Ubuntu Networking :: Samba Server - Authenticate With Passwords?
Jan 2, 2010
True or False: If you have a user on your Linux/Samba machine with a password, example:
User = Bob
Password = Password0
And Bob is on an XP computer, where his username is also Bob and his password is also Password0, is it normal for Bob to go to:
\SambaServer, double click on Bob's share (valid users = Bob only) and Bob get RIGHT in without being prompted?
On my prior setup, the user HAD to log in. If they wanted auto login next time with their credentials, they had to check "remember password." But now it's as if Samba knows who they are. It's very strange. What's the normal behavior? Must EVERYBODY authenticate with passwords, or if the Windows credentials are the same as Samba does it just somehow auto-detect it and allow them through?
View 3 Replies
ADVERTISEMENT
May 3, 2010
We're still using an NT Domain Server, and Samba is already configured properly. But the problem is if the shared folder is configured in samba to be accessed by group and not the domain username, authentication fails even if the user is member of the group.
Example#1: (authentication successful)
[sharedfolder]
valid users = domain+username
Example#2:
[sharedfolder] (authentication fails)
valid users = @domaingroup
Samba version is samba-3.0.33
View 2 Replies
View Related
Feb 17, 2009
Set up a new cluster service for a cifs share. Has these properties:
Service name = cifs_cases
Autostart is checked
name=cases type=GFS Scope=shared
[code]....
View 1 Replies
View Related
Feb 21, 2011
I'm trying to set up the server to at least ask for a password. I can connect to it without any trouble, but so can everyone else.How can I make samba ask for a password?
View 2 Replies
View Related
May 5, 2010
I'm trying to set up a Samba share that's available over the network to a group of users in our institution. Our infrastructure is based on Novell Netware (slowly migrating to OES), and thus our authentication is managed by eDirectory. All our other shares are managed by Netware, but this one lives on a standalone Ubuntu server.
I've succeeded in setting up the share, and users can access it without a problem. The trouble is that currently it only works by treating all users as guest users and giving them the same privileges over the share. Is it possible to get Samba to authenticate users against eDirectory via LDAP? Would I have to get Ubuntu to authenticate against eDirectory, then Samba against Ubuntu, or can Samba do it directly? I've not really worked with LDAP before so I'm unsure where to start.
View 2 Replies
View Related
Dec 8, 2010
So a while back I decided I wanted to get to know Linux a little bit and I figured the most immediately useful thing for me would be a small home server. About this time I discovered plug computers and I eventually bought myself a Guruplug for this purpose - a small, cheap, power-efficient ARM architecture thing running Debian 5.0.6. Since then I've kind of ambled along with the project as and when time permitted (installing, tweaking, scouring manpages and tutorials is fun, but takes a lot of time), and have now finally got a nice big external harddrive formatted as ext3 and hooked up to it. The time seemed right to go for the samba install. I installed from the Debian repository, configured using SWAT and immediately hit problems.
Since the only user is me and the only access to the computer is over SSH, I have few accounts - there's root which I've disabled from access altogether, there's my sudoer account magnus, and there's my new test account magnus-smb. This one is a standard user, and has identical Unix password and samba password (added with smbpasswd). I intend to keep this up with a separate samba-access account - I'm a little paranoid about allowing any kind of access to sudoer accounts and won't even let SSHD accept password based logins.
Setting up samba, I basically tried to make it do as little as I needed to get a local file server going. The only share is homes, and its path goes to my external drive. The drive itself is mounted as rw,noexec,user from fstab.
Now, with all of that set up I'd hoped I'd be able to mount my homes shares and go. This proved not to be the case - if I set encrypted passwords = yes, my Windows 7 clients behave differently. The magnus account connects but can't authenticate - all passwords are rejected. The magnus-smb account is apparently accepted but then receives a "network path not found" error. If I set it to no, both accounts are prevented from even attempting to authenticate, and I get an error message about "this account is not approved for logging on from this station" (translation from Norwegian). I've been searching around but not finding much. I did find one article claiming this was easier after samba 3.3 and discovered that my manpages said samba 3.2. Yesterday I therefore decided to reinstall samba from source, only to find that the current stable release (3.5) also claims to be version 3.2 in it's manpages, so I probably might as well not have bothered. Oh well, at least I've installed something from source now.
My smb.conf:
Code:
# Samba config file created using SWAT
# from UNKNOWN (Q@)
# Date: 2010/12/08 12:59:41
[Code]....
View 3 Replies
View Related
Apr 15, 2011
Google finds several suggestions on how to sync passwords between samba and /etc/shadow (it can't use /etc/sahdow directly). However in my case, there is an existing samba server where users have already set their passwords. Now comes a new samba server on another machine to serve the same set of users. Is there a way to just import the passwords from one samba to another, in "stay encrypted" form (the /etc/shadow can be separately imported). I looked at /var/lib/samba/passdb.tdb but it has the hostname (share name?) coded in it and that might be a confusion to just copy the file in whole.
View 2 Replies
View Related
Jan 11, 2011
How to authenticate Samba server with another LDAP Server.
- I would like to set up samba server(CentOS5 samba version 3.0.33)for sharing directory. WindowXP client will can access to samba if username and password match with username and password of another existing LDAP server.
- I only know URL and DN of LDAP server and can not modify anything on LDAP Server.
- Can I config at samba server for requirement above.
View 2 Replies
View Related
Jun 11, 2010
How to make a Server of LOGIN / PASSWORDS for flexible linux machines? Samba config files for the server and the client. The clients, if no network, shall use the /etc/shadow.
View 10 Replies
View Related
May 13, 2010
The company I work for, as usual, is Microsoft-centric. I'm attempting to integrate my Ubuntu server into the domain to allow domain users to authenticate to the server and access file shares using Samba. Here's my current configuration:
[Code].....
View 9 Replies
View Related
May 14, 2010
I want to make changes on my router bios for my server I have to go to my windows booted laptop rather than just 192.168.1.1 right here at my server. I only have to do a 360 in my chair and I am at my laptop but I don't want to. Everytime I type the gateway ip it reads off the name of my router and looks fine. But I enter my authentication info and it just returns the login window blank... something ubuntu-side?
WRT160v2 linksys wireless N router (Of course I have cat 5 running to my server)
Ubuntu 10.04 LTS running desktop ontop (because I am still learning how to navigate the console)
View 3 Replies
View Related
Sep 28, 2010
I have samba allowing only known users, and on the ubuntu side, I have the folder permission 777. I have the same exact samba smb.conf file(locations of course matching new server), but I can't get it to authenticate with the new server(Old server is up and running too) and I'm lost. I thought I had it figured out when I did my last server, but I seem to be missing something on this one.
View 1 Replies
View Related
Apr 1, 2011
First, like a dummy I did not backup the Samba config file before making changes. Using openSUSE as ftp and http server, was following tutorial to share between openSUSE and windows. I was using VNC to access machine to edit Samba config file, after altering the the file VNC authenication fails. I can still authenicate locally and through the ftp.
View 1 Replies
View Related
May 10, 2010
I've just installed 10.04 x64 and I've had some problems with samba (cifs/windows file sharing). It seems like samba is forgetting user passwords, so on every reboot I have to add a password for the user that needs access: sudo smbpasswd -a tietze
I've tried restarting samba (sudo service sbmd restart), but it does not work. I have to add a new password for the user with the command above.
I tried to google a bit for a solution, but only found the following thread with a problem that seems related: [other] Samba forgets user
making samba remember passwords betweeen reboots/shutdowns?
View 1 Replies
View Related
Apr 10, 2011
Although my smb.conf file cites /etc/samba/smbpasswd as the password file, I see that it is not in some database file. Since smb.conf doesn't seem to look anywhere else but /etc/samba/smbpasswd, how can I direct it to the new password scheme. At least this is what I find when using SWAT to display the smb.conf file contents.This seems to be preventing my windows client having access to shared printers, but yet, not shared files.
View 2 Replies
View Related
May 22, 2009
I had an older fedora box (I think it was Core 3) that acted as my file server in my small network (4). It worked fine when I had all XP clients connecting to it. Recently we decided to get all new computers. So now I have a fedora 10 box acting as my file/print server and all Vista Home premium computers as the clients. For the life of me I can not get samba to work. When I try to map the network drives on windows it will not let me authenticate. I install swat and try it that way, still no luck. Here is a copy of my smb.conf file:
Code:
# Samba config file created using SWAT
# from UNKNOWN
# Date: 2009/05/19 21:47:31
[global]
workgroup = AIVILANET
server string = Bighat Samba Server
interfaces = eth0
null passwords = Yes
smb passwd file = /etc/samba/smbpasswd
passdb backend = tdbsam
username map = /etc/samba/smbusers
syslog only = Yes
announce version = 5.0
name resolve order = hosts wins bcast
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192
printcap name = CUPS
wins support = Yes
[HP-LaserJet-1200]
comment = HP LaserJet 1200
path = /var/spool/samba
read only = No
printable = Yes
printer name = HP-LaserJet-1200
oplocks = No
share modes = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
[home]
path = /home/savona/
username = savona
valid users = @Users
admin users = savona
write list = savona
force user = savona
force group = savona
read only = No
hosts allow = 10.0.0.2
View 8 Replies
View Related
Aug 3, 2011
Intent is to use samba+winbind to authenticate Ubuntu desktop against a Windows 2008 R2 domain (seems like I was able to get it working temporarily but it stopped working after some time). Quick overview of the issue: winbind is failing to lookup group ID's for a domain user causing the domain user to receive group errors on login and an inability to use domain groups in other configuration (sudoers, etc)
- Very basic install, boot to Ubuntu Desktop 10.04 LTS 64bit install, basic install options, perform software updates
- Following an Ubuntu AD HowTo [URL]
- Install kerberos, samba, winbind packages
- Make changes to krb5.conf, smb.conf, files in pam.d/ (to make the home directory and restrict login based on group membership, which works even in the half-working state but requires SID instead of text name)
After a reboot I can login as a domain account but I get the following error(s):
groups: cannot find name for group ID #####
##### is usually a number that ranges from 10000 to 10020, based on the smb.conf line regarding idmap I will get multiple group errors (one for each group that the user belongs to that winbind can't lookup for whatever reason, some groups can be resolved - see below) If I log-out and then log-in as a local user I can run the following command: id username The output returns something similar to the following:
uid=10002(username) gid=10003(domain users) groups=10003(domain users),10033,10032,10031,10030,10029,10028,10027,1 0026,10025,10024,10023,10022,10021(some group),10020,10019,10018(some other group),10017,10016,10015,10014,10013,10012,10011(s ome other other group),10010,10009,10008,10007
On a working system (Ubuntu 10.10 and when 10.04 decides to work) each group is followed by parenthesis' and the name of the group, this result clearly shows that some groups can be looked up but for some reason other groups are failing An output of /var/log/samba/log.winbind produces the following entries (that are logged when you run the id command)
[2011/08/03 19:04:39, 1] winbindd/winbindd_ads.c:1137(lookup_groupmem)
lsa_lookupsids call failed with NT_STATUS_PIPE_BROKEN - retrying...
[2011/08/03 19:04:39, 1] winbindd/winbindd_ads.c:1137(lookup_groupmem)
lsa_lookupsids call failed with NT_STATUS_PIPE_BROKEN - retrying...
The above repeats for what looks to be each group that fails (based on count of entries)If I use wbinfo I can resolve text group name to SID and SID to GID
wbinfo -n groupname (returns proper SID)
wbinfo -s SID (returns proper text group name)
wbinfo -Y SID (returns proper linux mapped group ID)
Following that process for a group that my user belongs to that is not resolving (via the id username command) will return the group ID (GID) properly (even though id username fails to lookup info for that same GID) Version Information:
uname -a
Linux hostname 2.6.32-33-generic #71-Ubuntu SMP Wed Jul 20 17:27:30 UTC 2011 x86_64 GNU/Linux
lsb_release -a
No LSB modules are available.
[code]....
View 3 Replies
View Related
Feb 9, 2010
So I've set up a Samba server through the gui. When I've labeled my shares as accessible to everyone, I can get to it no problem. However, when I tie it down to a specific samba user, I can't.
By all indications, it appears that it isn't saving the password because every time I go to edit users, it has the exact same string in the password field.
View 1 Replies
View Related
May 4, 2010
Attempting to set up a Samba network from my SuSE 11.2 desktop to a windows laptop. Using YaST, a Samba server has been created, and allow users to share has been clicked. Identity is not a domain controller. no trusted domains have been set, and no LDAP settings have been set.
Right now, each computer can see the other over the network. When clicking on the network from windows, a window pops up requesting a user and password.
Konqueror sees both computers under smb://. It also has a window that pops up requesting user name and password. Where do I set up these user names and pass words?
View 2 Replies
View Related
Jan 7, 2010
I wonder if it is possible to have two passwords for one user account in 9.10. I have a long login password (5 words about 45 characters with spaces caps). I would like to set a shorter password for Authentication, sudo, etc. While retaining the original for logging in.In short:Have long password to login to computer.Have short password for everything after login.
View 6 Replies
View Related
Feb 15, 2010
Don't worry, I know - that title probably makes this question seem way more complicated than it actually is. Here's the situation: I have a server running SLES10 with a samba share set up on it. I created a username in Samba and Linux for myself, can access the share, permissions are fine, yadda yadda. Now I want to give about 100 more people access to it.
I have active directory running which users log into and I'd like them to be able to use their active directory passwords to authenticate to the share, rather than have me create 100 individual Samba/Linux accounts. In the future the AD server will be changing over to server 2008 but I'll cross that bridge when I get there. It would be equally effective if I could pull AD passwords from AD and "auto-create" the associated Linux/Samba users. Any ideas or could someone point in the right direction?
View 5 Replies
View Related
Feb 8, 2010
I need to know is there any way to record or tracking or make logging if when user samba delete files or folders i can know that, cause sometimeon samba server some users complain they lost files, though i have daily backup and i can restore their files, i just want to know if or maybe some other users in one group accidentally move or delete the files.
View 1 Replies
View Related
Jan 27, 2011
When I run:Quote:mount -t davfs http://xxxx/webdav /home/USER1I get:Quote:Please enter the username to authenticate with serverhttp://xxxx/webdav or hit enter for none.
Username: USER1
Please enter the password to authenticate user USER1 with server
http://xxxx/webdav or hit enter for none.
[code]....
View 2 Replies
View Related
Mar 16, 2010
Im using linux (Suse 11.1) on my laptop in my new job, however I need to set up my accounts and any account to authenticate using the existing windows ADC server.
What do i need to do precisely. I have kerberos & Samba installed. Do i need both of them or can I just go ahead and set up one.
View 1 Replies
View Related
May 13, 2010
I'm on ubuntu 10.4 and Cant seem to falsely authenticate myself with my AP. I am trying to break a wep key on one of my older linksys routers; It continues to say this:
Code:
root@kevin-laptop:/home/kevin# aireplay-ng -1 1 -a xx:xx:xx:xx:xx:xx mon1
No source MAC (-h) specified. Using the device MAC (xx:xx:xx:xx:xx:xx)
11:39:16 Waiting for beacon frame (BSSID: xx:xx:xx:xx:xx:xx) on channel 6
11:39:16 Sending Authentication Request (Open System) [ACK]
11:39:18 Sending Authentication Request (Open System) [ACK]
11:39:20 Sending Authentication Request (Open System) [ACK]
11:39:22 Sending Authentication Request (Open System) [ACK]
11:39:24 Sending Authentication Request (Open System) [ACK]
11:39:26 Sending Authentication Request (Open System) [ACK]
11:39:28 Sending Authentication Request (Open System) [ACK]
11:39:30 Sending Authentication Request (Open System) [ACK]
11:39:32 Sending Authentication Request (Open System) [ACK]
11:39:34 Sending Authentication Request (Open System) [ACK]
11:39:36 Sending Authentication Request (Open System) [ACK]
11:39:38 Sending Authentication Request (Open System) [ACK]
11:39:40 Sending Authentication Request (Open System) [ACK]
11:39:42 Sending Authentication Request (Open System) [ACK]
11:39:44 Sending Authentication Request (Open System) [ACK]
11:39:46 Sending Authentication Request (Open System) [ACK]
Attack was unsuccessful. Possible reasons:
* Perhaps MAC address filtering is enabled.
