# Samba + XP Pro

## jbiggs77

Here is my setup:  I have 3 boxes behind a D-Link 614+ Router.  1 Gentoo Server, 1 Gentoo Laptop and 1 Windows XP Desktop.  I am trying to set up Samba on the server so that I can access the files on the other two machines.  

However, I can't seem to get the XP box to connect.  I have read some stuff about maybe needing a registry hack b/c of XP Pro's password encryption.  Is this true or am I just overlooking something somewhere?

----------

## kill_switch

have you set encrypt passwords = yes ?

This schould solve the problem.

----------

## jbiggs77

Yeah I have that set, that's the problem.  I have read a few other threads where people say they can connect to Samba from XP Home but not Pro because the encryption is different.

----------

## tam1138

Both Windows XP and 2K require this registry hack to log onto Samba domains:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netlogon\parameters

"RequireSignOrSeal"=dword:00000000

Furthermore, if you want to use Samba to serve roaming profiles, you need the hack described here under XP Pro.

----------

## jbiggs77

Awesome, I can connect to the shares now with the security set to share.  When I change it to user security, though, it tells me I don't have permission to access it.

I have added my user name and password that I use on my XP box to the Samba password file, is there something else I need to do in XP so I can access it now?

Edit:  When I try to access it a box pops up with my user name in it.  I input my password, then another box keeps popping up that has myserver\Guest as the user name.

----------

## tam1138

Have you implemented the registry hack I described above?  If you have and it still doesn't work, it would help to see your smb.conf.

----------

## jbiggs77

Yes I did the registry hack, that is what got it working with the security set to share.  Here is my smb.conf:

[global]

    workgroup = WORKGROUP

    encrypt passwords = yes

    security = user

    netbios name = myserver

[tmp]

    path = /tmp/pub

    public = no

    writable = no

    guest ok = no

----------

## tam1138

I would add these lines to your smb.conf; they will cause samba to generate a separate log file for each machine in /var/log/smb.  Log level 1 is probably sufficient for now, they will hopefully provide some insight into exactly what is failing.

```
log file          = /var/log/smb/%m.log

log level         = 1

max log size      = 128
```

Also, I assume the "writable" line in your posted smb.conf is a typo and not a cut and paste?

----------

## jbiggs77

Here is what is coming up in the log file for the xp machine:

[2003/11/19 15:41:53,0]passdb/pdb_smbpasswd.c:pdb_getsampwnam(1369)

    unable to open passdb database.

And in the log.smbd is has a bunch of:

[2003/11/19 15:50:15,0] lib/access.c:check_access(333)

   Denied connection from (192.168.0.103)

Which is the XP box, so I'm not sure what is going on.

----------

## tam1138

I'm not sure where Gentoo's samba installs the password file, but try adding a line like this to your smb.conf:

```
smb passwd file = /path/to/smbpasswd
```

(That's "smbpasswd" the password data file, not "smbpasswd" the program you use to set samba passwords.)

----------

## jbiggs77

Still giving me the same thing.  The guest box just keeps popping up.

----------

## compuboy86

To tell you the truth, I have no idea what is wrong with your file, HOWEVER, install/setup swat and your problems go away.  I was having the same problem with XP connecting to a samba share but somewhere in the global section, swat added something I was missing.  What I have setup now is my samba server with four shares plus a home directory.  Here is my smb.conf:

[global]

        workgroup = FAMILY

        netbios name = SOL

        server string = Fileserver

        security = SHARE

        encrypt passwords = Yes

        null passwords = Yes

        log level = 3

        log file = /var/log/samba/log.%m

        max log size = 50

        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

        preferred master = Yes

        domain master = Yes

        dns proxy = No

#       wins server = 127.0.0.1

        message command = /usr/bin/linpopup "%f" "%m" %s; rm %s

        remote announce = 192.168.1.255

        admin users = thomsonac

        write list = thomsonac

        printer admin = thomsonac

 hosts allow = 192.168.1.  127.

[homes]

        comment = %U's Home Directory

        read only = No

        browseable = No

[MP3s]

        comment = Music

        path = /mnt/shared/MP3s

        guest ok = Yes

        fstype = FAT

[Movies]

        comment = Movies

        path = /mnt/shared/Movies

        guest ok = Yes

        fstype = FAT

[Programs]

        comment = Programs

        path = /mnt/shared/Programs

        guest ok = Yes

        fstype = FAT

[Misc]

        comment = Misc

        path = /mnt/shared/Misc

        guest ok = Yes

        fstype = FAT

With my user (thomsonac) logged into WinXP with the same password as the smbpasswd file, I can browse and modify (add/delete/rename) any of the shares.  Other users can browse the shares but cannot change anything.  Hope this helps!

----------

## jbiggs77

I tried "emerge swat", which didn't work and also searched for it in emerge.  Is it something that comes with Samba?  If so, how do I set it up?

Thanks for the help!

----------

## Xiderpunk

Here is my working samba config, with samba running as a primary domain controller for windows xp/2000 and linux clients.

Please ignore the LDAP stuff (ldap is DEFINATELY not the route you should take unless you have many many users).

```

[global]

# Network Settings

socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192

hosts allow = 127.0.0.1 192.168.1.0/255.255.255.0

wins support = yes

netbios name = ANGEL

server string = Samba PDC running %v

workgroup = TOADWEB.NET

os level = 64

name resolve order = wins host lmhosts

unix charset = ISO8859-1

time server = yes

# User logons

logon path = \\%L\profiles\%U

#add user script = /usr/sbin/useradd/ -d /dev/null -g machines -s /bin/false -M %u

add machine script = /usr/sbin/useradd/ -d /dev/null/ -g machines -s /bin/false -M %u

# Logging

log file = /var/log/samba/log.%m

max log size = 50

log level = 2

# Domain settings

domain master = yes

preferred master = yes

local master = yes

domain logons = yes

security = user

# LDAP settings

ldap admin dn = "cn=Manager,dc=toadweb,dc=net"

ldap ssl = on

ldap delete dn = no

ldap user suffix = ou=People

ldap group suffix = ou=Group

ldap machine suffix = cn=machines,ou=Group

ldap suffix = ou=People,dc=toadweb,dc=net

ldap filter = (&(uid=%u) (objectclass=sambaSamAccount))

ldap passwd sync = yes

# Authentication

passdb backend = ldapsam:ldaps://ldap.local.toadweb.net

idmap backend = ldapsam:ldaps://ldap.local.toadweb.net

pam password change = yes

obey pam restrictions = yes

encrypt passwords = yes

passwd program = /usr/bin/passwd %u

unix password sync = yes

passwd chat = *New*UNIX*password %n\n *Retype*new*UNIX*password %n\n *Enter*new*UNIX*password %n\n *Retype*new*UNIX*pa$

[homes]

comment = Home Directories

browseable = no

writeable = yes

[profiles]

path = /home/samba/profiles

browseable = no

writeable = yes

create mask = 0600

directory mask = 0700

profile acls = yes

csc policy = disable

[NetShare]

delete readonly = yes

writeable = yes

path = /net/SHARE/Net.Share

comment = Network Files

valid users = @users

create mask = 0660

directory mask = 0770

[Client_Work]

path = /net/SHARE/Client_work

writeable = yes

delete readonly = yes

sync always = yes

comment = Shared working folders

valid users = @users

create mask = 0660

directory mask = 0770

[Accounts]

path = /net/SHARE/Accounts

writeable = yes

delete readonly = yes

sync always = yes

comment = Toadweb Accounts

valid users = @admins

create mask = 0600

directory mask = 0700

*snipped out many other shares*

```

This is for a Samba 3.0.0 server incidentally, however the config on the most part is good for 2.8.0.

Remember also to use 'testparm' to check your config for any mistakes.

----------

## Floggy

Hmn.

You say a box with your username in it pops up... did you give that user a samba password using 

```
smbpasswd -a <username>
```

If not, try that... *g*

swat is the webinterface for samba... to use that on gentoo, i guess you need to start xinetd (emerge it, if you haven't already), change "disable = yes" in /etc/xinetd.d/swat to "disable = no", setup a password for root, using 

```
smbpasswd -a root
```

 and finally typing http://localhost:901 into your webbrowser... login as root, using the password you gave smbpasswd for him and then... maybe you'll be happy  :Wink: 

----------

## compuboy86

Great mini-howto on it.  Search the forums for swat and howto

----------

## spyder

How to Enable WinXP to Join a Samba Domain

The following steps have to be done with an administrator or a member of the Administrator group.  These steps must be done before joining the Samba Domain:

-start Administrative tools (start/ settings/ control panel/ Administrative Tools

-in the Local Security Policy open Local Policies and then security options.

Disable the following entries:

    Domain member:  Digitally encrypt or sign secure channel data (Always)

    Domain member:  Digitally encrypt secure channel data (when possible)

    Domain member:  Digitally sign secure channel data (when possible)

    Domain member:  Require strong (Windows 2000 or later) session key

In the Group Policy Editor (c:\windows\systems32\gpedit.msc) enable the following entries:

Computer Configuration\Administrative Templates\System\User Profiles\ do not check for user ownership of roaming profiles folder.

Now Windows XP is ready to join the Samba Domain.

samba 3.0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters]

"DisablePasswordChange"=dword:00000000

"maximumpasswordage"=dword:0000001e

"requiresignorseal"=dword:00000000

"requirestrongkey"=dword:00000000

"sealsecurechannel"=dword:00000001

"signsecurechannel"=dword:00000001

"Update"="no"

these are my notes.. i haven't organized them.. pull what you can from this

----------

## bch

I have Windows XP connecting to my Samba 3.0 PDC without the registry hacks. The important step I didnt see mentioned is that you need to have a machine account added to the /etc/passwd file for each XP box that will connect.

What exactly are these registry hacks supposed to do?

I log in just fine. My scripts are run. The only problem I am having is that I have long time delays when accessing shares with XP. Seems to almost hang.

----------

## sethleon

I just found out something,   :Very Happy: 

setting the following enables full UTF-8 support

for file names in samba including unicode chars (ü,ö,ä,...,вааывафы):

in /etc/samba/smb.conf:

```
dos charset = uft8

unix charset = utf8
```

----------

