Alright, let's try to change "encrypt passwords = Yes". As far as I know, Samba will ignore PAM authentication, if this setting is turned on and most Windows clients require this setting. If it doesn't help, you could also try to create a new guest account and enter its name to the "guest account = <username>" parameter. Maybe that way PAM will not reject the authentication request when connecting.
Regards Gergely Kiss 2008/7/23 Tito <[EMAIL PROTECTED]>: > Sorry.. Before posting did a chek and thought it would solve the problem, > but it diden't.. > > Here is the smb.conf > > # This is the main Samba configuration file. You should read the > # smb.conf(5) manual page in order to understand the options listed > # here. Samba has a huge number of configurable options (perhaps too > # many!) most of which are not shown in this example > # > # For a step to step guide on installing, configuring and using samba, > # read the Samba-HOWTO-Collection. This may be obtained from: > # http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf > # > # Many working examples of smb.conf files can be found in the > # Samba-Guide which is generated daily and can be downloaded from: > # http://www.samba.org/samba/docs/Samba-Guide.pdf > # > # Any line which starts with a ; (semi-colon) or a # (hash) > # is a comment and is ignored. In this example we will use a # > # for commentry and a ; for parts of the config file that you > # may wish to enable > # > # NOTE: Whenever you modify this file you should run the command "testparm" > # to check that you have not made any basic syntactic errors. > # > #--------------- > # SELINUX NOTES: > # > # If you want to use the useradd/groupadd family of binaries please run: > # setsebool -P samba_domain_controller on > # > # If you want to share home directories via samba please run: > # setsebool -P samba_enable_home_dirs on > # > # If you create a new directory you want to share you should mark it as > # "samba-share_t" so that selinux will let you write into it. > # Make sure not to do that on system directories as they may already have > # been marked with othe SELinux labels. > # > # Use ls -ldZ /path to see which context a directory has > # > # Set labels only on directories you created! > # To set a label use the following: chcon -t samba_share_t /path > # > # If you need to share a system created directory you can use one of the > # following (read-only/read-write): > # setsebool -P samba_export_all_ro on > # or > # setsebool -P samba_export_all_rw on > # > # If you want to run scripts (preexec/root prexec/print command/...) please > # put them into the /var/lib/samba/scripts directory so that smbd will be > # allowed to run them. > # Make sure you COPY them and not MOVE them so that the right SELinux > context > # is applied, to check all is ok use restorecon -R -v > /var/lib/samba/scripts > # > #-------------- > # > #======================= Global Settings > ===================================== > > [global] > > # ----------------------- Netwrok Related Options ------------------------- > # > # workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH > # > # server string is the equivalent of the NT Description field > # > # netbios name can be used to specify a server name not tied to the > hostname > # > # Interfaces lets you configure Samba to use multiple interfaces > # If you have multiple network interfaces then you can list the ones > # you want to listen on (never omit localhost) > # > # Hosts Allow/Hosts Deny lets you restrict who can connect, and you can > # specifiy it as a per share option as well > # > workgroup = novafigfort > server string = Samba Server %v > > ; netbios name = MYSERVER > > ; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24 > ; hosts allow = 127. 192.168.12. 192.168.13. > > # --------------------------- Logging Options ----------------------------- > # > # Log File let you specify where to put logs and how to split them up. > # > # Max Log Size let you specify the max size log files should reach > > # logs split per machine > log file = /F/ASCII/samba/log.