# Samba problems connecting



## Crotalus (Sep 30, 2011)

I am not able to connect to Samba either through the network places or trying to map a drive from a Windows XP client. I hope that there is someone out there thay can help me. I have deleted the package and re added, did a portupgrade all with the same results. I have added a snippet of one of the log files. All the other log files shows nothing out of the ordinary. When I attempt to access it with the network places I get the error that I am not authorized and the server is not accessible. When I try to map a drive I get the window asking for a user and password which none of them work. I have Guest setup and the nobody.


```
Samba version 3.5.6
PID     Username      Group         Machine                        
-------------------------------------------------------------------
 <processes do not show up in anonymous mode>

Service      pid     machine       Connected at
-------------------------------------------------------

No locked files

Prometheus#
```

Here is the conf file.

```
Prometheus# testparm
Load smb config files from /usr/local/etc/smb.conf
max_open_files: sysctl_max (11095) below minimum Windows limit (16384)
rlimit_max: rlimit_max (11095) below minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[printers]"
Processing section "[public]"
Processing section "[Movies]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
[global]
        workgroup = GROUP1
        server string = Samba Server
        security = SHARE
        encrypt passwords = No
        map to guest = Bad User
        null passwords = Yes
        smb passwd file = /usr/local/bin
        log level = 3
        log file = /var/log/samba.log.%m
        max log size = 50
        smb ports = 139
        dns proxy = No
        hosts allow = 192.168.20., 127.

[homes]
        comment = Home directory for %u on %h
        path = /usr/home/%u/Docs
        valid users = %S
        read only = No
        browseable = No

[printers]
        comment = All Printers
        path = /var/spool/samba
        printable = Yes
        browseable = No

[public]
        comment = %h Shared Public Directory
        path = /storage2/public
        force user = nobody
        force group = nobody
        read only = No
        force create mode = 0666
        force directory mode = 0777
        guest ok = Yes

[Movies]
        comment = %h Shared Public Directory
        path = /storage3/Movies
        force user = nobody
        force group = nobody
        read only = No
        force create mode = 0666
        force directory mode = 0777
        guest ok = Yes
Prometheus#
```

Here is the log generated by the Windows client in attempting to map a drive(public). I have highlighted what I believe to be the problem. I have not found a solution on the internet.

 samba.log.192.168.20.201

```
[2011/09/29 15:04:00.909693,  6] param/loadparm.c:7133(lp_file_list_changed)
  lp_file_list_changed()
  file /usr/local/etc/smb.conf -> /usr/local/etc/smb.conf  last mod_time: Thu Sep 29 15:03:38 2011  
[color="Magenta"][B][2011/09/29 15:04:00.909754,  3] lib/access.c:362(only_ipaddrs_in_list)
  only_ipaddrs_in_list: list has non-ip address (192.168.20.)
[2011/09/29 15:04:00.909770,  3] lib/access.c:396(check_access)
  check_access: hostnames in host allow/deny list.
[2011/09/29 15:04:00.926921,  2] lib/access.c:406(check_access)
  Allowed connection from 192.168.20.201 (192.168.20.201)[/B][/color]
[2011/09/29 15:04:00.927033,  3] smbd/oplock.c:895(init_oplocks)
  init_oplocks: initializing messages.
[2011/09/29 15:04:00.927054,  5] lib/messages.c:329(messaging_deregister)
  Deregistering messaging pointer for type 1 - private_data=0x0
[2011/09/29 15:04:00.927078, 11] lib/events.c:313(s3_event_debug)
  s3_event: Added timed event "smbd_idle_event_handler": 0x8032122d0
[2011/09/29 15:04:00.927104, 10] smbd/process.c:740(event_add_idle)
  event_add_idle: idle_evt(keepalive) 0x8032122d0
[2011/09/29 15:04:00.927124, 11] lib/events.c:313(s3_event_debug)
  s3_event: Added timed event "smbd_idle_event_handler": 0x803212390
[2011/09/29 15:04:00.927161, 10] smbd/process.c:740(event_add_idle)
  event_add_idle: idle_evt(deadtime) 0x803212390
[2011/09/29 15:04:00.927180, 11] lib/events.c:313(s3_event_debug)
  s3_event: Added timed event "smbd_idle_event_handler": 0x803212450
[2011/09/29 15:04:00.927194, 10] smbd/process.c:740(event_add_idle)
  event_add_idle: idle_evt(housekeeping) 0x803212450
[2011/09/29 15:04:00.927266, 10] lib/util_sock.c:726(read_smb_length_return_keepalive)
  got smb length of 68
[2011/09/29 15:04:00.927287,  6] smbd/process.c:1482(process_smb)
  got message type 0x81 of len 0x44
[2011/09/29 15:04:00.927303,  3] smbd/process.c:1485(process_smb)
  Transaction 0 of length 72 (0 toread)
[2011/09/29 15:04:00.927322,  2] smbd/reply.c:554(reply_special)
  netbios connect: name1=PROMETHEUS     0x20 name2=ZEUS           0x0
[2011/09/29 15:04:00.927357,  2] smbd/reply.c:565(reply_special)
  netbios connect: local=prometheus remote=zeus, name type = 0
[2011/09/29 15:04:00.927373,  5] lib/username.c:133(Get_Pwnam_alloc)
  Finding user zeus
[2011/09/29 15:04:00.927387,  5] lib/username.c:77(Get_Pwnam_internals)
  Trying _Get_Pwnam(), username as lowercase is zeus
[2011/09/29 15:04:00.927599,  5] lib/username.c:95(Get_Pwnam_internals)
  Trying _Get_Pwnam(), username as uppercase is ZEUS
[2011/09/29 15:04:00.927671,  5] lib/username.c:104(Get_Pwnam_internals)
  Checking combinations of 0 uppercase letters in zeus
[2011/09/29 15:04:00.927687,  5] lib/username.c:110(Get_Pwnam_internals)
  Get_Pwnam_internals didn't find user [zeus]!
[2011/09/29 15:04:00.938519,  6] param/loadparm.c:7133(lp_file_list_changed)
  lp_file_list_changed()
  file /usr/local/etc/smb.conf -> /usr/local/etc/smb.conf  last mod_time: Thu Sep 29 15:03:38 2011
  
[2011/09/29 15:04:00.938582,  3] lib/access.c:362(only_ipaddrs_in_list)
  only_ipaddrs_in_list: list has non-ip address (192.168.20.)
[2011/09/29 15:04:00.938598,  3] lib/access.c:396(check_access)
  check_access: hostnames in host allow/deny list.
[2011/09/29 15:04:00.956838,  2] lib/access.c:406(check_access)
  Allowed connection from 192.168.20.201 (192.168.20.201)
[2011/09/29 15:04:00.957003,  3] smbd/oplock.c:895(init_oplocks)
  init_oplocks: initializing messages.
[2011/09/29 15:04:00.957023,  5] lib/messages.c:329(messaging_deregister)
  Deregistering messaging pointer for type 1 - private_data=0x0
[2011/09/29 15:04:00.957048, 11] lib/events.c:313(s3_event_debug)
  s3_event: Added timed event "smbd_idle_event_handler": 0x8032122d0
[2011/09/29 15:04:00.957073, 10] smbd/process.c:740(event_add_idle)
  event_add_idle: idle_evt(keepalive) 0x8032122d0
[2011/09/29 15:04:00.957093, 11] lib/events.c:313(s3_event_debug)
  s3_event: Added timed event "smbd_idle_event_handler": 0x803212390
[2011/09/29 15:04:00.957106, 10] smbd/process.c:740(event_add_idle)
  event_add_idle: idle_evt(deadtime) 0x803212390
[2011/09/29 15:04:00.957124, 11] lib/events.c:313(s3_event_debug)
  s3_event: Added timed event "smbd_idle_event_handler": 0x803212450
[2011/09/29 15:04:00.957137, 10] smbd/process.c:740(event_add_idle)
  event_add_idle: idle_evt(housekeeping) 0x803212450
[2011/09/29 15:04:00.957211, 10] lib/util_sock.c:726(read_smb_length_return_keepalive)
  got smb length of 68
[2011/09/29 15:04:00.957232,  6] smbd/process.c:1482(process_smb)
  got message type 0x81 of len 0x44
[2011/09/29 15:04:00.957247,  3] smbd/process.c:1485(process_smb)
  Transaction 0 of length 72 (0 toread)
[2011/09/29 15:04:00.957266,  2] smbd/reply.c:554(reply_special)
  netbios connect: name1=PROMETHEUS     0x20 name2=ZEUS           0x0
[2011/09/29 15:04:00.957301,  2] smbd/reply.c:565(reply_special)
  netbios connect: local=prometheus remote=zeus, name type = 0
[2011/09/29 15:04:00.957317,  5] lib/username.c:133(Get_Pwnam_alloc)
  Finding user zeus
[2011/09/29 15:04:00.957331,  5] lib/username.c:77(Get_Pwnam_internals)
  Trying _Get_Pwnam(), username as lowercase is zeus
[2011/09/29 15:04:00.957557,  5] lib/username.c:95(Get_Pwnam_internals)
  Trying _Get_Pwnam(), username as uppercase is ZEUS
[2011/09/29 15:04:00.957628,  5] lib/username.c:104(Get_Pwnam_internals)
  Checking combinations of 0 uppercase letters in zeus
[2011/09/29 15:04:00.957661,  5] lib/username.c:110(Get_Pwnam_internals)
  Get_Pwnam_internals didn't find user [zeus]!
```

Does anybody have any ideas what I am doing wrong? Any help would be greatly appreciated.

Keith


----------



## Crotalus (Oct 1, 2011)

I found this in a book on Samba;

"A common question is why two logfiles are created for each client machine when the logfile is defined as _log.%m_. The reason is the use of port 445 by the newer Windows operating systems. When a new connection is received on port 445, the %m can be expanded only to the client's IP address. After the client transmits its name as part of the authentication process (SMBsessetup&X), Samba can resubstitute the %m variable with the real machine name and reopen the expected log filename."

I have included both logs with an interesting last entry in the zeus log which I highlighted.

The 192.168.20.201 log would indicate that the connection has been established as the third entry would indicate. Also when attempting to map a drive the shares do show in the drop down window. This leads me to believe that I have an authentication problem. Assuming the following; user "nobody" is defined in FreeBSD, Samba, and Windows with a null password in all environments. 

My question is when the screen pops up requiring the user name and password what should be entered in order to connect to the shares? What other places can I look at to troubleshoot this problem?

Do I have a problem with Samba or with Windows or both?


 /var/log/samba.log.192.168.20.201

```
[color="Magenta"][2011/10/01 10:38:46.924307,  3] lib/access.c:362(only_ipaddrs_in_list)
  only_ipaddrs_in_list: list has non-ip address (192.168.20.)
[2011/10/01 10:38:46.924368,  3] lib/access.c:396(check_access)
  check_access: hostnames in host allow/deny list.[/color]
[color="Red"][2011/10/01 10:38:46.942952,  2] lib/access.c:406(check_access)
  Allowed connection from 192.168.20.201 (192.168.20.201)[/color]
[2011/10/01 10:38:46.943061,  3] smbd/oplock.c:895(init_oplocks)
  init_oplocks: initializing messages.
[2011/10/01 10:38:46.943174,  3] smbd/process.c:1485(process_smb)
  Transaction 0 of length 72 (0 toread)
[2011/10/01 10:38:46.943196,  2] smbd/reply.c:554(reply_special)
  netbios connect: name1=PROMETHEUS     0x20 name2=ZEUS           0x0
[2011/10/01 10:38:46.943231,  2] smbd/reply.c:565(reply_special)
  netbios connect: local=prometheus remote=zeus, name type = 0
[2011/10/01 10:38:46.953618,  3] lib/access.c:362(only_ipaddrs_in_list)
  only_ipaddrs_in_list: list has non-ip address (192.168.20.)
[2011/10/01 10:38:46.953692,  3] lib/access.c:396(check_access)
  check_access: hostnames in host allow/deny list.
[2011/10/01 10:38:46.972189,  2] lib/access.c:406(check_access)
  Allowed connection from 192.168.20.201 (192.168.20.201)
[2011/10/01 10:38:46.972309,  3] smbd/oplock.c:895(init_oplocks)
  init_oplocks: initializing messages.
[2011/10/01 10:38:46.972421,  3] smbd/process.c:1485(process_smb)
  Transaction 0 of length 72 (0 toread)
[2011/10/01 10:38:46.972444,  2] smbd/reply.c:554(reply_special)
  netbios connect: name1=PROMETHEUS     0x20 name2=ZEUS           0x0
[2011/10/01 10:38:46.972480,  2] smbd/reply.c:565(reply_special)
  netbios connect: local=prometheus remote=zeus, name type = 0
```
/var/log/samba.log.zeus

```
[2011/10/01 10:38:46.943800,  3] smbd/process.c:1485(process_smb)
  Transaction 0 of length 137 (0 toread)
[2011/10/01 10:38:46.943835,  3] smbd/process.c:1294(switch_message)
  switch message SMBnegprot (pid 28819) conn 0x0
[2011/10/01 10:38:46.943851,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2011/10/01 10:38:46.943907,  3] smbd/negprot.c:586(reply_negprot)
  Requested protocol [PC NETWORK PROGRAM 1.0]
[2011/10/01 10:38:46.943923,  3] smbd/negprot.c:586(reply_negprot)
  Requested protocol [LANMAN1.0]
[2011/10/01 10:38:46.943936,  3] smbd/negprot.c:586(reply_negprot)
  Requested protocol [Windows for Workgroups 3.1a]
[2011/10/01 10:38:46.943950,  3] smbd/negprot.c:586(reply_negprot)
  Requested protocol [LM1.2X002]
[2011/10/01 10:38:46.943963,  3] smbd/negprot.c:586(reply_negprot)
  Requested protocol [LANMAN2.1]
[2011/10/01 10:38:46.943976,  3] smbd/negprot.c:586(reply_negprot)
  Requested protocol [NT LM 0.12]
[2011/10/01 10:38:46.944127,  3] smbd/negprot.c:385(reply_nt1)
  not using SPNEGO
[2011/10/01 10:38:46.944145,  3] smbd/negprot.c:691(reply_negprot)
  Selected protocol NT LM 0.12
[2011/10/01 10:38:46.950545,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2011/10/01 10:38:46.950586,  3] smbd/connection.c:31(yield_connection)
  Yielding connection to 
[2011/10/01 10:38:46.950746,  3] smbd/server.c:902(exit_server_common)
  Server exit (failed to receive smb request)
[2011/10/01 10:38:46.972984,  3] smbd/process.c:1485(process_smb)
  Transaction 0 of length 137 (0 toread)
[2011/10/01 10:38:46.973019,  3] smbd/process.c:1294(switch_message)
  switch message SMBnegprot (pid 28820) conn 0x0
[2011/10/01 10:38:46.973035,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2011/10/01 10:38:46.973090,  3] smbd/negprot.c:586(reply_negprot)
  Requested protocol [PC NETWORK PROGRAM 1.0]
[2011/10/01 10:38:46.973123,  3] smbd/negprot.c:586(reply_negprot)
  Requested protocol [LANMAN1.0]
[2011/10/01 10:38:46.973137,  3] smbd/negprot.c:586(reply_negprot)
  Requested protocol [Windows for Workgroups 3.1a]
[2011/10/01 10:38:46.973151,  3] smbd/negprot.c:586(reply_negprot)
  Requested protocol [LM1.2X002]
[2011/10/01 10:38:46.973164,  3] smbd/negprot.c:586(reply_negprot)
  Requested protocol [LANMAN2.1]
[2011/10/01 10:38:46.973178,  3] smbd/negprot.c:586(reply_negprot)
  Requested protocol [NT LM 0.12]
[2011/10/01 10:38:46.973334,  3] smbd/negprot.c:385(reply_nt1)
  not using SPNEGO
[2011/10/01 10:38:46.973465,  3] smbd/negprot.c:691(reply_negprot)
  Selected protocol NT LM 0.12
[2011/10/01 10:38:46.973629,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2011/10/01 10:38:46.973667,  3] smbd/connection.c:31(yield_connection)
  Yielding connection to 
[color="Magenta"][2011/10/01 10:38:46.973807,  3] smbd/server.c:902(exit_server_common)
  Server exit (failed to receive smb request)
```
[/color]


----------



## JimW (Oct 2, 2011)

If you want to use the user "nobody" to map drives to the Samba shares, did you add the user "nobody" to the Samba user database? I don't think the user "nobody" will work unless you specifically add it.


```
smbpasswd -a nobody
```

Also, when mapping a drive from Windows XP, you will need to click the option to "log in as different user". Then in the username window you will need to insert the server name and user name dileneated with a slash in the user name box. E.g....

*Servername\nobody*

That tells Windows to authenticate the user "nobody" from the Samba server.


----------



## Crotalus (Oct 4, 2011)

JimW said:
			
		

> If you want to use the user "nobody" to map drives to the Samba shares, did you add the user "nobody" to the Samba user database? I don't think the user "nobody" will work unless you specifically add it.


I am trying the use the user "nobody" because that was used in the version 3.0.12 that was working when my hard drive failed. There is only one user set up on the Windows machines so logging on as a different user is not an option.

Should "map to guest = bad user" work the same in version 3.5.6 as in 3.0.12?
The share is forcing the the user to "nobody"
	
	



```
Prometheus# pdbedit -Lv nobody
Unix username:        nobody
NT username:          
Account Flags:        [U          ]
User SID:             S-1-5-21-3083936000-2443239935-717596401-501
Primary Group SID:    S-1-5-21-3083936000-2443239935-717596401-513
Full Name:            Unprivileged user
Home Directory:       \\prometheus\nobody
HomeDir Drive:        
Logon Script:         
Profile Path:         \\prometheus\nobody\profile
Domain:               PROMETHEUS
Account desc:         
Workstations:         
Munged dial:          
Logon time:           0
Logoff time:          Sun, 04 Dec 219250468 08:30:07 MST
Kickoff time:         Sun, 04 Dec 219250468 08:30:07 MST
Password last set:    Sat, 01 Oct 2011 10:21:57 MDT
Password can change:  Sat, 01 Oct 2011 10:21:57 MDT
Password must change: never
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Prometheus#
```
In that setup I used and still use on another server the configuration file as originally posted above. When adding a share and mapping it from Windows XP it never asks for a user/password. It just works. All the files on the mapped drives were as follows;
	
	



```
-rwxrw-rw-  1 nobody  wheel  3670028 Sep 12  2007 DSC_0574.JPG
-rwxrw-rw-  1 nobody  wheel  3692975 Sep 12  2007 DSC_0575.JPG
-rwxrw-rw-  1 nobody  wheel  3712551 Sep 12  2007 DSC_0576.JPG
-rwxrw-rw-  1 nobody  wheel  3688462 Sep 12  2007 DSC_0577.JPG
-rwxrw-rw-  1 nobody  wheel  3501954 Sep 12  2007 DSC_0578.JPG
-rwxrw-rw-  1 nobody  wheel  3430202 Sep 12  2007 DSC_0579.JPG
-rwxrw-rw-  1 nobody  wheel  3437616 Sep 12  2007 DSC_0580.JPG
-rwxrw-rw-  1 nobody  wheel  4211662 Sep 12  2007 DSC_0581.JPG
-rwxrw-rw-  1 nobody  wheel  4473635 Sep 12  2007 DSC_0582.JPG
```
"nobody" was the only Samba user after the install of 3.5.6. I did not add it. I have tried changing the password but can not connect with or without a password.

Here are some suggested debugging of Samba;
	
	



```
Prometheus# smbstatus
max_open_files: sysctl_max (11095) below minimum Windows limit (16384)
rlimit_max: rlimit_max (11095) below minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[printers]"
Processing section "[public]"
Processing section "[Movies]"

Samba version 3.5.6
PID     Username      Group         Machine                        
-------------------------------------------------------------------
 <processes do not show up in anonymous mode>

Service      pid     machine       Connected at
-------------------------------------------------------

No locked files

Prometheus#
```


```
Prometheus# smbclient -L localhost -N
Domain=[GROUP1] OS=[Unix] Server=[Samba 3.5.6]

        Sharename       Type      Comment
        ---------       ----      -------
        public          Disk      Prometheus Shared Public Directory
        Movies          Disk      Prometheus Shared Public Directory
        IPC$            IPC       IPC Service (Samba Server)
Domain=[GROUP1] OS=[Unix] Server=[Samba 3.5.6]

        Server               Comment
        ---------            -------
        PHAEDRA              Samba Server
        PROMETHEUS           Samba Server

        Workgroup            Master
        ---------            -------
        GROUP1               PHAEDRA
Prometheus#
```


```
Prometheus# nmblookup '*'
added interface nfe0 ip=192.168.20.7 bcast=192.168.20.255 netmask=255.255.255.0
Socket opened.
querying * on 192.168.20.255
Got a positive name query response from 192.168.20.7 ( 192.168.20.7 )
Got a positive name query response from 192.168.20.6 ( 192.168.20.6 )
192.168.20.7 *<00>
192.168.20.6 *<00>
Prometheus#
```


```
Prometheus# nmblookup -B Prometheus __SAMBA__
added interface nfe0 ip=192.168.20.7 bcast=192.168.20.255 netmask=255.255.255.0
Socket opened.
querying __SAMBA__ on 192.168.20.7
Got a positive name query response from 192.168.20.7 ( 192.168.20.7 )
192.168.20.7 __SAMBA__<00>
Prometheus#
```


```
Prometheus# smbclient //Prometheus/public -U nobody
Enter nobody's password: 
Domain=[GROUP1] OS=[Unix] Server=[Samba 3.5.6]
Server not using user level security and no password supplied.
smb: \> 
smb: \> quit
Prometheus#
```
Here is the user "guest" that has a password set up and password was entered with an interesting result.
	
	



```
Prometheus# smbclient //Prometheus/public -U guest
Enter guest's password: 
Domain=[GROUP1] OS=[Unix] Server=[Samba 3.5.6]
Server not using user level security and no password supplied.
Server requested plaintext password but 'client plaintext auth' is disabled
tree connect failed: NT_STATUS_ACCESS_DENIED
Prometheus#
```

The server appears to be set up and working. The only problem is the authentication process. There must be something very simple that I am overlooking. My next step may be to restore from my backups FreeBSD 6.2 and Samba 3.0.12 as I know that that configuration worked.

Does anybody have any ideas?

Keith


----------



## SirDice (Oct 4, 2011)

Crotalus said:
			
		

> ```
> Server not using user level security and no password supplied.
> Server requested plaintext password but 'client plaintext auth' is disabled
> tree connect failed: NT_STATUS_ACCESS_DENIED
> ```


Seems rather obvious but it looks like the client and server can't agree on the authentication. Server wants plain-text and the client doesn't like that.


----------



## Crotalus (Oct 4, 2011)

SirDice,


			
				SirDice said:
			
		

> Seems rather obvious but it looks like the client and server can't agree on the authentication. Server wants plain-text and the client doesn't like that.


I agree with you that it seems to be obvious, but it is not. I have 
	
	



```
client plaintext auth = yes
```
defined in /usr/local/etc/smb.conf The default is "NO". There are several parameters if used will disable the client plaintext authorization. I am not using any of them as defined in the online Samba documentation at samba.org. Another interesting thing is that when I run `# testparm`the parameter does not show in the results. 
If I run`# smbclient`for user guest and not enter a password I get when guest is defined with a password
	
	



```
Prometheus# smbclient //Prometheus/public -U guest
Enter guest's password: 
Domain=[GROUP1] OS=[Unix] Server=[Samba 3.5.6]
Server not using user level security and no password supplied.
smb: \>  
smb: \> quit
Prometheus#
```
I don't know where the problem is. I have tried various combinations of the global parameters with the same results. I have tried to use the security option as "SHARE" and "USER" with the same results.


+++++++++++++++++++++++++++++++
Here is the config file on my other machine that has FreeBSD 6.2 and Samba 3.0.12 that works the way I want the new setup to work.
	
	



```
# Samba config file created using SWAT
# from 192.168.20.201 (192.168.20.201)
# Date: 2008/12/21 15:59:48

# Global parameters
[global]
        workgroup = GROUP1
        server string = Samba Server
        security = SHARE
        encrypt passwords = No
        map to guest = Bad User
        log file = /var/log/samba.log.%m
        max log size = 50
        dns proxy = No
        hosts allow = 192.168.20.

[homes]
        comment = Home Directories
        path = /home/file1
        valid users = %S
        read only = No
        browseable = No

[printers]
        comment = All Printers
        path = /var/spool/samba
        printable = Yes
        browseable = No

[public]
        comment = %h Shared Public Directory
        path = /store200/public
        force user = nobody
        force group = nobody
        read only = No
        force create mode = 0666
        force directory mode = 0777
        guest ok = Yes
```

++++++++
I ran testparm with the -v option and it shows "plaintext auth = no". It looks like more hunting is in order.


----------



## JimW (Oct 4, 2011)

Post your actual /usr/local/etc/smb.conf file from the Samba server that is giving you problems (Not the output of testparm).




			
				Crotalus said:
			
		

> There is only one user set up on the Windows machines so logging on as a different user is not an option.



It doesn't matter if you created only one user on the Windows machine. You always have the ability to log onto a network share as a different user. ("Connect using a different user name")







Also.... Is the Windows machine part of the same *Workgroup* as the Samba machine?


----------



## Crotalus (Oct 4, 2011)

Jim,

The Windows is part of the same group. I have tried logging on the network share as different users. As I stated I have no problems with my other FreeBSD server running 6.2 with Samba 3.0.12. With it I can browse the network places and map a drive without the window popping up asking for a user/password. It is only with the new stuff. I can't access the network places, it tells me that it is not accessible. 

Here is the config file. The comments are things that I have tried with the same results.There are other changes to the parameters that are not now shown as this was the last attempt. I have tried null password yes/no encrypt password yes/no also.
	
	



```
[global]
        workgroup = GROUP1
        server string = Samba Server
        netbios name = PROMETHEUS
        security = share
#       security = user
#       encrypt passwords = No
        map to guest = Bad User
#       map to guest = bad password
        log file = /var/log/samba.log.%m
        max log size = 50
        dns proxy = No
        hosts allow =192.168.20. 127.
#       valid users = nobody
        passdb backend = tdbsam
#       passdb backend = smbpasswd
        smb ports = 139
        encrypt passwords = no
#       smb passwd file = /usr/local/bin
        null passwords = yes
        client plaintext auth = yes
        log level = 3
        disable netbios = no
#       client ntlmv2 auth = no


[homes]
        comment = Home directory for %u on %h
        path = /usr/home/%u/Docs
        valid users = %S
        read only = No
        browseable = No

[printers]
        comment = All Printers
        path = /var/spool/samba
        printable = Yes
        print ok = Yes
        browseable = No

[public]
        comment = %h Shared Public Directory
        path = /storage2/public
        writable = yes
        force user = nobody
        force group = nobody
        read only = No
        force create mode = 0666
        force directory mode = 0777
        guest ok = Yes
        public = yes
```

Here is the config file from my other server that has no problems;
	
	



```
# Global parameters
[global]
        workgroup = GROUP1
        server string = Samba Server
        security = SHARE
        encrypt passwords = No
        map to guest = Bad User
        log file = /var/log/samba.log.%m
        max log size = 50
        dns proxy = No
        hosts allow = 192.168.20.

[homes]
        comment = Home Directories
        path = /home/file1
        valid users = %S
        read only = No
        browseable = No

[printers]
        comment = All Printers
        path = /var/spool/samba
        printable = Yes
        browseable = No

[public]
        comment = %h Shared Public Directory
        path = /store200/public
        force user = nobody
        force group = nobody
        read only = No
        force create mode = 0666
        force directory mode = 0777
        guest ok = Yes
  
[backups]
        comment = %h Shared Backup directory
        path = /store400/backups
        valid users = nobody, Keith, root
        force user = nobody
        force group = nobody
        read only = No
        force create mode = 0666
        force directory mode = 0777
        guest ok = Yes
```


----------



## JimW (Oct 5, 2011)

When you type the following command, what does it return....?


```
pdbedit -L
```


----------



## Crotalus (Oct 5, 2011)

I got it to work. The clue was on page 134 located here http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html
++++++++++++++++++++++++++++++++++++++++ from manual ++++++++++++
SECURITY = SHARE

When clients connect to a share level security server, they need not log onto the server with a valid username and password before attempting to connect to a shared resource (although modern clients such as Windows 95/98 and Windows NT will send a logon request with a username but no password when talking to a security = share server). Instead, the clients send authentication information (passwords) on a per-share basis, at the time they attempt to connect to that share.

Note that smbd ALWAYS uses a valid UNIX user to act on behalf of the client, even in security = share level security.

As clients are not required to send a username to the server in share level security, smbd uses several techniques to determine the correct UNIX user to use on behalf of the client.

A list of possible UNIX usernames to match with the given client password is constructed using the following methods :

    If the guest only parameter is set, then all the other stages are missed and only the guest account username is checked.

    Is a username is sent with the share connection request, then this username (after mapping - see username map), is added as a potential username.

    If the client did a previous logon request (the SessionSetup SMB call) then the username sent in this SMB will be added as a potential username.

    The name of the service the client requested is added as a potential username.

    The NetBIOS name of the client is added to the list as a potential username.

    Any users on the user list are added as potential usernames. 

If the guest only parameter is not set, then this list is then tried with the supplied password. The first user for whom the password matches will be used as the UNIX user.

*If the guest only parameter is set, or no username can be determined then if the share is marked as available to the guest account, then this guest user will be used, otherwise access is denied.*

Note that it can be very confusing in share-level security as to which UNIX username will eventually be used in granting access.

See also the section NOTE ABOUT USERNAME/PASSWORD VALIDATION.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

I allowed encrypted passwords and added the parameter 
	
	



```
guest only = yes
```
 to the share and everything now works.

It appears that the "security = share" will be dropped in future releases of Samba because of the security concerns of "share". The current default is "user". In the latest edition of "Using Samba by O'Reilly" they do not even provide any information about the security share and server. The only comments that is in the book is; "The remaining two security modes, security = share and security = server, are historical artifacts from past releases." 

Thanks everybody!

Keith


----------

