This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links

Version management

Difference between version and

At line 1 added 375 lines
!!!For Current Real Information
Please see: [http://wiki.samba.org/|http://wiki.samba.org/| target='_blank']
!! [Passwords]
The samba password is not the Linux password.
The Microsoft SMB Protocol originally used plaintext passwords. Starting with Windows 2000 and Windows NT 4.0 with Service Pack 3 or higher required encrypted Samba passwords. To use Samba between a Linux system and a system with Windows 2000 or Windows NT 4.0 Service Pack 3 or higher, you can either edit your Windows registry to use plaintext passwords or configure Samba on your Linux system to use encrypted passwords. If you choose to modify your registry, you must do so for all your Windows NT or 2000 machines — this is risky and may cause further conflicts.
Using LDAP, the password is from [sambaLMPassword] or [sambaNTPassword]. The samba password must be set independently from the Linux and the [LDAP] password.
In a Windows Domain, [authentication] process performed from a Domain controller.
In contrast, Linux and (most) Unix variants allows [authentication] redirection where the the authentication process can be performed from by a "[Pluggable Authentication Module]" ([PAM]).
! Setting the samba Password
The samba password can be set or changed for the current user with:
{{{
smbpasswd
}}}!!!Troubleshooting
Note: This is from our samba install that is LDAP enabled.
!!Testing from Linux
Commands from a Linux workstation that may help.
!Get the Domain SID
%%prettify
{{{
net getlocalsid willeke
SID for domain willeke is: S-1-5-21-852355746-2165432268-4188094699 (sid shown is fake)
}}} /%
LDAP server sees:
%%prettify
{{{
19:00:00 94C04BA0 LDAP: (192.168.1.4:41817)(0x0001:0x60) DoBind on connection 0x9ced280
19:00:00 94C04BA0 LDAP: (192.168.1.4:41817)(0x0001:0x60) Bind name:cn=admin,ou=administration,dc=willeke,dc=com, version:3, authentication:simple
18:34:40 94C04BA0 LDAP: (192.168.1.4:41817)(0x0001:0x60) Sending operation result 0:"":"" to connection 0x9ced280
19:00:00 B6E23BA0 LDAP: (192.168.1.4:41817)(0x0002:0x63) DoSearch on connection 0x9ced280
19:00:06 B6E23BA0 LDAP: (192.168.1.4:41817)(0x0002:0x63) Search request:
base: ""
scope:0 dereference:0 sizelimit:0 timelimit:0 attrsonly:0
filter: "(objectclass=*)"
attribute: "supportedControl"
18:34:40 B6E23BA0 LDAP: (192.168.1.4:41817)(0x0002:0x63) Sending search result entry "" to connection 0x9ced280
19:00:00 B6E23BA0 LDAP: (192.168.1.4:41817)(0x0002:0x63) Sending operation result 0:"":"" to connection 0x9ced280
19:00:00 9368FBA0 LDAP: (192.168.1.4:41817)(0x0003:0x63) DoSearch on connection 0x9ced280
19:00:00 9368FBA0 LDAP: (192.168.1.4:41817)(0x0003:0x63) Search request:
base: "dc=willeke,dc=com"
scope:2 dereference:0 sizelimit:0 timelimit:15 attrsonly:0
filter: "(&(objectClass=sambaDomain)(sambaDomainName=WILLEKE))"
attribute: "sambaDomainName"
attribute: "sambaNextRid"
attribute: "sambaNextUserRid"
attribute: "sambaNextGroupRid"
attribute: "sambaSID"
attribute: "sambaAlgorithmicRidBase"
attribute: "objectClass"
19:00:00 9368FBA0 LDAP: (192.168.1.4:41817)(0x0003:0x63) Sending search result entry "sambaDomainName=WILLEKE,dc=willeke,dc=com" to connection 0x9ced280
19:00:04 9368FBA0 LDAP: (192.168.1.4:41817)(0x0003:0x63) Sending operation result 0:"":"" to connection 0x9ced280
19:00:04 9535BBA0 LDAP: Monitor 0x9535bba0 found connection 0x9ced280 socket closed, err = -5871, 0 of 0 bytes read
00:44:21 9535BBA0 LDAP: Monitor 0x9535bba0 initiating close for connection 0x9ced280
00:44:21 93B94BA0 LDAP: Server closing connection 0x9ced280, socket error = -5871
08:45:20 93B94BA0 LDAP: Connection 0x9ced280 closed
}}} /%
!Get a list of share on a host
{{{
smbclient -L FRANCIS -U jim
Password:
Domain=[WILLEKE] OS=[Unix] Server=[Samba 3.0.32-0.8-2045-SUSE-CODE10]
Sharename Type Comment
--------- ---- -------
profiles Disk Network Profiles Service
users Disk All users
groups Disk All groups
print$ Disk Printer Drivers
netlogon Disk Network Logon Service
srv Disk Web Stuff
IPC$ IPC IPC Service (Samba 3.0.32-0.8-2045-SUSE-CODE10)
ipp Printer MFC
jim Disk Home Directories
Domain=[WILLEKE] OS=[Unix] Server=[Samba 3.0.32-0.8-2045-SUSE-CODE10]
Server Comment
--------- -------
FRANCIS Samba 3.0.32-0.8-2045-SUSE-CODE10
XENHOST Samba 3.0.32-0.8-2045-SUSE-CODE10
Workgroup Master
--------- -------
WILLEKE XENHOST
}}}
[LDAP] Server shows: ([eDirectory])
%%prettify
{{{
19:00:00 B691EBA0 LDAP: New cleartext connection 0x9ced280 from 192.168.1.4:52750, monitor = 0x9535bba0, index = 9
19:00:00 B6D22BA0 LDAP: (192.168.1.4:52750)(0x0001:0x60) DoBind on connection 0x9ced280
08:02:44 B6D22BA0 LDAP: (192.168.1.4:52750)(0x0001:0x60) Bind name:cn=admin,ou=administration,dc=willeke,dc=com, version:3, authentication:simple
18:34:40 B6D22BA0 LDAP: (192.168.1.4:52750)(0x0001:0x60) Sending operation result 0:"":"" to connection 0x9ced280
04:06:36 9348DBA0 LDAP: (192.168.1.4:52750)(0x0002:0x63) DoSearch on connection 0x9ced280
02:04:24 9348DBA0 LDAP: (192.168.1.4:52750)(0x0002:0x63) Search request:
base: ""
scope:0 dereference:0 sizelimit:0 timelimit:0 attrsonly:0
filter: "(objectclass=*)"
attribute: "supportedControl"
19:00:00 9348DBA0 LDAP: (192.168.1.4:52750)(0x0002:0x63) Sending search result entry "" to connection 0x9ced280
04:06:40 9348DBA0 LDAP: (192.168.1.4:52750)(0x0002:0x63) Sending operation result 0:"":"" to connection 0x9ced280
19:00:00 9338CBA0 LDAP: (192.168.1.4:52750)(0x0003:0x63) DoSearch on connection 0x9ced280
19:00:02 9338CBA0 LDAP: (192.168.1.4:52750)(0x0003:0x63) Search request:
base: "ou=Group,dc=willeke,dc=com"
scope:2 dereference:0 sizelimit:0 timelimit:15 attrsonly:0
filter: "(&(objectClass=sambaGroupMapping)(gidNumber=65533))"
attribute: "gidNumber"
attribute: "sambaSID"
attribute: "sambaGroupType"
attribute: "sambaSIDList"
attribute: "description"
attribute: "displayName"
attribute: "cn"
attribute: "objectClass"
19:00:00 9338CBA0 LDAP: (192.168.1.4:52750)(0x0003:0x63) Sending operation result 0:"":"" to connection 0x9ced280
19:00:00 B691EBA0 LDAP: New cleartext connection 0xb0f7a00 from 192.168.1.4:52751, monitor = 0x9535bba0, index = 16
19:00:00 9535BBA0 LDAP: Monitor 0x9535bba0 found connection 0x9ced280 socket closed, err = -5871, 0 of 0 bytes read
19:00:00 9535BBA0 LDAP: Monitor 0x9535bba0 initiating close for connection 0x9ced280
19:00:00 9358EBA0 LDAP: Server closing connection 0x9ced280, socket error = -5871
19:00:01 9358EBA0 LDAP: Connection 0x9ced280 closed
04/06/09
19:00:00 955DEBA0 LDAP: (192.168.1.4:52751)(0x0001:0x60) DoBind on connection 0xb0f7a00
19:00:00 955DEBA0 LDAP: (192.168.1.4:52751)(0x0001:0x60) Bind name:cn=admin,ou=administration,dc=willeke,dc=com, version:3, authentication:simple
18:34:40 955DEBA0 LDAP: (192.168.1.4:52751)(0x0001:0x60) Sending operation result 0:"":"" to connection 0xb0f7a00
