the client. In this case, the username and the password that were created on the client side must match the username/password combination on the Samba server. If you are using Windows 98 or Windows NT Service Pack 3 or above, this is probably because the client is sending encrypted passwords instead of plaintext passwords.

I have tried the two remedies suggested in Chapter 3:

You can remedy this situation by performing two steps on the Samba server. First, add the following entry to the [global] section of your Samba configuration file: encrypt password=yes. Second, find the smbpasswd program on the samba server (it is located in /usr/local/samba/bin by default) and use it to add an entry to Samba's encrypted password database. For example, to add user steve to Samba's encrypted password database, type smbpasswd -a steve. The first time you enter this password, the program will output an error message indicating that the password database does not exist; it will then create the database, which is typically stored in /usr/local/samba/private/smbpasswd.


Neither of these has cured the problem. Can anyone lend a hand with this problem. Thank you for your time and help.

Mike

Just some additional background. The samba "share" was set up following Chapter from Using Samba.

The share was created in the following folder: /export/samba/test.

the one user so far is: flug
the password for flug is: flug (i know this is not good security, but i'm only testing to get it to work for now)
the home directory for flug was setup as: /export/samba/test


Here's some test output from Samba:

bash-2.05a# smbclient -U% -L localhost
added interface ip=192.168.1.5 bcast=192.168.1.255 nmask=255.255.255.0
Domain=[SIMPLE] OS=[Unix] Server=[Samba 2.2.4]

Sharename Type Comment
--------- ---- -------
test Disk
IPC$ IPC IPC Service (Samba 2.2.4)
ADMIN$ Disk IPC Service (Samba 2.2.4)

Server Comment
--------- -------
ELISA
FINKY Samba 2.2.4

Workgroup Master
--------- -------
SIMPLE ELISA

The ELISA box is a WinXP Pro box that's also on my home network, but I'm not worried about that one right now, just want to get one thing figured out a time.

I guess for now, I'll try to see if i can get my other linux box to see the samba share.

Mike

add a user account in samba with the same user / password combo that you used to login to win98 box with.

I hate to give this sort of advice, but the front-ends (gui or text based) are only as good as the people who pre-set the options for you. Samba is so simple to manage for one server, especially for file-sharing only, that it's almost ridiculous to bother with the front ends. I never learned to use them because smb.conf had all the instructions inside of it and all you have to do is just copy what's there and change as appropriate. Then just (as root! smbpasswd operates differently in user mode! You'll notice that they have 2 man page entries in different sections) add your user in using "smbpasswd -ae user password", subbing in the user's name and password for "user" and "password". If you have tried this before and it doesn't work, the best thing to do is go back and restore the default smbpasswd and smb.conf files, it seems that they are always there with a ~ in front of them (at least in my distro/version {solaris/debian}). If you don't want to do that, at least go back and delete the lines out of the smbpasswd file that pertain to your attempts, smbpasswd will recreate them when you recreate the user.

I had to syncronize a group of people at work when we were integrating networks. We have a locally authenticated box, and a mixed OS environment on the network side (the solaris/linux side doesn't always resolve the other windows computers on the network by PC name, but it does easily by IP...I'll get to that someday, but it doesn't seem to bother the actual network folks at work so I let it slide. I've posed the question to them several times and the answer is that M$ doesn't play nice and is a pain to maintain so having the windows pc names resolve is wayyy down on the list of priorites. maybe samba deals with this, maybe not. but I digress.) So the box that came in had different GID:UID for all the users on it that was different from the network, the usernames were also different and the home directories...

I had to do it the hard way...but the samba part is something you have to do after you make other changes to the user, then clear and regenerate all the samba authentication to match. The regular user data has to be in good shape or samba won't work right/reliably. Don't disable users in samba, delete them. it's simple and the quickest/surest way to get it set up working the first time.

Also, when you change samba information (I'm not sure about XP, but this is the way win2k is) out on the server you have to log off your current session at the windows box to force it to reauthenticate the samba stuff. For some reason the windoze box will refuse to see the changes you have made out to the samba server until you do so. Apparently it only refreshes that data on login. You don't have to reboot, just log out and back in. Make sure you use the same user credentials on both the samba/linux side as you do the windoze side. You can work windows boxes from the unix side via samba, but in smaller cases, it's more trouble than it's worth (except as a learning exercise).

Don't use encrypted passwords if you can help it. It's probably another few days study if you do, to get everything to play nice and be sure you understand what's going on. I have the luxury of being two firewalls deep at work, and don't worry about security too much...make sure your case is set to unmangle in smb.conf too.

Another thing about sysadmin via gui is that sometimes the gui won't let you do stuff that you can do if you pull up the file in {insert favorite text editor}. In solaris using admintool, I can't change a users UID, ever, but I can easily hack it out of passwd.

Just don't touch the password fields in either smb/passwd or you'll have to start over to be quick about it. I'm sure you can reverse engineer em, but I'm also as sure that's it's a crapload harder than cracking ntauth.

I think I've spewed enough for one column...eh.

As usual, more information than was needed or probably wanted.

HTH

-rust

I forgot to add that as long as you *know* your username and password that samba is looking for, you can just fill those in when prompted from windows for authentication, but new versions of windows (like I said inthe last post) remember the authentication and if you leave your windows box logged in for extended periods of time it's pretty easy to be temporarily confused when it asks you for authentication again on a relogin or reboot. This happened to a lot of people on my sun ultra60 at work because before we moved into the new company we had ad hoc administration and everyone in the group had root access...most people can hack around and make stuff work by brute force, but that's never the best solution...

take the time to figure out how to administrate what you need on the whole network from samba, learn how to work the encrypted stuff between M$ and samba, and/or syncronize your user passwords, at least where your internal network is concerned.

Have you considered using NIS and just use your linux box to provide all network services? heh heh heh....NIS. NIS is cool. heh heh hmh huh hm...shut up beavis. *smack*

-rust

PS you can delete the target user using -x option on smbpasswd, but I just like the feeling of deleting it myself ;-) Don't forget to reset permissions to read-only after!

http://www.samba.org/samba/docs/man/smb.conf.5.html
http://www.samba.org/samba/docs/man/smbpasswd.8.html

you might also try running samba on a per instance basis, instead of leaving the daemon running, until you get it working right. Then if you want to do that, it should work just fine. I haven't seen a significant decrease in performance letting it execute on demand, and I don't have do dink with the server daemon every time I make a change. At worst, it may take a few more seconds to pull up the directory, but once in it runs the same, performance wise. it may have a lower priority or not, but thats probably more of a semantical or philosophical discussion as far as its effects on me have been.

one of the problems of unix is that once you get it configured and running, you have to make so few changes that once you have to you have to go back and relearn everything because it's been so long that you had to make a change that you forgot all the nuances and the thing has likely changed anyhow...

is that a good thing or bad thing? I think it's good...?

Originally posted by jumpedintothefire
add a user account in samba with the same user / password combo that you used to login to win98 box with.

Hi buddy. As you can see, it's on to Samba now. :-)

Yeah, I definitely did this through SWAT. i added a user (flug) and made the password (flug), and then enabled the user.

Do I need to add something about the user (flug) into my smb.conf now?

Thanks for your help.
Always good to hear from ya.

Best regards.

Mike

P.S.--- The linux routerbox you helped me with has been up steady now for 42 days. :-)

Originally posted by rustskull
I hate to give this sort of advice, but the front-ends (gui or text based) are only as good as the people who pre-set the options for you. Samba is so simple to manage for one server, especially for file-sharing only, that it's almost ridiculous to bother with the front ends.

Another thing about sysadmin via gui is that sometimes the gui won't let you do stuff that you can do if you pull up the file in {insert favorite text editor}. In solaris using admintool, I can't change a users UID, ever, but I can easily hack it out of passwd.

To tell you the truth, this sounds like excellent advice. I chose to try linux in the first place because I wanted an operating system that was open and configurable to the extent that I could learn how to do it. I just started doing some stuff with SWAT cuz the Using Samba Book led me there.

I like the advice your giving. I'm going to give smb.conf via VIM to work with configuring samba.

Just don't touch the password fields in either smb/passwd or you'll have to start over to be quick about it. I'm sure you can reverse engineer em, but I'm also as sure that's it's a crapload harder than cracking ntauth.
-rust

This part I don't quite understand. Are you saying it's not safe to manually add/delete passwords into these files? What happens to Samba if you do? I guess this is a step or two ahead of the game right now. I just want to get a win98 machine to able to mount/share/see (whatever is the proper term) the share I created: /export/samba/test

Thanks for your reply.

Mike

Hmmm....getting a little frustrating.
The WinXP Pro box on the network sees the Samba box as "Samba 2.2.4 (Finky)" but when I double-click the icon to get to the share /export/samba/test I get the following error message:

\\Finky is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions. The account is not authorized to log in from this station.



I need to start messing around with some more smb.conf options. All the machines see the Samba share but none of them can access it.

The number one problem with Samba in Red Hat is firewalls. I'm not familiar with Slackware but you want to be sure iptables or ipchains arent running and blocking your Samba traffic.
If this is the case, you'll be able to see the Samba shares in Network Neighborhood but not be able to access them. Usually it's a network path not found error but sometimes the Windows error messages can be kind of vague.

The results you got from the smbclient command in your second post show that the test share is configured properly and that Samba is at least running properly. Since you didn't include a username and/or password with the command, it doesn't mean that your security is set up properly though.