* Check that the BSSID (-a option) is correct.
* Try to change the number of packets (-o option).
* The driver/card doesn't support injection.
* This attack sometimes fails against some APs.
* The card is not on the same channel as the AP.
* You're too far from the AP. Get closer, or lower the transmit rate.
root@kevin-laptop:/home/kevin#
I'm using an eeepc 701 it has an Atheros card and does injection. I have also tried it with backrack 4 and it works perfectly (it falsely authenticates with the ap and decrypts the wep key) I just cant seem to get it to work on ubuntu 10.4. Could it be a kernel issue? I found out that there is a bug in the new(er) kernel(s). If you use an older kernel (I used 2.6.31-14 which can be found here) and it magically works.
View 8 Replies
View Related
Aug 22, 2010
I have a TP-Link Atheros-based USB card: TL-WN422G. It's listed widely as being compatible, but I'm baffled if I can make it work. I'm running an ndiswrapper (XP-64) driver, and that seems to be loaded and recognizing the hardware correctly. The system can scan and correctly identify our network, and other nearby ones, but when the WPA key is entered (correctly, I've triple checked), the "Secrets" windows just keeps popping up and no IP is acquired. I've installed and tried to configure it with wpa-supplicant, all to no avail.
I've attached below list of various outputs that I've looked at.
Ubuntu 10.04.1 LTS (Kubuntu); 2.6.32-24-server x86_64
output of lsusb
Bus 002 Device 002: ID 0040:073d
Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 001 Device 003: ID 0413:6029 Leadtek Research, Inc.
Bus 001 Device 002: ID 0cf3:1006 Atheros Communications, Inc.
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root .....
View 4 Replies
View Related
Jul 31, 2010
I'm using Ldap to authenticate some services in my company, but from a few days, i finds some errors saying
Quote:
I'm using webmin to manage its servces.
View 4 Replies
View Related
Jul 7, 2010
I don't know what happened but sendmail suddenly stopped authenticate my users who tries to send mail.
I use slackware 13.0 and sendmail for SMTP with ssl and plain authentication. Imapd works fine.
There is nothing in logs just that the client did not issue MAIL/EXPN/VRFY/ETRN during connection.
View 9 Replies
View Related
Feb 19, 2009
I'm trying to expand my Courier+MySQL+Postfix+PostfixAdmin server to use SASL logins on Postfix so I can relay on my server. After following several guides I still can't get it to work: Postfix logs show the user transcript and end with "Authentication failure" but it does not tell me what told it that the login failed. The messages log show this:
Feb 19 22:48:55 sportlaan-server saslauthd[7254]: do_auth : auth failure: [user=berend] [service=smtp] [realm=mydomain.com] [mech=pam] [reason=PAM auth error] Which I don't get because I don't think it should be using PAM... I think...
The setup is similar to this one: http://www.howtoforge.org/virtual_users_postfix_courier_mailscanner_clamav_centos_p6
My SASL config has this in it:
/usr/lib/sasl2/smtpd.conf
pwcheck_method: saslauthd
log_level: 3
authdaemond_path: /var/spool/authdaemon/socket
mech_list: plain login
View 2 Replies
View Related
Jun 6, 2010
however, until this morning I had only been using my wired connection with no problems but when I tried to connect to my home's WPA secured wireless network, it just would not connect. The network manager sees the network and when I click on it, a window pops up asking for authentication. I enter the passphrase, but still it will not connect. I'm using a Lenovo X61 LAPTOP (not tablet).
View 5 Replies
View Related
