From: Sergio Luiz Novaes (algol@LCC.UFMG.BR)
Date: Tue Jan 28 2003 - 08:10:41 EST
It's not totally correct. Samba can use crypt and UNIX authentication (NIS
or /etc/passwd), just ask samba to do that. In fact is correct to say it's
a poor authentication issue (password will travel in plaintext on the net),
but works.
The real problem is the encription method used by default on Win2k to sent
the password on net. Samba will no recognize that encription method at
least you use smbpasswd and activate encription on smb.conf ( I think
default is deactivated but I'm not sure).
Solutions: use smbpasswd and default encription on win2k (samba will
recognize it and will be more secure) or stop the default encription on
win2k and pass plaintext password on net using UNIX authentication on
samba. A good reference to activate plaintext password on Windows is:
http://www.isbiel.ch/Resources/Computing/SunGroup/Info/QuickRef/Samba/
Sergio Luiz Novaes
LCC/UFMG - CENAPAD-MG/CO
Tel: +55 31 3499 5391/4910
Fax: +55 31 3499 5390
"Jolet, John"
<John.Jolet@MISYSHEAL To: aix-l@Princeton.EDU
THCARE.COM> cc:
Sent by: IBM AIX Subject: Re: Samba - cannot authenticate the user from win2k pc
Discussion List
<aix-l@Princeton.EDU>
28/01/2003 10:14
Please respond to IBM
AIX Discussion List
I don't think you can get samba to authenticate off of nis. You CAN get it
to authenticate off of ldap, but it's not straightforward. The easiest
thing to do is enable swat (you should have the docs for that in your samba
distribution). The reason you can't authenticate off of nis is it has a
(probably) crypt encrypted password. samba (and windows, etc) don't use
crypt...they use something much less secure. In fact, your password is
stored in two methods. One is the older lanman format, where the string is
broken down into two 7-byte (i think it's 7) strings and encrypted
seperately (making hacking much easier, incidentally). The other is more
secure, but since it's the same password in two formats, all you have to do
is hack the easy one.
for command-line use...you should have a command called "smbpasswd".
"smbpasswd -a username" run as root will add username to the smbpasswd file
specified in your smb.conf, and prompt for a password. without the -a, it
lets you change the password.
-----Original Message-----
From: BSARMA [mailto:bsarma@BASIT.COM]
Sent: Monday, January 27, 2003 5:35 PM
To: aix-l@Princeton.EDU
Subject: Re: Samba - cannot authenticate the user from win2k pc
Greetings John,
I didn't run the smbpasswd as we use nis , my userid is not listed in the
/etc/passwd file of my RS6000 workstation.
if you have some instructions to setup this, please email me.
Regards & Thanks
BN
----- Original Message -----
From: Jolet, John
Newsgroups: bit.listserv.aix-l
To: aix-l@princeton.edu
Sent: Monday, January 27, 2003 6:07 PM
Subject: Re: Samba - cannot authenticate the user from win2k pc
did you set up the smbpasswd file?
-----Original Message-----
From: BSARMA [mailto:bsarma@BASIT.COM]
Sent: Monday, January 27, 2003 5:03 PM
To: aix-l@Princeton.EDU
Subject: Samba - cannot authenticate the user from win2k pc
Greetings
I have installed Samba on my IBM RS6000 , and started the smbd and nmbd
services.
I am trying to connect to IBM RS6000 Samba server from my windows2000
client and getting the following error message:
C:\>f:
The system cannot find the drive specified.
C:\>net use f: \\ibm210\bsarma
The password is invalid for \\ibm210\bsarma.
Type the password for \\ibm210\bsarma:
System error 1326 has occurred.
Logon failure: unknown user name or bad password.
This is the user name I logon into my unix box and also into my windows2k
box.
Please advice.
Regards & Thanks
BN
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:16:32 EDT