> [2006/01/10 11:37:47, 3] libsmb/ntlm_check.c:ntlm_password_check(455) > ntlm_password_check: LM password, NT MD4 password in LM field and > LMv2 failed for user someuser
Aha, so the password being entered doesn't match the password for 'someuser' - did you remember to 'smbpasswd -a someuser' to give 'someuser' a Samba password? You have to do that because Samba can't actually compare a Windows password to the UNIX one (it can't convert from the Windows hash to the UNIX hash.) > Hmmm... That might be a good compromise. But doesn't "security=user" > imply I have to create samba users with the same names (and > passwords?) as the XP users? Now that I think of it, this doesn't > make sense if there is a propt for username and password, but I > believe that's what I've read... Also, how would that work with Win98? Not necessarily. If you do create Samba users with the same username and password then the XP users won't get prompted for a password, but if you don't create extra users (i.e. their XP username and password don't work) then XP will prompt them for the correct credentials. As to Win98 though you have a point, since Win98 doesn't provide a way to enter in a username - it is always set to the username entered when logging on to the PC. It may be possible to use "bad user = xxx" to effectively map all users to user 'xxx', however this would mean any additional shares you add in the future would have to use the same password. With security=share it should be possible to have a different password for each share. One last idle thought - if you have an XP/2000 server storing all the user accounts, it is possible to get Samba to check all usernames and passwords with that server. This means you could use security=user and then for each share say "valid users = user1 user2 etc" and that way those users should be permitted to access the share without entering in a password, whereas all other users would be prompted for a correct username/password (and if you use the "force user" option you shouldn't have to create UNIX accounts for all the NT users.) The down side is that you'd have to modify smb.conf every time you wanted to alter the access to a share (as NT groups won't work in this case) however it should mean that users won't have to keep entering in a password all the time. Cheers, Adam. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