%m > # max 50KB per log file, then rotate > max log size = 50 > > # ----------------------- Standalone Server Options > ------------------------ > # > # Scurity can be set to user, share(deprecated) or server(deprecated) > # > # Backend to store user information in. New installations should > # use either tdbsam or ldapsam. smbpasswd is available for backwards > # compatibility. tdbsam requires no further configuration. > > security = share > passdb backend = tdbsam > > > # ----------------------- Domain Members Options ------------------------ > # > # Security must be set to domain or ads > # > # Use the realm option only with security = ads > # Specifies the Active Directory realm the host is part of > # > # Backend to store user information in. New installations should > # use either tdbsam or ldapsam. smbpasswd is available for backwards > # compatibility. tdbsam requires no further configuration. > # > # Use password server option only with security = server or if you can't > # use the DNS to locate Domain Controllers > # The argument list may include: > # password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name] > # or to auto-locate the domain controller/s > # password server = * > > > ; realm = MY_REALM > > ; password server = <NT-Server-Name> > > > ; This socket options really speed up Samba under Linux, according to my > ************** PARA TESTAR > ; own tests. > ; socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 > SO_RCVBUF=4096 > > # ----------------------- Domain Controller Options > ------------------------ > # > # Security must be set to user for domain controllers > # > # Backend to store user information in. New installations should > # use either tdbsam or ldapsam. smbpasswd is available for backwards > # compatibility. tdbsam requires no further configuration. > # > # Domain Master specifies Samba to be the Domain Master Browser. This > # allows Samba to collate browse lists between subnets. Don't use this > # if you already have a Windows NT domain controller doing this job > # > # Domain Logons let Samba be a domain logon server for Windows > workstations. > # > # Logon Scrpit let yuou specify a script to be run at login time on the > client > # You need to provide it in a share called NETLOGON > # > # Logon Path let you specify where user profiles are stored (UNC path) > # > # Various scripts can be used on a domain controller or stand-alone > # machine to add or delete corresponding unix accounts > # > > ; domain master = yes > ; domain logons = yes > > # the login script name depends on the machine name > ; logon script = %m.bat > # the login script name depends on the unix user used > ; logon script = %u.bat > ; logon path = \\%L\Profiles\%u > # disables profiles support by specifing an empty path > ; logon path = > > ; add user script = /usr/sbin/useradd "%u" -n -g users > ; add group script = /usr/sbin/groupadd "%g" > ; add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d > /nohome -s /bin/false "%u" > ; delete user script = /usr/sbin/userdel "%u" > ; delete user from group script = /usr/sbin/userdel "%u" "%g" > ; delete group script = /usr/sbin/groupdel "%g" > > > # ----------------------- Browser Control Options > ---------------------------- > # > # set local master to no if you don't want Samba to become a master > # browser on your network. Otherwise the normal election rules apply > # > # OS Level determines the precedence of this server in master browser > # elections. The default value should be reasonable > # > # Preferred Master causes Samba to force a local browser election on > startup > # and gives it a slightly higher chance of winning the election > ; local master = no > ; os level = 33 > ; preferred master = yes > > #----------------------------- Name Resolution > ------------------------------- > # Windows Internet Name Serving Support Section: > # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both > # > # - WINS Support: Tells the NMBD component of Samba to enable it's WINS > Server > # > # - WINS Server: Tells the NMBD components of Samba to be a WINS Client > # > # - WINS Proxy: Tells Samba to answer name resolution queries on > # behalf of a non WINS capable client, for this to work there must be > # at least one WINS Server on the network. The default is NO. > # > # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names > # via DNS nslookups. > > ; wins support = yes > ; wins server = w.x.y.z > ; wins proxy = yes > > ; dns proxy = yes > > # --------------------------- Printing Options > ----------------------------- > # > # Load Printers let you load automatically the list of printers rather > # than setting them up individually > # > # Cups Options let you pass the cups libs custom options, setting it to raw > # for example will let you use drivers on your Windows clients > # > # Printcap Name let you specify an alternative printcap file > # > # You can choose a non default printing system using the Printing option > > ; load printers = yes > cups options = raw > > ; printcap name = /etc/printcap > #obtain list of printers automatically on SystemV > ; printcap name = lpstat > ; printing = cups > > # --------------------------- Filesystem Options > --------------------------- > # > # The following options can be uncommented if the filesystem supports > # Extended Attributes and they are enabled (usually by the mount option > # user_xattr). Thess options will let the admin store the DOS attributes > # in an EA and make samba not mess with the permission bits. > # > # Note: these options can also be set just per share, setting them in > global > # makes them the default for all shares > > ; map archive = no > ; map hidden = no > ; map read only = no > ; map system = no > encrypt passwords = no > obey pam restrictions = no > guest ok = yes > guest account = nobody > ; store dos attributes = yes > > > #============================ Share Definitions > ============================== > > [homes] > comment = Home Directories > browseable = no > writable = yes > ; valid users = %S > ; valid users = MYDOMAIN\%S > > [printers] > comment = All Printers > path = /var/spool/samba > browseable = yes > guest ok = yes > writable = yes > printable = yes > > # Un-comment the following and create the netlogon directory for Domain > Logons > ; [netlogon] > ; comment = Network Logon Service > ; path = /var/lib/samba/netlogon > ; guest ok = yes > ; writable = no > ; share modes = no > > > # Un-comment the following to provide a specific roving profile share > # the default is to use the user's home directory > ; [Profiles] > ; path = /var/lib/samba/profiles > ; browseable = no > ; guest ok = yes > > > # A publicly accessible directory, but read only, except for people in > # the "staff" group > ; [public] > ; comment = Public Stuff > ; path = /home/samba > ; public = yes > ; writable = yes > ; printable = no > ; write list = +staff > > [F] > comment = Server Linux > path = /F > writeable = yes > ; browseable = yes > guest ok = yes > oplocks = yes > level2 oplocks = no > > ----- Original Message ----- *From:* kissg <[EMAIL PROTECTED]> > *To:* Tito <[EMAIL PROTECTED]> > *Cc:* [email protected] > *Sent:* Tuesday, July 22, 2008 6:45 PM > *Subject:* Re: [Samba] Acess from windows to share get closed.. > > It's because PAM rejects user "nobody". Adding the following line to the > [global] section of /etc/samba/smb.conf should help: > > obey pam restrictions = No > > Try it, and see what happens. By the way, it's always a good idea to attach > your config files if you experience problems. It's much easier to help, if > we can see how your configuration looks like. > > Regards > Gergely Kiss > > 2008/7/22 Tito <[EMAIL PROTECTED]>: > >> I'm using FC8 Server with Samba 3.0.30-fc8 and have an erratic problem >> assecing the share. >> I have a Share that every one can acess and I use the nobody user to >> acess everithing without any problem, and from time to time when user >> tries to acess a file the share gets closed, than we have to resart the >> machine and it goes wel again. >> >> the log for one user is below >> >> why does it closes the conection? and what can be done ? >> >> [2008/07/16 17:41:22, 1] smbd/service.c:close_cnum(1230) >> carlap (192.168.6.114) closed connection to service HPArma >> [2008/07/16 17:41:22, 1] smbd/service.c:close_cnum(1230) >> carlap (192.168.6.114) closed connection to service F >> [2008/07/17 07:48:34, 1] smbd/service.c:make_connection_snum(1033) >> carlap (192.168.6.114) connect to service HPArma initially as user >> nobody (uid=99, gid=99) (pid 6337) >> [2008/07/17 07:48:36, 0] auth/pampass.c:smb_pam_passcheck(809) >> smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User nobody ! >> [2008/07/17 07:48:36, 1] smbd/service.c:make_connection_snum(1033) >> carlap (192.168.6.114) connect to service F initially as user nobody >> (uid=99, gid=99) (pid 6337) >> [2008/07/17 07:48:38, 0] auth/pampass.c:smb_pam_passcheck(809) >> smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User nobody ! >> [2008/07/17 09:51:49, 1] smbd/service.c:close_cnum(1230) >> carlap (192.168.6.114) closed connection to service F >> [2008/07/17 09:51:49, 1] smbd/service.c:close_cnum(1230) >> carlap (192.168.6.114) closed connection to service HPArma >> [2008/07/17 09:55:09, 1] smbd/service.c:make_connection_snum(1033) >> carlap (192.168.6.114) connect to service HPArma initially as user >> nobody (uid=99, gid=99) (pid 6660) >> [2008/07/17 09:55:11, 0] auth/pampass.c:smb_pam_passcheck(809) >> smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User nobody ! >> [2008/07/17 09:55:11, 1] smbd/service.c:make_connection_snum(1033) >> carlap (192.168.6.114) connect to service F initially as user nobody >> (uid=99, gid=99) (pid 6660) >> [2008/07/17 09:55:13, 0] auth/pampass.c:smb_pam_passcheck(809) >> smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User nobody ! >> [2008/07/17 14:19:39, 1] smbd/service.c:close_cnum(1230) >> carlap (192.168.6.114) closed connection to service F >> [2008/07/17 14:19:39, 1] smbd/service.c:close_cnum(1230) >> carlap (192.168.6.114) closed connection to service HPArma >> [2008/07/17 14:26:26, 1] smbd/service.c:make_connection_snum(1033) >> carlap (192.168.6.114) connect to service HPArma initially as user >> nobody (uid=99, gid=99) (pid 7199) >> [2008/07/17 14:26:28, 0] auth/pampass.c:smb_pam_passcheck(809) >> smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User nobody ! >> [2008/07/17 14:26:28, 1] smbd/service.c:make_connection_snum(1033) >> carlap (192.168.6.114) connect to service F initially as user nobody >> (uid=99, gid=99) (pid 7199) >> [2008/07/17 14:26:30, 0] auth/pampass.c:smb_pam_passcheck(809) >> smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User nobody ! >> [2008/07/17 16:46:04, 1] smbd/service.c:close_cnum(1230) >> carlap (192.168.6.114) closed connection to service HPArma >> [2008/07/17 16:46:04, 1] smbd/service.c:close_cnum(1230) >> carlap (192.168.6.114) closed connection to service F >> [2008/07/18 07:39:38, 1] smbd/service.c:make_connection_snum(1033) >> carlap (192.168.6.114) connect to service HPArma initially as user >> nobody (uid=99, gid=99) (pid 10523) >> [2008/07/18 07:39:44, 0] auth/pampass.c:smb_pam_passcheck(809) >> smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User nobody ! >> [2008/07/18 07:39:44, 1] smbd/service.c:make_connection_snum(1033) >> carlap (192.168.6.114) connect to service F initially as user nobody >> (uid=99, gid=99) (pid 10523) >> [2008/07/18 07:39:46, 0] auth/pampass.c:smb_pam_passcheck(809) >> smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User nobody ! >> [2008/07/18 17:00:48, 1] smbd/service.c:close_cnum(1230) >> carlap (192.168.6.114) closed connection to service HPArma >> [2008/07/18 17:00:48, 1] smbd/service.c:close_cnum(1230) >> carlap (192.168.6.114) closed connection to service F >> [2008/07/21 07:50:46, 1] smbd/service.c:make_connection_snum(1033) >> carlap (192.168.6.114) connect to service HPArma initially as user >> nobody (uid=99, gid=99) (pid 5759) >> [2008/07/21 07:50:49, 0] auth/pampass.c:smb_pam_passcheck(809) >> smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User nobody ! >> [2008/07/21 07:50:49, 1] smbd/service.c:make_connection_snum(1033) >> carlap (192.168.6.114) connect to service F initially as user nobody >> (uid=99, gid=99) (pid 5759) >> [2008/07/21 07:50:51, 0] auth/pampass.c:smb_pam_passcheck(809) >> smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User nobody ! >> [2008/07/21 17:36:27, 1] smbd/service.c:close_cnum(1230) >> carlap (192.168.6.114) closed connection to service F >> [2008/07/21 17:36:27, 1] smbd/service.c:close_cnum(1230) >> carlap (192.168.6.114) closed connection to service HPArma >> [2008/07/22 07:56:25, 1] smbd/service.c:make_connection_snum(1033) >> carlap (192.168.6.114) connect to service HPArma initially as user >> nobody (uid=99, gid=99) (pid 11859) >> [2008/07/22 07:56:28, 0] auth/pampass.c:smb_pam_passcheck(809) >> smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User nobody ! >> [2008/07/22 07:56:28, 1] smbd/service.c:make_connection_snum(1033) >> carlap (192.168.6.114) connect to service F initially as user nobody >> (uid=99, gid=99) (pid 11859) >> [2008/07/22 07:56:30, 0] auth/pampass.c:smb_pam_passcheck(809) >> smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User nobody ! >> [2008/07/22 16:54:17, 1] smbd/service.c:close_cnum(1230) >> carlap (192.168.6.114) closed connection to service HPArma >> [2008/07/22 16:54:17, 1] smbd/service.c:close_cnum(1230) >> carlap (192.168.6.114) closed connection to service F >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/listinfo/samba >> > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