01:44:40 9348DBA0 LDAP: (192.168.1.4:52751)(0x0002:0x63) DoSearch on connection 0xb0f7a00
19:00:00 9348DBA0 LDAP: (192.168.1.4:52751)(0x0002:0x63) Search request:
base: ""
scope:0 dereference:0 sizelimit:0 timelimit:0 attrsonly:0
filter: "(objectclass=*)"
attribute: "supportedControl"
19:00:00 9348DBA0 LDAP: (192.168.1.4:52751)(0x0002:0x63) Sending search result entry "" to connection 0xb0f7a00
19:00:00 9348DBA0 LDAP: (192.168.1.4:52751)(0x0002:0x63) Sending operation result 0:"":"" to connection 0xb0f7a00
19:00:00 9338CBA0 LDAP: (192.168.1.4:52751)(0x0003:0x63) DoSearch on connection 0xb0f7a00
19:00:08 9338CBA0 LDAP: (192.168.1.4:52751)(0x0003:0x63) Search request:
base: "dc=willeke,dc=com"
scope:2 dereference:0 sizelimit:0 timelimit:15 attrsonly:0
filter: "(&(uid=root)(objectclass=sambaSamAccount))"
attribute: "uid"
attribute: "uidNumber"
attribute: "gidNumber"
attribute: "homeDirectory"
attribute: "sambaPwdLastSet"
attribute: "sambaPwdCanChange"
attribute: "sambaPwdMustChange"
attribute: "sambaLogonTime"
attribute: "sambaLogoffTime"
attribute: "sambaKickoffTime"
attribute: "cn"
attribute: "sn"
attribute: "displayName"
attribute: "sambaHomeDrive"
attribute: "sambaHomePath"
attribute: "sambaLogonScript"
attribute: "sambaProfilePath"
attribute: "description"
attribute: "sambaUserWorkstations"
attribute: "sambaSID"
attribute: "sambaPrimaryGroupSID"
attribute: "sambaLMPassword"
attribute: "sambaNTPassword"
attribute: "sambaDomainName"
attribute: "objectClass"
attribute: "sambaAcctFlags"
attribute: "sambaMungedDial"
attribute: "sambaBadPasswordCount"
attribute: "sambaBadPasswordTime"
attribute: "sambaPasswordHistory"
attribute: "modifyTimestamp"
attribute: "sambaLogonHours"
attribute: "modifyTimestamp"
attribute: "uidNumber"
19:00:00 9338CBA0 LDAP: (192.168.1.4:52751)(0x0003:0x63) Sending operation result 0:"":"" to connection 0xb0f7a00
01:44:40 9348DBA0 LDAP: (192.168.1.4:52751)(0x0004:0x63) DoSearch on connection 0xb0f7a00
19:00:02 9348DBA0 LDAP: (192.168.1.4:52751)(0x0004:0x63) Search request:
base: "ou=Group,dc=willeke,dc=com"
scope:2 dereference:0 sizelimit:0 timelimit:15 attrsonly:0
filter: "(&(objectClass=sambaGroupMapping)(gidNumber=65533))"
attribute: "gidNumber"
attribute: "sambaSID"
attribute: "sambaGroupType"
attribute: "sambaSIDList"
attribute: "description"
attribute: "displayName"
attribute: "cn"
attribute: "objectClass"
19:00:00 9348DBA0 LDAP: (192.168.1.4:52751)(0x0004:0x63) Sending operation result 0:"":"" to connection 0xb0f7a00
19:00:00 9535BBA0 LDAP: Monitor 0x9535bba0 found connection 0xb0f7a00 socket closed, err = -5871, 0 of 0 bytes read
19:00:00 9535BBA0 LDAP: Monitor 0x9535bba0 initiating close for connection 0xb0f7a00
19:00:00 9328BBA0 LDAP: Server closing connection 0xb0f7a00, socket error = -5871
19:00:00 9328BBA0 LDAP: Connection 0xb0f7a00 closed
19:00:00 B691EBA0 LDAP: New cleartext connection 0x9ced280 from 192.168.1.4:52754, monitor = 0x9535bba0, index = 9
19:00:00 B6E23BA0 LDAP: (192.168.1.4:52754)(0x0001:0x60) DoBind on connection 0x9ced280
19:00:00 B6E23BA0 LDAP: (192.168.1.4:52754)(0x0001:0x60) Bind name:cn=admin,ou=administration,dc=willeke,dc=com, version:3, authentication:simple
18:34:40 B6E23BA0 LDAP: (192.168.1.4:52754)(0x0001:0x60) Sending operation result 0:"":"" to connection 0x9ced280
04:06:36 94D86BA0 LDAP: (192.168.1.4:52754)(0x0002:0x63) DoSearch on connection 0x9ced280
02:04:24 94D86BA0 LDAP: (192.168.1.4:52754)(0x0002:0x63) Search request:
