Web lists-archives.com

Re: [Samba] Windows cant access shared directories after changed password with smbpasswd




On Mon, 26 Jun 2017 14:02:35 -0300
Cesar Martins via samba <samba@xxxxxxxxxxxxxxx> wrote:

> 2017-06-26 10:38 GMT-03:00 Rowland Penny via samba
> <samba@xxxxxxxxxxxxxxx>:
> 
> > Your 'samba' password and your windows password MUST be the same to
> > allow you to connect to a Samba share from a Windows machine without
> > being prompted for a password. I do not understand why, after being
> > prompted for the correct username & password, that it doesn't
> > connect, I feel this must be something to do with Windows rather
> > than Samba.
> >
> > It might help if you shared your smb.conf and told us if your
> > windows machines are part of a domain or a workgroup.
> >
> 
> MJ ,
> Sorry your message don't arrive at my gmail... answering here...
> I have no access with "control userpasswords2" because of security
> restriction of the company here, so ,
> I can't test this.
> 
> 
> Rowland,
> 
> Two correction about the situation here.
> 
> 1) Where about shows BAD PASSWORD, they are the same user on windows
> and samba.
>    if I set the user password at Samba Server with same password of
> Windows, works. Thank you for this information
> 
> 2) the situation where the user of Windows and Samba Server isn't the
> same, work OK at Windows XP but not at Windows 8 where they still not
> authenticating ....
> Analyzing the debug log I'm not able to identify why the server
> deny...
> 
> Here is my last attempt of configuration.
> 
> | [global]
> |     server max protocol = SMB3_11
> |     dns proxy = no
> |     logging = file
> |     load printers = no
> |     printing = bsd
> |     printcap name = /dev/null
> |     disable spoolss = yes
> |     map to guest = Bad User
> |         server string = jdivm
> |     store dos attributes = yes
> |     acl allow execute always = true
> |     multicast dns register = no
> |     domain logons = no
> |     local master = no
> |     server role = standalone
> |         netbios name = jdivm04
> |     workgroup = RL
> |     security = user
> |     create mask = 0666
> |     directory mask = 0777
> |     dos charset = CP852
> |     unix charset = iso-8859-1
> |     log level = 1
> |
> |     unix extensions = no
> |
> |         passdb backend = tdbsam
> |         usershare allow guests = No
> |         domain master = No
> |
> |     wins support = no
> |     include = /etc/samba/smb.conf.client-%I
> 
> 
> 
> | [Dados2]
> |         guest ok = No
> |         inherit acls = yes
> |         path = /dados
> |         read only = No
> |     force group = dadosgrp
> |         valid users = suporte marcelas orlando
> |     create mask    = 0775
> |     directory mask = 0775
> |
> |     wide links = yes

I think this may be the problem: server max protocol = SMB3_11

I feel if you change this to 'server max protocol = NT1' it will most
likely work, but you will probably not want to do this.

You also posted this:

Forcing Primary Group to 'Domain Users' for cinacio

From this, it looks like your windows machines are part of an AD
domain, so why not turn your Samba standalone server into a Unix domain
member server. This way, authentication passes to your AD DC and the
passwords are forced to be always in sync. It will also be easier to
set ACLs on the fileserver, because you will be able to do this from
Windows.

See here for more info:

https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member

Rowland




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba