On Mon, Dec 27, 2010 at 2:16 AM, Gaiseric Vandal <[email protected]> wrote: > I can't see any way that, with your configuration, samba could be > using your linux password as a samba password. You would have to be > using plain text passwords in windows have samba authenticate it > against your linux password. Is it really using your "linux" > password, or at some point was your samba password the same as your > linux password?
The samba and linux passwords was always different. > > Or did you configure pam or nsswitch.conf to have linux authenticate > against "windows" passwords? No. I use ubuntu 10.10 and the default configuration. See below my nsswitch.conf, but i think it's the default and does not matter. > Did you try running "testparm -v" in case there are some parameters > with unexpected defaults? Did this, see output below. But i can't find a "wrong" or unexpected paramter. > Did you try disabling "obey pam restrictions?" Maybe that is > preventing the password change? Yes, i tried this. The same result :( > On Sat, Dec 25, 2010 at 11:32 AM, Hartmut <[email protected]> wrote: >> Hello, >> >> I have a strange problem with my samba server. When I try to connect >> with my (Windows)client and samba ask for the password, it's only >> accepting my linux-user password, not my samba-user password (set with >> smbpasswd and as root with smbpasswd <user>). >> >> And now the strange about it. When i change my sambapassword with >> smbpasswd, and try to login from my client, then the samba-user password >> is accepted. But after a reboot of my samba server, the server accepts >> only the linux-user password. I have to (re)set the samba-user password >> again with smbpasswd and only after that, I can login with the >> samba-user password. >> >> Is there something wrong with my smb.conf (see below)? Or what else >> could be the problem? >> >> >> ------------- >> smb.conf: >> [global] >> # debuglevel = 1 >> workgroup = Gruppe >> server string = Datastring >> wins support = no >> dns proxy = no >> >> interfaces = 192.168.1.0/24 127.0.0.1/8 >> bind interfaces only = yes >> >> log file = /var/log/samba/log.%m >> max log size = 1000 >> syslog = 0 >> security = user >> encrypt passwords = true >> passdb backend = tdbsam >> obey pam restrictions = yes >> unix password sync = no >> pam password change = no >> map to guest = bad user >> domain logons = no >> load printers = no >> domain master = no >> usershare allow guests = no >> >> vfs objects = recycle >> recycle: repository = .trash.bin >> recycle: keeptree = Yes >> recycle:versions = Yes >> >> [lager] >> comment = Lager >> path = /media/lager_hdd >> public = no >> valid users = user1 >> read only = no >> browseable = no >> ------------- >> >> Greetings >> Hartmut >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -------------------------- Load smb config files from /etc/samba/smb.conf rlimit_max: rlimit_max (1024) below minimum Windows limit (16384) Processing section "[lager]" Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions [global] dos charset = CP850 unix charset = UTF-8 display charset = LOCALE workgroup = Gruppe realm = netbios name = SERVER1 netbios aliases = netbios scope = server string = Datastring interfaces = 192.168.1.0/24, 127.0.0.1/8 bind interfaces only = Yes security = USER auth methods = encrypt passwords = Yes update encrypted = No client schannel = Auto server schannel = Auto allow trusted domains = Yes map to guest = Bad User null passwords = No obey pam restrictions = Yes password server = * smb passwd file = /etc/samba/smbpasswd private dir = /etc/samba passdb backend = tdbsam algorithmic rid base = 1000 root directory = guest account = nobody enable privileges = Yes pam password change = No passwd program = passwd chat = *new*password* %n\n *new*password* %n\n *changed* passwd chat debug = No passwd chat timeout = 2 check password script = username map = password level = 0 username level = 0 unix password sync = No restrict anonymous = 0 lanman auth = No ntlm auth = Yes client NTLMv2 auth = No client lanman auth = No client plaintext auth = No preload modules = dedicated keytab file = kerberos method = default map untrusted to domain = No log level = 0 syslog = 0 syslog only = No log file = /var/log/samba/log.%m max log size = 1000 debug timestamp = Yes debug prefix timestamp = No debug hires timestamp = Yes debug pid = No debug uid = No debug class = No enable core files = Yes smb ports = 445 139 large readwrite = Yes max protocol = NT1 min protocol = CORE min receivefile size = 0 read raw = Yes write raw = Yes disable netbios = No reset on zero vc = No acl compatibility = auto defer sharing violations = Yes nt pipe support = Yes nt status support = Yes announce version = 4.9 announce as = NT max mux = 50 max xmit = 16644 name resolve order = lmhosts wins host bcast max ttl = 259200 max wins ttl = 518400 min wins ttl = 21600 time server = No unix extensions = Yes use spnego = Yes client signing = auto server signing = No client use spnego = Yes client ldap sasl wrapping = plain enable asu support = No svcctl list = deadtime = 0 getwd cache = Yes keepalive = 300 lpq cache time = 30 max smbd processes = 0 paranoid server security = Yes max disk size = 0 max open files = 16384 socket options = TCP_NODELAY use mmap = Yes hostname lookups = No name cache timeout = 660 ctdbd socket = cluster addresses = clustering = No ctdb timeout = 0 load printers = No printcap cache time = 750 printcap name = cups server = cups encrypt = No cups connection timeout = 30 iprint server = disable spoolss = No addport command = enumports command = addprinter command = deleteprinter command = show add printer