So yeah, after a little bit more searching I found the solution
mentioned here
http://lists.samba.org/archive/samba/2003-May/066660.html
If there only were a way to have both clear and encrypted enabled at the
same time! Then, and only then would life be peachy.
r
Russell Handorf wrote:
I'm guessing that PAM authentication with RADIUS wont work with SAMBA
at all now in my instance, especially if the passwords being returned
to SAMBA from the RADIUS server are clear text (which they are).
Can someone confirm this for me?
Thanks,
r
Russell Handorf wrote:
I've tried setting the security level to being from "user" to
"share". It now logs me in as "guest" from all workstations for some
reason. Here is the smb.conf file once again for all to review:
[global]
workgroup = >snip<
server string = samba file
netbios name = Fileserver
log file = /var/log/samba/%m.log
max log size = 50
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192
SO_SNDBUF=8192
preferred master = True
local master = Yes
domain master = True
dns proxy = yes
remote announce = 192.168.0.255
os level = 40
;domain logons = yes
;logon script = logon.bat
;logon home = \\%G\%U\.profile
name resolve order = wins lmhosts bcast
wins proxy = yes
;preserve case = yes
;short preserve case = yes
wins support= yes
#was user / share
security = user
#must be set to 'no' to use PAM
encrypt passwords = No
update encrypted = No
allow trusted domains = Yes
#min password length = 6
null passwords = No
[homes]
comments = Home Dir
browsable = no
writable = yes
hide dot files = yes
[netlogon]
comment = Network Logon Service
path = /home/netlogon
guest ok = yes
writable = no
share modes = no
write list = domain_admin
[Profiles]
path = /%G/%U/.profile
browseable = no
guest ok = yes
[public]
path = /samba/public
valid users = users
force group = users
writeable = Yes
guest ok = No
Russell Handorf wrote:
Hi Folks,
so now I've managed to trick the authentication server to caching
the one time passwords for me. I'm down to the last two problems:
1. Something odd that I've noticed is that when I use PAM
authentication Windows clients are outright refused. When I enable
"encrypted" passwords, therefor disabling PAM, I'm then able to log
in but with the use of static passwords. The error that the Windows
clients get is the following:
"\\<IP-ADDRESS> is not accessible. You might not have permission to
use this network resource. Contact the administrator of this server
to find out if you have access permissions.
The account is not authorized to log in from this station."
So the question here is that why doesnt this work when I use PAM
authentication, but it does work when I use smbpasswd?!?
2. I've since tried mounting the share on a linux box to see what
was happening. I notice the following behavior with this command:
mount -t smbfs -o username=rhandorf //localhost/rhandorf /mnt/home/
Once I log in, I'm able to browse the directory without *any*
problems. So if I can solve #1, I'll be a happy camper! Does anyone
have any ideas?
Thanks again,
r
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
