I don't use NT or win2000, but, this sounds like you are failing Test #10 in DIAGNOSIS.txt in the source documents. It suggests you enable encrypted passwords on the samba server. Maybe you didn't do the hack properly. I would look at tcpdump during the log on to see if you are really sending passwords in the clear. (BTW, I have never tried this particular trick, but, it sounds easy.)
Joel On Wed, May 15, 2002 at 07:35:32PM -0500, Kris Kelley wrote: > Hello all. > > A couple of days back I posted a question about how I could get a Win2K > client to mount a share from my linux Samba server. I was getting the > familiar "account is not authorized to log in from this station" error > on the Win2K box, despite a set-up that supposedly allowed guest logins > *and* implemented the registry hack for clear-text passwords on the > Win2k box. > > While I didn't find a direct solution, Herb Lewis in particular was very > helpful in offering suggestions. I decided to abandon the RPM approach > and install from the source package instead, if only to have better > control over what extra features were enabled (bye-bye, PAM!). > > I've made some progress since then. I am certain that the stumbling > block I'm facing now is a real stupid one, but I'm brain-dead on finding > the solution. > > My set up: Red Hat Linux 7.1 (kernel 2.4.9) running Samba 2.2.4. I > compiled and installed using all the defaults, with one exception: I > enabled the smbmount feature. > > My configuration is pretty basic at the moment. This is my smb.conf > file: > > [global] > workgroup = DEVGROUP > security = user > netbios name = skunkworx > [test] > comment = test share > path = /export/samba/test > read only = no > guest ok = yes > > /export/samba/test does exist, and has 777 permissions. > > At first, this is the only configuration of any kind that I did; I > didn't even use smbpasswd to set up any Samba-specific user passwords. > > Once I fired up Samba, I tried to access it from a Win2k box, on which > I'm logged in as DEVGROUP/skunk (user "skunk" also exists on the linux > box, and the passwords are the same in both environments). This failed > with the usual "account is not authorized to log in from this station" > error (clear text passwords are enabled on the Win2K box), and I only > saw this in Samba's logs (level 2): > > [2002/05/15 19:17:57, 2] smbd/reply.c:reply_special(91) > netbios connect: name1=SKUNKWORX name2=WIN2KBOX > [2002/05/15 19:17:57, 2] smbd/reply.c:reply_special(110) > netbios connect: local=skunkworx remote=nfstest > > However, when I used the "net use" CLI command to log in with user > "nobody", supplying "nobody"'s password, it worked! The share was > successfully mounted, and I saw these entries in the Samba log: > > [2002/05/15 19:18:29, 2] smbd/reply.c:reply_sesssetup_and_X(973) > Defaulting to Lanman password for nobody > [2002/05/15 19:18:29, 1] smbd/service.c:make_connection(651) > nfstest (172.16.4.100) connect to service test as user nobody > (uid=99, gid=99) (pid 15247) > > > I then tried putting "skunk" into Samba's user database using this > command: > > smbpasswd -a skunk <skunk's password> > > I still couldn't access the share as user "skunk", though; I got the > same error message on the Win2K side and the same Samba log entries on > the linux side. > > I should note that when I use smbclient, I can access the test share > just fine as user "skunk" on the linux box. > > So, what obvious thing am I missing? What allows user "nobody" to > access the share from a Win2k box, but then denies all other users? > There is no Win2k user "nobody" within the DEVGROUP domain, if that > provides any clue. > > Please let me know if more information is needed. Any and all help is > greatly appreciated! > > ---Kris Kelley > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