wizard = Yes os2 driver map = mangling method = hash2 mangle prefix = 1 max stat cache size = 256 stat cache = Yes machine password timeout = 604800 add user script = rename user script = delete user script = add group script = delete group script = add user to group script = delete user from group script = set primary group script = add machine script = shutdown script = abort shutdown script = username map script = logon script = logon path = \\%N\%U\profile logon drive = logon home = \\%N\%U domain logons = No init logon delayed hosts = init logon delay = 100 os level = 20 lm announce = Auto lm interval = 60 preferred master = No local master = Yes domain master = No browse list = Yes enhanced browsing = Yes dns proxy = No wins proxy = No wins server = wins support = No wins hook = kernel oplocks = Yes lock spin time = 200 oplock break wait time = 0 ldap admin dn = ldap delete dn = No ldap group suffix = ldap idmap suffix = ldap machine suffix = ldap passwd sync = no ldap replication sleep = 1000 ldap suffix = ldap ssl = start tls ldap ssl ads = No ldap deref = auto ldap follow referral = Auto ldap timeout = 15 ldap connection timeout = 2 ldap page size = 1024 ldap user suffix = ldap debug level = 0 ldap debug threshold = 10 eventlog list = add share command = change share command = delete share command = preload = lock directory = /var/run/samba state directory = /var/lib/samba cache directory = /var/cache/samba pid directory = /var/run/samba utmp directory = wtmp directory = utmp = No default service = message command = get quota command = set quota command = remote announce = remote browse sync = socket address = 0.0.0.0 nmbd bind explicit broadcast = Yes homedir map = auto.home afs username map = afs token lifetime = 604800 log nt token command = time offset = 0 NIS homedir = No registry shares = No usershare allow guests = No usershare max shares = 100 usershare owner only = Yes usershare path = /var/lib/samba/usershares usershare prefix allow list = usershare prefix deny list = usershare template share = panic action = perfcount module = host msdfs = Yes passdb expand explicit = No idmap backend = tdb idmap alloc backend = idmap cache time = 604800 idmap negative cache time = 120 idmap uid = idmap gid = template homedir = /home/%D/%U template shell = /bin/false winbind separator = \ winbind cache time = 300 winbind reconnect delay = 30 winbind enum users = No winbind enum groups = No winbind use default domain = No winbind trusted domains only = No winbind nested groups = Yes winbind expand groups = 1 winbind nss info = template winbind refresh tickets = No winbind offline logon = No winbind normalize names = No winbind rpc only = No create krb5 conf = Yes recycle:versions = Yes recycle: keeptree = Yes recycle: repository = .trash.bin comment = path = username = invalid users = valid users = admin users = read list = write list = printer admin = force user = force group = read only = Yes acl check permissions = Yes acl group control = No acl map full control = Yes create mask = 0744 force create mode = 00 security mask = 0777 force security mode = 00 directory mask = 0755 force directory mode = 00 directory security mask = 0777 force directory security mode = 00 force unknown acl user = No inherit permissions = No inherit acls = No inherit owner = No guest only = No administrative share = No guest ok = No only user = No hosts allow = hosts deny = allocation roundup size = 1048576 aio read size = 0 aio write size = 0 aio write behind = ea support = No nt acl support = Yes profile acls = No map acl inherit = No afs share = No smb encrypt = auto block size = 1024 change notify = Yes directory name cache size = 100 kernel change notify = Yes max connections = 0 min print space = 0 strict allocate = No strict sync = No sync always = No use sendfile = No write cache size = 0 max reported print jobs = 0 max print jobs = 1000 printable = No printing = cups cups options = print command = lpq command = %p lprm command = lppause command = lpresume command = queuepause command = queueresume command = printer name = use client driver = No default devmode = Yes force printername = No printjob username = %U default case = lower case sensitive = Auto preserve case = Yes short preserve case = Yes mangling char = ~ hide dot files = Yes hide special files = No hide unreadable = No hide unwriteable files = No delete veto files = No veto files = hide files = veto oplock files = map archive = Yes map hidden = No map system = No map readonly = yes mangled names = Yes store dos attributes = No dmapi support = No browseable = Yes access based share enum = No blocking locks = Yes csc policy = manual fake oplocks = No locking = Yes oplocks = Yes level2 oplocks = Yes oplock contention limit = 2 posix locking = Yes strict locking = Auto share modes = Yes dfree cache time = 0 dfree command = copy = preexec = preexec close = No postexec = root preexec = root preexec close = No root postexec = available = Yes volume = fstype = NTFS set directory = No wide links = No follow symlinks = Yes dont descend = magic script = magic output = delete readonly = No dos filemode = No dos filetimes = Yes dos filetime resolution = No fake directory create times = No vfs objects = recycle msdfs root = No msdfs proxy = [lager] comment = Lager path = /media/lager_hdd valid users = user1 read only = No browseable = No -------------------------- -------------------------- # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. passwd: compat group: compat shadow: compat hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis -------------------------- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
