Am Donnerstag, 8. Mai 2008 schrieb [EMAIL PROTECTED]: > > Günter Kukkukk wrote: > > Am Donnerstag, 8. Mai 2008 schrieb [EMAIL PROTECTED]: > >> Günter Kukkukk wrote: > >> > Am Mittwoch, 7. Mai 2008 schrieb [EMAIL PROTECTED]: > >> >> I have a friend that had a samba server go down. They switched to > >> another > >> >> server and are having problems with people logging into it from > >> Windows > >> 98. If the same user logs in from WinXp then everything works > >> otherwise > >> >> they get an error. He also said that the smb.conf files were the > >> same on > >> >> both servers. > >> >> >From the errors it almost looks like some sort of permission > >> problem, > >> >> but > >> >> since it logs in from XP clients then that throws that theory out the > >> door. > >> >> Thanks for any info. > >> >> Scott > >> >> Here is the error that he said he gets: > >> >> ************************************************************************ > >> Here it the message I get when trying to login from a Windows 98 > >> Machine. > >> >> "The Password is Incorrect. Try Again" > >> >> This only happens from Windows 98 or 95 machines. The same user can > >> login > >> >> to the samba server from Windows 2000 or XP. > >> >> The log file from /var/log/samba on that machine is as follows: BTW > >> I'm > >> >> not trying to login as Administrator. > >> >> [2008/05/06 09:11:20, 0] > >> >> auth/auth_util.c:create_builtin_administrators(792) > >> >> create_builtin_administrators: Failed to create Administrators > >> >> [2008/05/06 09:11:20, 0] auth/auth_util.c:create_builtin_users(758) > >> >> create_builtin_users: Failed to create Users > >> >> [2008/05/06 09:11:29, 0] > >> >> auth/auth_util.c:create_builtin_administrators(792) > >> >> create_builtin_administrators: Failed to create Administrators > >> >> [2008/05/06 09:11:29, 0] auth/auth_util.c:create_builtin_users(758) > >> >> create_builtin_users: Failed to create Users > >> >> [2008/05/06 09:11:35, 0] > >> >> auth/auth_util.c:create_builtin_administrators(792) > >> >> create_builtin_administrators: Failed to create Administrators > >> >> [2008/05/06 09:11:35, 0] auth/auth_util.c:create_builtin_users(758) > >> >> create_builtin_users: Failed to create Users > >> >> [2008/05/06 09:11:47, 0] > >> >> auth/auth_util.c:create_builtin_administrators(792) > >> >> create_builtin_administrators: Failed to create Administrators > >> >> [2008/05/06 09:11:47, 0] auth/auth_util.c:create_builtin_users(758) > >> >> create_builtin_users: Failed to create Users > >> >> [2008/05/06 09:15:12, 0] > >> >> auth/auth_util.c:create_builtin_administrators(792) > >> >> create_builtin_administrators: Failed to create Administrators > >> >> [2008/05/06 09:15:12, 0] auth/auth_util.c:create_builtin_users(758) > >> >> create_builtin_users: Failed to create Users > >> >> [2008/05/06 09:28:32, 0] > >> >> auth/auth_util.c:create_builtin_administrators(792) > >> >> create_builtin_administrators: Failed to create Administrators > >> >> [2008/05/06 09:28:32, 0] auth/auth_util.c:create_builtin_users(758) > >> >> create_builtin_users: Failed to create Users > >> >> [2008/05/06 10:02:51, 0] > >> >> auth/auth_util.c:create_builtin_administrators(792) > >> >> create_builtin_administrators: Failed to create Administrators > >> >> [2008/05/06 10:02:51, 0] auth/auth_util.c:create_builtin_users(758) > >> >> create_builtin_users: Failed to create Users > >> >> [2008/05/06 13:18:56, 0] > >> >> auth/auth_util.c:create_builtin_administrators(792) > >> >> create_builtin_administrators: Failed to create Administrators > >> >> [2008/05/06 13:18:56, 0] auth/auth_util.c:create_builtin_users(758) > >> >> create_builtin_users: Failed to create Users > >> >> [2008/05/06 13:49:06, 0] > >> >> auth/auth_util.c:create_builtin_administrators(792) > >> >> create_builtin_administrators: Failed to create Administrators > >> >> [2008/05/06 13:49:06, 0] auth/auth_util.c:create_builtin_users(758) > >> >> create_builtin_users: Failed to create Users > >> >> [2008/05/06 13:53:41, 0] > >> >> auth/auth_util.c:create_builtin_administrators(792) > >> >> create_builtin_administrators: Failed to create Administrators > >> >> [2008/05/06 13:53:41, 0] auth/auth_util.c:create_builtin_users(758) > >> >> create_builtin_users: Failed to create Users > >> >> [2008/05/06 14:01:34, 0] > >> >> auth/auth_util.c:create_builtin_administrators(792) > >> >> create_builtin_administrators: Failed to create Administrators > >> >> [2008/05/06 14:01:34, 0] auth/auth_util.c:create_builtin_users(758) > >> >> create_builtin_users: Failed to create Users > >> >> [2008/05/06 14:24:56, 0] > >> >> auth/auth_util.c:create_builtin_administrators(792) > >> >> create_builtin_administrators: Failed to create Administrators > >> >> [2008/05/06 14:24:56, 0] auth/auth_util.c:create_builtin_users(758) > >> >> create_builtin_users: Failed to create Users > >> >> [2008/05/06 14:25:50, 0] > >> >> auth/auth_util.c:create_builtin_administrators(792) > >> >> create_builtin_administrators: Failed to create Administrators > >> >> [2008/05/06 14:25:50, 0] auth/auth_util.c:create_builtin_users(758) > >> >> create_builtin_users: Failed to create Users > >> >> [2008/05/06 14:28:47, 0] > >> >> auth/auth_util.c:create_builtin_administrators(792) > >> >> create_builtin_administrators: Failed to create Administrators > >> >> [2008/05/06 14:28:47, 0] auth/auth_util.c:create_builtin_users(758) > >> >> create_builtin_users: Failed to create Users > >> >> [2008/05/06 14:35:56, 0] > >> >> auth/auth_util.c:create_builtin_administrators(792) > >> >> create_builtin_administrators: Failed to create Administrators > >> >> [2008/05/06 14:35:56, 0] auth/auth_util.c:create_builtin_users(758) > >> >> create_builtin_users: Failed to create Users > >> >> [2008/05/06 14:55:06, 0] > >> >> auth/auth_util.c:create_builtin_administrators(792) > >> >> create_builtin_administrators: Failed to create Administrators > >> >> [2008/05/06 14:55:06, 0] auth/auth_util.c:create_builtin_users(758) > >> >> create_builtin_users: Failed to create Users > >> >> ********************************************************************** > >> Here is the smb.conf > >> >> ***************************************************************** > >> [global] > >> >> netbios name = park > >> >> workgroup = PV > >> >> server string = %h server (Samba, Ubuntu) > >> >> dns proxy = no > >> >> log file = /var/log/samba/log.%m > >> >> max log size = 1000 > >> >> syslog = 0 > >> >> panic action = /usr/share/samba/panic-action %d > >> >> encrypt passwords = true > >> >> passdb backend = tdbsam > >> >> obey pam restrictions = yes > >> >> invalid users = root > >> >> passwd program = /usr/bin/passwd %u > >> >> passwd chat = *Enter\snew\s*\spassword:* %n\n > >> >> *Retype\snew\s*\spassword:* > >> >> %n\n *password\supdated\ssuccessfully* . > >> >> map to guest = bad user > >> >> socket options = TCP_NODELAY > >> >> usershare allow guests = yes > >> >> comment = Home Directories > >> >> browseable = yes > >> >> read only = no > >> >> create mask = 0700 > >> >> directory mask = 0700 > >> >> valid users = %U > >> >> locking = no > >> >> [printers] > >> >> comment = All Printers > >> >> browseable = no > >> >> path = /var/spool/samba > >> >> printable = yes > >> >> guest ok = no > >> >> read only = yes > >> >> create mask = 0700 > >> >> [print$] > >> >> comment = Printer Drivers > >> >> path = /var/lib/samba/printers > >> >> browseable = yes > >> >> read only = yes > >> >> guest ok = no > >> >> [Public] > >> >> comment = Public Stuff > >> >> path = /home/public > >> >> public = yes > >> >> writable = yes > >> >> write list = @staff > >> >> browsable = yes > >> >> read only = no > >> >> directory mode = 0770 > >> >> default case = upper > >> >> [hcnul] > >> >> path = /home/hcnul > >> >> writable = yes > >> >> write list = @hcnul > >> >> browsable = yes > >> >> read only = no > >> >> directory mode = 0770 > >> > > >> > Please do the following on the new samba server: > >> > post the outcome of 'testparm -vs | grep lanman' > >> > > >> > As root, 'pdbedit -w username -d0', where "username" is a user > >> > which is not working from win9x. > >> > > >> > Cheers, Günter > >> > >> > >> > >> Here is what he said: > >> > >> The testparm command shows: > >> > >> Processing section "[homes]" > >> . > >> . > >> . > >> Loaded services file OK > >> Server role: ROLE_STANDALONE > >> lanman auth = No > >> client lanman auth = No > >> > >> The pdbedit command shows: > >> > >> kemperk:1002:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:ADEC9EDC3A6A794D691E6DFAFCFAEE85:[U > >> ]:LCT-481B6630: > >> > > > > In some recent samba version some security defaults have changed > > to more restricted ones, i.e. lanman auth, client lanman auth, ... > > are now set to "no", if not explicitely specified. > > > > As you can see from the pdbedit output, the lanman hash has been > > X-ed out, which means it's gone atm. > > > > To get the former win98 logon possibility back, do the > > following: > > > > 1. Add "lanman auth = Yes" to the [global] section of smb.conf > > 2. Now to get the old lanman hash back, you have to re-enter the > > samba password for every affected user by using > > 'smbpasswd your_username' > > > > Note that the old lanman hash has a weak design and can add > > security problems to your network. > > > > If you also use the samba client tools, i.e. smbclient, > > to access remote legacy servers, you also have to set > > "client lanman auth = Yes" in smb.conf. > > > > Thanks. I will check with him and see what he says. I was wondering why > mine showed both of those = 'Yes' and his were both 'No'. If this works > though, he will have to go through and add all the passwords back to the > hash. Is there an easier way to add all the users back into the has > without having to do them all manually? >
Just had an even closer look to that now. Do the following: 1. Add "lanman auth = Yes" to the [global] section of smb.conf Note, that this change will also affect the outcome of pdbedit! Sorry, I forgot to mention this. :-) Then - as root - list all configured samba users with 'pdbedit -Lw' Only those users must be re-configured, where the lanman hash has been X-ed out. I think, nearly all will be listed as ok, so no further action is needed for those. Cheers, Günter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba