[Samba] SMB gurus: please help - I am desperate.
I apologize up front for re-posting this, but I need to find a solution to this problem. I have been having hard time to believe that there isn't one person among the SMB gurus that doesn't know how a W2K client connects to an SMB server. So, if you happen to know even the slightest hint to this baffling problem, I would be forever grateful. OK. Here goes (original subject line was: Why does a W2K (pro) client do more than it is asked to do?) Desperate to find out why connecting to a samba share(on an AIX server) from W2K is so slow, I tried connecting to the same share from a Linux box, using smbclient: smbclient aixserver\\sharedir$ -U lynn The results were amazing. The connection was so MUCH FASTER then connecting from a W2K (pro) workstation: \\aixserver\sharedir$ (in the Start|Run edit box) When I examined the samba log files on the server, I could see why. The log file for the Linux client contained a single entry: [2004/02/23 11:55:35, 1] smbd/service.c:make_connection(636) linuxbox (192.168.0.4) connect to service sharedir$ as user lynn (uid=21776, gid=1) (pid 125438) So clean, so elegant, so beautiful! :) OTOH, the log file for the W2K client contained an entry similar to the above, but was immediately followed by about 30 messages of the form: [2004/02/23 11:59:03, 0] smbd/password.c:user_ok(683) rejected user nobody:3004-302 Your account has expired; please see the system administrator. Now... my question: Why? What does the W2K client do that triggers this barrage of rejected authentications of a user 'nobody' (that is clearly not allowed to enter)? More importantly, is there a way to configure EITHER the W2K client or the Samba server (or both) to not waste time on these unallowed accesses? Since smbclient produces such a clean entry, I would assume the fix must be on the client side (W2K) only. But I would take any advice. :) Please note that I am not allowed (in my corporate environment) to enable the guest account on this machine. Therefore, the solution must not involve enabling the guest account (if there is such a solution). My smb.conf global section has security=user (actually no 'security' entry, it simply takes the default, which is 'user'). The settings of the share are: [sharedir$] comment = %h shared dir path = /home/shared valid users = +sambagrp techsup browseable = No That's it. Any other settings are implied by taking the defaults. User account 'lynn' is a member of the group 'sambagrp' and as you can see from the original posting, it successfully authenticates from both a W2K client and a Linux client. 'techsup' is a special user account (may or may not be a member of 'sambagrp'). I hope this can give further clues to solving the mystery. Thanks in advance, Lynn (Samba 2.2.8a on AIX 5.1) __ Do you Yahoo!? Yahoo! Search - Find what youre looking for faster http://search.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SMB gurus: please help - I am desperate.
Read Implemeting CIFS, freely avaiblable in the web. =) On Fri, 2004-03-05 at 14:00, Linux Lover wrote: I apologize up front for re-posting this, but I need to find a solution to this problem. I have been having hard time to believe that there isn't one person among the SMB gurus that doesn't know how a W2K client connects to an SMB server. So, if you happen to know even the slightest hint to this baffling problem, I would be forever grateful. OK. Here goes (original subject line was: Why does a W2K (pro) client do more than it is asked to do?) Desperate to find out why connecting to a samba share(on an AIX server) from W2K is so slow, I tried connecting to the same share from a Linux box, using smbclient: smbclient aixserver\\sharedir$ -U lynn The results were amazing. The connection was so MUCH FASTER then connecting from a W2K (pro) workstation: \\aixserver\sharedir$ (in the Start|Run edit box) When I examined the samba log files on the server, I could see why. The log file for the Linux client contained a single entry: [2004/02/23 11:55:35, 1] smbd/service.c:make_connection(636) linuxbox (192.168.0.4) connect to service sharedir$ as user lynn (uid=21776, gid=1) (pid 125438) So clean, so elegant, so beautiful! :) OTOH, the log file for the W2K client contained an entry similar to the above, but was immediately followed by about 30 messages of the form: [2004/02/23 11:59:03, 0] smbd/password.c:user_ok(683) rejected user nobody:3004-302 Your account has expired; please see the system administrator. Now... my question: Why? What does the W2K client do that triggers this barrage of rejected authentications of a user 'nobody' (that is clearly not allowed to enter)? More importantly, is there a way to configure EITHER the W2K client or the Samba server (or both) to not waste time on these unallowed accesses? Since smbclient produces such a clean entry, I would assume the fix must be on the client side (W2K) only. But I would take any advice. :) Please note that I am not allowed (in my corporate environment) to enable the guest account on this machine. Therefore, the solution must not involve enabling the guest account (if there is such a solution). My smb.conf global section has security=user (actually no 'security' entry, it simply takes the default, which is 'user'). The settings of the share are: [sharedir$] comment = %h shared dir path = /home/shared valid users = +sambagrp techsup browseable = No That's it. Any other settings are implied by taking the defaults. User account 'lynn' is a member of the group 'sambagrp' and as you can see from the original posting, it successfully authenticates from both a W2K client and a Linux client. 'techsup' is a special user account (may or may not be a member of 'sambagrp'). I hope this can give further clues to solving the mystery. Thanks in advance, Lynn (Samba 2.2.8a on AIX 5.1) __ Do you Yahoo!? Yahoo! Search - Find what youre looking for faster http://search.yahoo.com -- |...| | _ _|Victor Medina M | |\ \ \| | _ \ / \ |Linux - Java - MySQL | | \ \ \ _| | |_) / _ \ |Dpto. Sistemas - Ferreteria EPA | | / / / |___| __/ ___ \ |[EMAIL PROTECTED] | |/_/_/|_|_| /_/ \_\|ext. 325 - Tél: +58-241-8507325 | ||geek by nature - linux by choice | |...| -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SMB gurus: please help - I am desperate.
On Fri, Mar 05, 2004 at 10:00:33AM -0800, Linux Lover wrote: I apologize up front for re-posting this, but I need to find a solution to this problem. I have been having hard time to believe that there isn't one person among the SMB gurus that doesn't know how a W2K client connects to an SMB server. So, if you happen to know even the slightest hint to this baffling problem, I would be forever grateful. The problem is that the people who know why the Win2k redirector does all these things work at Microsoft. And they're not answering any questions. We know how the protocol works, and why the clients *shouldn't* do these stupid things, but only Microsoft knows why it does. They aren't telling and it seems that no one (including the US DoJ and the EU) can make them tell people why Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SMB gurus: please help - I am desperate.
[2004/02/23 11:59:03, 0] smbd/password.c:user_ok(683) rejected user nobody:3004-302 Your account has expired; please see the system administrator. Have you tried setting up a proper guest account, instead of nobody? Either change the guest account setting in smb.conf or the nobody user on your AIX machine. -- Steven Kurylo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba