Friday, January 28, 2011

Samba access from WinXP PC

I've been trying and failing hard at getting Samba to be accessible from my Windows PC. So I'll start off with a basic question:

Does Samba need to use the same authentication credentials as the Windows PC user accounts? Do they need to be the same as the Linux user accounts? Same usernames? Same passwords?

Our Windows PC's are authenticated using a Windows Server 2003 Active Directory LDAP system. When I navigate to \\MyLinuxServer from Windows, I can see the share, and when I try to navigate into the share, I am prompted for my password. I type my username and password, that I have set up via sudo smbpasswd, and it fails. When it fails, it comes back with the the Windows domain and a backslash before my password.

Questions:

  1. Do I need to put Unix user accounts on my server that match the Windows usernames?
  2. Do I need to have the server join the domain, and authenticate that way?

Honestly, I barely even care if the thing doesn't even use passwords at this point. The whole company could see it but what the hey. I haven't gotten that to work either. If I set security = share, then I am prompted for a password -- no username -- and it fails.

If I run smbclient -L mylinuxserver on the server, it prompts for my password, then fails with Connection to mylinuxserver failed (Error NT_STATUS_CONNECTION_REFUSED) no matter what I enter for the password.

netstat -a | grep netbios-ssn shows it as LISTEN.

nmblookup -B mylinuxserver __SAMBA__ works with this output including the correct IP address instead of x.x.x.x:

querying __SAMBA__ on 127.0.1.1
x.x.x.x __SAMBA__<00>

Here is the output of testparm:

Load smb config files from /etc/samba/smb.conf
rlimit_max: rlimit_max (1024) below minimum Windows limit (16384)
Processing section "[homes]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions

[global]
    server string = My Excellent Server
    interfaces = eth0, lo
    bind interfaces only = Yes
    map to guest = Bad User
    obey pam restrictions = Yes
    pam password change = Yes
    passwd program = /usr/bin/passwd %u
    passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
    unix password sync = Yes
    syslog = 0
    log file = /var/log/samba/log.%m
    max log size = 1000
    dns proxy = No
    panic action = /usr/share/samba/panic-action %d

[homes]
    comment = Home Directories
    read only = No
    create mask = 0664
    directory mask = 0775

I thought testparm output the same as smb.conf. Apparently not, here is smb.conf

$ cat /etc/samba/smb.conf | grep "^[^#;]"
[global]
   workgroup = WORKGROUP
   server string = Landscape Capital Server
   dns proxy = no
   interfaces = eth0 lo
   bind interfaces only = yes
   log file = /var/log/samba/log.%m
   max log size = 1000
   syslog = 0
   panic action = /usr/share/samba/panic-action %d
   security = user
   encrypt passwords = true
   passdb backend = tdbsam
   obey pam restrictions = yes
   unix password sync = yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
   pam password change = yes
   map to guest = bad user
[homes]
   comment = Home Directories
   browseable = yes
   read only = no
   create mask = 0664
   directory mask = 0775
  • I had to specify the linux hostname as the "domain" in the windows password prompt. i.e. mylinuxserver\mylinuxusername

    Good grief :( :( :(

    From Scott

0 comments:

Post a Comment