Personal preference but I find it easier to use encrypted passwords with Samba. It's easier to put "encrypted passwords = yes" in your smb.conf file than to edit the registry on every Windows computer to turn off encrypted passwords. All versions of Windows since Win95B and NT4 SP3 use encrypted passwords by default.

It may be helpful to post your smb.conf file here for us to look at.

Originally posted by cowanrl
[B]not familiar with Slackware but you want to be sure iptables or ipchains arent running and blocking your Samba traffic.

I'll definitely be mindful of this as I proceed forward with Samba. I know right now there is no firewall issue as I haven't set any functional rc.firewall file yet on this box.

Personal preference but I find it easier to use encrypted passwords with Samba. It's easier to put "encrypted passwords = yes" in your smb.conf file than to edit the registry on every Windows computer to turn off encrypted passwords.

Wow, that fella rust sure was right. It makes a big difference when you edit your smb.conf manually with a text editor, rather than through gui config tool. I thought I set encrypt passwords = yes using SWAT, but I just checked and saw that my smb.conf did not have it.

I inserted the parameter in the Global section and rebooted. I'm now getting one step further than before. The Win98 client no longer queries me for a password. When I double-click on Finky (the Samba box) in Network Neighborhood, I see 3 sub-folders appear: flug, homes, and test. However, when I double click any of those folders I get the following message:

\\Finky\flug is not accessible.
Access is denied.

The same goes for \\Finky\homes and \\Finky\test.

As requested, here's my smb.conf file:

# Global parameters
[global]
workgroup = SIMPLE
wins support = Yes
encrypt passwords = Yes
[test]
path = /export/samba/test
read only = No

Please keep the tips and pointers coming. You fellas are getting me closer and closer. Thanks for your time and patience. I'm just beginning to dip my toes into how windows and linux can work together in a network setting.

Mike

Couple of questions.

Did you also create a regular Linux user account for flug? That must exist along with the Samba user account you created.
You can use whatever GUI User Administration program comes with Slackware or you can do it from the command line as root with these commands:

useradd flug
passwd flug

The password doesn't have to be the same as the Samba password.

Did you send your entire smb.conf file? You say that you see a \homes and a \flug share on the \\Finky server but you don't show a [homes] share definition in your smb.conf file.

Do you have the proper file permissions on /export/samba/test. Since you have read only = no, the permissions need to be 777. Just execute as root:

chmod 777 /export/samba/test


Since you created the Samba flug user account before you set up encrypted passwords you may want to delete the flug Samba account and re-create it. As root, just execute:

smbpasswd -x flug
smbpasswd -a flug

Make sure the password matches the password for flug on your Windows computer.

See if those help any.

Hi Cowanrl,

Thanks for the speedy reply. I'm writing from work so must be brief. I'll give this a try when I get home tonight.

Thanks again,

Mike

Originally posted by cowanrl
Couple of questions.

Did you also create a regular Linux user account for flug? That must exist along with the Samba user account you created.
Yes.
I did adduser flug.
I set the user's home directory to /export/samba/test
and set the password to flug.

Did you send your entire smb.conf file?
Yes.
You say that you see a \homes and a \flug share on the \\Finky server but you don't show a [homes] share definition in your smb.conf file.
hmmm.....i gotta figure this out. See I started creating the smb.conf file using SWAT, but have since started to just edit it manually. The smb.conf created with SWAT did not have the [homes] share definition either.


Do you have the proper file permissions on /export/samba/test. Since you have read only = no, the permissions need to be 777. Just execute as root:

chmod 777 /export/samba/test

RUH ROH. I may have made a very basic mistake. Is [test] supposed to be a directory or just a file? Cuz right now in /export/samba/test, test is a directory.

While I wait for your answer, I'll do what you suggested about deleting user flug and recreating the account.

Cowan, thanks for all your guidance with this. I really appreciate you taking the time.

Mike

Well somehow I've stumbled onto success but I have no idea how I got there.

Tonight, I took a look at Network Neighborhood from Win98's Windows Explorer. The Win98 box could once again see 3 directories under the Samba box (Finky). The 3 folders are flug, homes, and test. I absent-mindedly started clicking on and opening up each folder. Then suddenly I realized that I wasn't getting the Access Denied messages like the night before. I thought this must be too good to be true.

So, I went to the Samba box and created text file using vim called gotcha_sucka and saved it in directory /export/samba/test/gotcha_sucka.

I went back to the Win98 client and lo and behold--- it sees and can open up the text file using wordpad. The odd thing is that it sees the same file in all 3 folders even though I only saved it to /export/samba/test.

Still in disbelief, I then opened up Microsoft Word and created another text file and saved it to /export/samba/test. Yepper, it was in fact saved to that directory. I then went to the Samba box and opened up the file using vim, and then abiword. Of course, the output was full of code jibberish along with the document text; it took Abiword to interpret the data and formatting correctly.

This is great news, but I don't know what made it finally work. I didn't change anything from the day before......

Mike