base: ""
scope:0 dereference:0 sizelimit:0 timelimit:0 attrsonly:0
filter: "(objectclass=*)"
attribute: "supportedControl"
19:00:00 94D86BA0 LDAP: (192.168.1.4:52754)(0x0002:0x63) Sending search result entry "" to connection 0x9ced280
18:34:40 94D86BA0 LDAP: (192.168.1.4:52754)(0x0002:0x63) Sending operation result 0:"":"" to connection 0x9ced280
01:30:56 9348DBA0 LDAP: (192.168.1.4:52754)(0x0003:0x63) DoSearch on connection 0x9ced280
19:00:00 9348DBA0 LDAP: (192.168.1.4:52754)(0x0003:0x63) Search request:
base: "ou=Group,dc=willeke,dc=com"
scope:2 dereference:0 sizelimit:0 timelimit:15 attrsonly:0
filter: "(&(objectClass=sambaGroupMapping)(gidNumber=65533))"
attribute: "gidNumber"
attribute: "sambaSID"
attribute: "sambaGroupType"
attribute: "sambaSIDList"
attribute: "description"
attribute: "displayName"
attribute: "cn"
attribute: "objectClass"
19:00:00 9348DBA0 LDAP: (192.168.1.4:52754)(0x0003:0x63) Sending operation result 0:"":"" to connection 0x9ced280
19:00:00 B691EBA0 LDAP: New cleartext connection 0xb0f7a00 from 192.168.1.4:52755, monitor = 0x9535bba0, index = 16
19:00:00 9535BBA0 LDAP: Monitor 0x9535bba0 found connection 0x9ced280 socket closed, err = -5871, 0 of 0 bytes read
19:00:00 9535BBA0 LDAP: Monitor 0x9535bba0 initiating close for connection 0x9ced280
19:00:00 9338CBA0 LDAP: Server closing connection 0x9ced280, socket error = -5871
17:08:53 9338CBA0 LDAP: Connection 0x9ced280 closed
19:00:00 B6E23BA0 LDAP: (192.168.1.4:52755)(0x0001:0x60) DoBind on connection 0xb0f7a00
19:00:00 B6E23BA0 LDAP: (192.168.1.4:52755)(0x0001:0x60) Bind name:cn=admin,ou=administration,dc=willeke,dc=com, version:3, authentication:simple
18:34:40 B6E23BA0 LDAP: (192.168.1.4:52755)(0x0001:0x60) Sending operation result 0:"":"" to connection 0xb0f7a00
19:00:00 955DEBA0 LDAP: (192.168.1.4:52755)(0x0002:0x63) DoSearch on connection 0xb0f7a00
15:32:24 955DEBA0 LDAP: (192.168.1.4:52755)(0x0002:0x63) Search request:
base: ""
scope:0 dereference:0 sizelimit:0 timelimit:0 attrsonly:0
filter: "(objectclass=*)"
attribute: "supportedControl"
19:00:00 955DEBA0 LDAP: (192.168.1.4:52755)(0x0002:0x63) Sending search result entry "" to connection 0xb0f7a00
18:34:40 955DEBA0 LDAP: (192.168.1.4:52755)(0x0002:0x63) Sending operation result 0:"":"" to connection 0xb0f7a00
18:27:20 9358EBA0 LDAP: (192.168.1.4:52755)(0x0003:0x63) DoSearch on connection 0xb0f7a00
19:24:34 9358EBA0 LDAP: (192.168.1.4:52755)(0x0003:0x63) Search request:
base: "dc=willeke,dc=com"
scope:2 dereference:0 sizelimit:0 timelimit:15 attrsonly:0
filter: "(&(uid=root)(objectclass=sambaSamAccount))"
attribute: "uid"
attribute: "uidNumber"
attribute: "gidNumber"
attribute: "homeDirectory"
attribute: "sambaPwdLastSet"
attribute: "sambaPwdCanChange"
attribute: "sambaPwdMustChange"
attribute: "sambaLogonTime"
attribute: "sambaLogoffTime"
attribute: "sambaKickoffTime"
attribute: "cn"
attribute: "sn"
attribute: "displayName"
attribute: "sambaHomeDrive"
attribute: "sambaHomePath"
attribute: "sambaLogonScript"
attribute: "sambaProfilePath"
attribute: "description"
attribute: "sambaUserWorkstations"
attribute: "sambaSID"
attribute: "sambaPrimaryGroupSID"
attribute: "sambaLMPassword"
attribute: "sambaNTPassword"
attribute: "sambaDomainName"
attribute: "objectClass"
attribute: "sambaAcctFlags"
attribute: "sambaMungedDial"
attribute: "sambaBadPasswordCount"
attribute: "sambaBadPasswordTime"
attribute: "sambaPasswordHistory"
