# SAMBA: security/permissions/other

## Qweasda

I've used Samba at home for my small network, and was successful with it.

Now I'm trying to set a Samba server up at work on a 200mhz Pentium 128mb server that will be networked to 2 Win2k boxes, a Novell box, and a Redhat 8.0 box.

I got the smb.conf set up correctly I believe, and everything is go. My problem, is when any computer tries to find/connect to it, it doesn't[/code] see it at all. But, the samba.log file throws a bunch of stuff out right when the computer searches for the network. (again they don't ever see it though) This is what the samba.log gets:

```
[2003/03/06 16:09:54, 2] lib/interface.c:add_interface(81)

  added interface ip=168.179.17.108 bcast=168.179.17.127 nmask=255.255.255.192

[2003/03/06 16:09:54, 3] smbd/server.c:main(747)

  loaded services

[2003/03/06 16:09:54, 3] smbd/server.c:main(762)

  Becoming a daemon.

[2003/03/06 16:09:54, 3] lib/util.c:fcntl_lock(1315)

  fcntl_lock: fcntl lock gave errno 11 (Resource temporarily unavailable)

[2003/03/06 16:09:54, 3] lib/util.c:fcntl_lock(1337)

  fcntl_lock: lock failed at offset 0 count 1 op 13 type 0 (Resource temporarily unavailable)

[2003/03/06 16:28:26, 3] param/loadparm.c:init_globals(1272)

  Initialising global parameters

[2003/03/06 16:28:26, 3] param/params.c:pm_process(577)

  params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"

[2003/03/06 16:28:26, 3] param/loadparm.c:do_section(3037)

  Processing section "[global]"

[2003/03/06 16:28:26, 1] lib/debug.c:debug_message(258)

  INFO: Debug class all level = 3   (pid 1713 from pid 1713)

[2003/03/06 16:28:26, 2] param/loadparm.c:do_section(3055)

  Processing section "[pub]"

[2003/03/06 16:28:26, 2] param/loadparm.c:do_section(3055)

  Processing section "[root]"

[2003/03/06 16:28:26, 3] param/loadparm.c:lp_add_ipc(2023)

  adding IPC service IPC$

[2003/03/06 16:28:26, 3] param/loadparm.c:lp_add_ipc(2023)

  adding IPC service ADMIN$

[2003/03/06 16:28:26, 2] lib/interface.c:add_interface(81)

  added interface ip=168.179.17.108 bcast=168.179.17.127 nmask=255.255.255.192

[2003/03/06 16:28:26, 3] smbd/oplock.c:init_oplocks(1211)

  open_oplock_ipc: opening loopback UDP socket.

[2003/03/06 16:28:26, 3] lib/util_sock.c:open_socket_in(813)

  bind succeeded on port 0

[2003/03/06 16:28:26, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(298)

  Linux kernel oplocks enabled

[2003/03/06 16:28:26, 3] smbd/oplock.c:init_oplocks(1242)

  open_oplock ipc: pid = 11536, global_oplock_port = 1027

[2003/03/06 16:28:26, 3] lib/access.c:check_access(318)

  check_access: no hostnames in host allow/deny list.

[2003/03/06 16:28:26, 2] lib/access.c:check_access(329)

  Allowed connection from  (127.0.0.1)

[2003/03/06 16:28:26, 3] smbd/process.c:process_smb(878)

  Transaction 0 of length 72

[2003/03/06 16:28:26, 2] smbd/reply.c:reply_special(92)

  netbios connect: name1=127.0.0.1        name2=REDHAT

[2003/03/06 16:28:26, 2] smbd/reply.c:reply_special(111)

  netbios connect: local=127.0.0.1 remote=redhat

[2003/03/06 16:28:26, 3] smbd/process.c:process_smb(878)

  Transaction 1 of length 168

[2003/03/06 16:28:26, 3] smbd/process.c:switch_message(685)

  switch message SMBnegprot (pid 11536)

[2003/03/06 16:28:26, 3] smbd/sec_ctx.c:set_sec_ctx(329)

  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0

[2003/03/06 16:28:26, 3] smbd/negprot.c:reply_negprot(342)

  Requested protocol [PC NETWORK PROGRAM 1.0]

[2003/03/06 16:28:26, 3] smbd/negprot.c:reply_negprot(342)

  Requested protocol [MICROSOFT NETWORKS 1.03]

[2003/03/06 16:28:26, 3] smbd/negprot.c:reply_negprot(342)

  Requested protocol [MICROSOFT NETWORKS 3.0]

[2003/03/06 16:28:26, 3] smbd/negprot.c:reply_negprot(342)

  Requested protocol [LANMAN1.0]

[2003/03/06 16:28:26, 3] smbd/negprot.c:reply_negprot(342)

  Requested protocol [LM1.2X002]

[2003/03/06 16:28:26, 3] smbd/negprot.c:reply_negprot(342)

  Requested protocol [Samba]

[2003/03/06 16:40:45, 3] smbd/negprot.c:reply_negprot(426)

  Selected protocol NT LANMAN 1.0

[2003/03/06 16:40:45, 3] smbd/process.c:process_smb(878)

  Transaction 2 of length 78

[2003/03/06 16:40:45, 3] smbd/process.c:switch_message(685)

  switch message SMBsesssetupX (pid 11647)

[2003/03/06 16:40:45, 3] smbd/sec_ctx.c:set_sec_ctx(329)

  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0

[2003/03/06 16:40:45, 3] smbd/reply.c:reply_sesssetup_and_X(858)

  Domain=[]  NativeOS=[Unix] NativeLanMan=[Samba]

[2003/03/06 16:40:45, 3] smbd/reply.c:reply_sesssetup_and_X(868)

  sesssetupX:name=[]

[2003/03/06 16:40:45, 3] smbd/process.c:process_smb(878)

  Transaction 3 of length 69

[2003/03/06 16:40:45, 3] smbd/process.c:switch_message(685)

  switch message SMBtconX (pid 11647)

[2003/03/06 16:40:45, 3] smbd/sec_ctx.c:set_sec_ctx(329)

  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0

[2003/03/06 16:40:45, 3] lib/access.c:check_access(318)

  check_access: no hostnames in host allow/deny list.

[2003/03/06 16:40:45, 2] lib/access.c:check_access(329)

  Allowed connection from  (127.0.0.1)

[2003/03/06 16:40:45, 3] smbd/password.c:authorise_login(855)

  authorise_login: ACCEPTED: guest account and guest ok (nobody)

[2003/03/06 16:40:45, 0] smbd/password.c:authorise_login(863)

  authorise_login: rejected invalid user nobody

[2003/03/06 16:40:45, 2] smbd/service.c:make_connection(331)

  Invalid username/password for ipc$ [nobody]

[2003/03/06 16:40:45, 3] smbd/error.c:error_packet(113)

  error packet at smbd/reply.c(166) cmd=117 (SMBtconX) NT_STATUS_WRONG_PASSWORD

[2003/03/06 16:40:45, 3] smbd/process.c:timeout_processing(1098)

  end of file from client

[2003/03/06 16:40:45, 3] smbd/sec_ctx.c:set_sec_ctx(329)

  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0

[2003/03/06 16:40:45, 2] smbd/server.c:exit_server(461)

  Closing connections

[2003/03/06 16:40:45, 3] smbd/connection.c:yield_connection(48)

  Yielding connection to

[2003/03/06 16:40:45, 3] smbd/server.c:exit_server(495)

  Server exit (normal exit)
```

Here's my smb.conf:

```
[global]

netbios name = REDHAT

workgroup = WORKGROUP1

log level = 3

log file = /etc/samba/samba.log

server string = Samba Server

security = share

wins support = yes

hosts allow = 168.179.17.127 168.179.17.73

#   security = user

encrypt passwords = yes

passwd program = /usr/bin/passwd %u

username map = /etc/samba/smbusers

valid users = root user

admin users = root

[pub]

path = /home/samba/public

guest ok = yes

read only = no

comment = Public folder

[user]

comment = user's directory

path = /home/samba/user

guest ok = yes

guest account = user

valid users =

admin users = root,user

force user = user
```

Finally, I'm going to post the results of some troubleshooting commands:

```
[user@localhost user]$ smbclient -L REDHAT

added interface ip=168.179.17.108 bcast=168.179.17.127 nmask=255.255.255.192

wins_srv_died(): Could not mark WINS server 127.0.0.1 down.

Address not found in server list.

Connection to REDHAT failed
```

```
[user@localhost user]$ smbclient //REDHAT/user -Uuser

added interface ip=168.179.17.108 bcast=168.179.17.127 nmask=255.255.255.192

wins_srv_died(): Could not mark WINS server 127.0.0.1 down.

Address not found in server list.

Connection to REDHAT failed
```

```
[user@localhost user]$ nmblookup -M WORKGROUP1

querying WORKGROUP1 on 168.179.17.127

name_query failed to find name WORKGROUP1#1d
```

```
[user@localhost user]$ nmblookup -d 2 REDHAT

added interface ip=168.179.17.108 bcast=168.179.17.127 nmask=255.255.255.192

querying REDHAT on 168.179.17.127

name_query failed to find name REDHAT
```

```
[root@localhost root]# findsmb

                                *=DMB

                                +=LMB

IP ADDR         NETBIOS NAME     WORKGROUP/OS/VERSION

---------------------------------------------------------------------

exit

192.1.1.40      unknown name     Unknown Workgroup

168.179.17.72           WORKSTATION89   [UTNSSWCNT1] [Windows 5.0] [Windows 2000 LAN Manager]

168.179.17.73           SWCENTERNT2    *[UTNSSWCNT1] [Windows NT 4.0] [NT LAN Manager 4.0]

168.179.17.74           WORKSTATION86   [UTNSSWCNT1] [Windows 5.0] [Windows 2000 LAN Manager]

168.179.17.76           BRENDA          [UTNSSWCNT1] [Windows NT 4.0] [NT LAN Manager 4.0]
```

I read through the whole Unoffical Samba HOWTO: [url]http://hr.uoregon.edu/davidrl/samba/ [/url] and did what it says. (this worked great at home) as well as many of the man page items.

Help would be greatly appreciated.Last edited by Qweasda on Fri Mar 07, 2003 4:06 am; edited 1 time in total

----------

## taskara

hmmm... I don't know that I can help you there.. but what have you got on the brain!??

read your post topic again!  :Wink: 

----------

## Qweasda

Ahhh, been a long day ya know.  :Smile: 

*fixed*

----------

## taskara

 :Wink:  hehe... good luck with your samba problem!

----------

## Qweasda

Okay I got that problem solved, so basically all that above is useless. But I got another little problem. I just can't seem to get users and passwords working!

I have the user titles 'user'  set up, the smbpasswd file has the big encrypted information and all, but when I try to go to user's folder (that only he can view) it asks for a password which I can't seem to set in the first place. When I do smbpasswd it says something like "You're not a user of this network, get lost" I'm not sure exactly what it says, I am not at work anymore.

Furthermore, I tried basically the same thing with my root account. This time it accepts me as a user but it still won't set my password. I get something a long the lines of 

"failed to change the password for user root" 

and it also has another line below that, something about NT passwords I think? Sorry I'm so foggy, I should have taken note. :/

So if anyone can show me a real easy way to add users, please tell me.

----------

## taskara

well I used to set it up like this:

add user to local system

run 

```
smbpasswd -a username
```

that would say - that person does not have an entry, I will create one for you. and it was all sweet.

u have to make sure windows is using the same password to log on, as the one you set up in samba.

does this help ?

----------