attribute: "modifyTimestamp"
attribute: "sambaLogonHours"
attribute: "modifyTimestamp"
attribute: "uidNumber"
07:11:27 9358EBA0 LDAP: (192.168.1.4:52755)(0x0003:0x63) Sending operation result 0:"":"" to connection 0xb0f7a00
19:00:00 955DEBA0 LDAP: (192.168.1.4:52755)(0x0004:0x63) DoSearch on connection 0xb0f7a00
10:33:32 955DEBA0 LDAP: (192.168.1.4:52755)(0x0004:0x63) Search request:
base: "ou=Group,dc=willeke,dc=com"
scope:2 dereference:0 sizelimit:0 timelimit:15 attrsonly:0
filter: "(&(objectClass=sambaGroupMapping)(gidNumber=65533))"
attribute: "gidNumber"
attribute: "sambaSID"
attribute: "sambaGroupType"
attribute: "sambaSIDList"
attribute: "description"
attribute: "displayName"
attribute: "cn"
attribute: "objectClass"
18:34:40 955DEBA0 LDAP: (192.168.1.4:52755)(0x0004:0x63) Sending operation result 0:"":"" to connection 0xb0f7a00
18:34:40 9535BBA0 LDAP: Monitor 0x9535bba0 found connection 0xb0f7a00 socket closed, err = -5871, 0 of 0 bytes read
09:46:40 9535BBA0 LDAP: Monitor 0x9535bba0 initiating close for connection 0xb0f7a00
19:00:00 9328BBA0 LDAP: Server closing connection 0xb0f7a00, socket error = -5871
19:00:00 9328BBA0 LDAP: Connection 0xb0f7a00 closed
}}} /%
!!!Start Samba Services
{{{
rcsmb restart
rcnmb restart
}}}
!!!Add samba users
First we need to give Samba the admin password. This is accomplished with:
{{{
smbpasswd -w somethingverysecret
}}}
where somethingverysecret is the password for the account you set in smb.conf.
(Tip: if you put a space at the start of the command line then the command won't be saved in you shell history)
You should see a line that says "Setting stored password for 'cn=admin,o=sbs' in secrets.tdb" That will give Samba access via LDAP, so we should now be able to add user accounts.
!!Noraml Users
{{{smbpasswd -a jim}}}
and enter the password twice when prompted
You should see a line that says "Added user jim". If you get error messages complaining about ldapsam_search_one_group you can safely ignore them!
The user should now able to log in via Samba.
!!Test samba connectivity
You can use a windows machine here if you like, but it's easier to test thing on Linux first. The command smbclient allows you to test samba without leaving the command line!
Try
{{{
smbclient //francis/home/tv -U tv
}}}
and enter your password when prompted. You should get a prompt like smb: \>
Try typing ls and you should see the contents of the user's home directory. You can type mkdir mynewfolder and a new folder should be created.
Type exit to leave the smb client. and change to
{{{ /root }}}
and check that ls shows the new folder with the appropriate owner:
{{{
drwxr-xr-x 2 markrobinson eDirectoryUsers 48 Feb 16 16:56 mynewfolder
}}}
!!!From Windows Client
%%prettify
{{{
C:>net view \\192.168.1.5
Shared resources at \\192.168.1.5
Samba 3.0.32-0.8-2045-SUSE-CODE10
Share name Type Used as Comment
-------------------------------------------------------------------------------
groups Disk All groups
ipp Print MFC
jim Disk Home Directories
netlogon Disk Network Logon Service
profiles Disk Network Profiles Service
srv Disk Web Stuff
users Disk All users
The command completed successfully.
}}} /%
!!MAP Drives
{{{
net use H: \\192.168.1.5\home\jim /PERSISTENT:YES
net use M: \\192.168.1.5\mediacontent /PERSISTENT:YES
net use W: \\192.168.1.5\srv /PERSISTENT:YES
net use X: \\192.168.1.5\common /PERSISTENT:YES
}}}
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]