Simple LAN where Win2K wont see Linux server 1

[geokor]

Hi. I've posted this problem on several other forums and I think I've narrowed the problem down to my SAMBA install.
I am trying to set up a home LAN to learn about Linux/Apache/Samba etc. I have a SuSE 7.1 box as server and a Win2K as client. So far I have it setup using DNS where my browsers on the Win2K box can see HTML files setup on my Linux server using either the name (

http://kirtland/...)

or the IP address (

http://192.168.1.100/...)

but I can't get the My Network Places on the Win box to see the Linux box or more accurately the directory (htdocs) where Apache is supposed to look for my HTML files. This means I can't save HTML files I build on my Win box to the Linux server.
So far I have read O'Reilly's book on Samba but don't understand a lot of it yet, also the Samba home site, and O'Reilly's Apache book and O'Reilly's Runnin Linux and Linux in a Nutshell books (and a few other Linux books but these were the ones that actually helped in one way or another). But a lot of this is still beyond me - I'm just getting started.
Any help in directing me would be greatly appreciated.
Thanks a 1,000,000!

George K

 

[ManagerJay]

What type of security do you have set on the htdocs directory? Could you post that portion of your smb.conf file?



Jay

 

[geokor]

I'll post the entire file!

It reads:
[global]
workgroup = simple
security = user
browseble = yes
local master = yes

[homes]
guest ok = no
browseble = no

[temp]
path = /tmp
public = yes

I know the security is non-existent - I've figured out that much so far. This is simply a test config file from O'Reilly's "Using Samba" book.
I have been trying to step through the debugging in this book to find the problem.

Now, get this...

If I run the command (on linux server)
smbclient -L localhost -U%
I get the following:

added interface ip=192.168.1.100
bcast=192.168.1.255
nmask = 255.255.255.0
Domain=[SIMPLE]
OS=[UNIX]
Server=[Samba 2.0.7]

Sharename Type Comment
--------- ----- -------
homes Disk
temp Disk
IPC$ IPC IPC Service (Samba 2.0.7)

Server Comment
------ -------
Kirtland Samba 2.0.7
Zionscamp

Workgroup Master
--------- ------
Simple Kirtland

which as far as I can tell is OK.

BUT then when I try the command
sbmclient '\\server\temp'

I get
added interface (then all the same IPs as above)
and then "Connection to server failed"

I'm still confused. I'm beginning to wonder if I should just go back to using Windows 98 or NT as my windoze client. Is the problem with my SAMBA setup or my Windows setup?

Many thanks!

George K

 

[gheist]

browseAble

\\192.168.1.100 , not name from windows

 

[geokor]

Sorry gheist, I don't understand your post.
what do you mean, \\192.168.1.100 not name from windows?

Thanks.

George K

 

[gheist]

you should type

\\1.2.3.4\share

not

\\linux\share

 

[geokor]

Where do I type this? I don't remember typing that anyplace!

George K

I'd like George to reply by:
E-mail[ ] Phone[ ] Swallow- European[ ] African[ ]

 

[gheist]

aa hmm emmm zzzzzzzzzzzzzz

Click on Start button and look for Run option

 

[urgl]

Hi George,

got some tips for you to make it work:

.)changes to your smb.conf
in section global:
encrypt passwords = Yes
Windows 2000 uses encrypted password by default
wins support = yes
making your samba server a wins server speeds up browsing a lot
add a new section for your htdocs directory, as far as I've seen you don't have one.

[webfiles]
path= /usr/local/httpd/htdocs
browseable=yes
read only = no
create mask = 0655
directory mask = 0755
That gives you a share webfiles but you still have no rights to write to it as the permission of the directory does not allow you to write to it as a normal user.
The easiest way to solve this is to change the owner of the directory to your user id.
Let's say your unix user on the samba server kirtland is george - you would change the owner by typing
chown george.users /usr/local/httpd/htdocs
on your server. Don't forget you have to be root to do so.
Now george is the owner of the directory which allows him (or you if you like) to create files and directories. Just bear in mind that existing files / directories still have the owner root. If you want to change all files and directories to owner george you tell the chown command to do so by adding -R (which means recursive) as a option. I.e. chown -R george.users /usr/local/httpd/htdocs

As you told samba to use encryption on the passwords you have to create the encryped passwords. Unix and Windows password encrytion differ so the passwords you entered for your Unix user can't be used.
This is done with the command smbpasswd.
smbpasswd -a george
The server will ask for the new samba password and add (-a) it.

Almost done ....
Now you restart samba. After that you change on the Win2k PC your TCP settings and add the IP of your samba server in the section WINS server. In the network neighbourhood you should now see your server and the Win2k PC.

If you really want to use smbclient on you server try:
smbclient \\\\kirtland\\webfiles
More slashes do the trick...

I'm not a native speaker but I hope you understand anyway. ;-)

Hope that helps.

Hans

 

[geokor]

urgl (Hans) Thanks for trying. I am sure your directions are excellent, but as far as I can tell, I can't get them to work. I added the webfiles section to my smb.conf and ran killall -HUP smbd (& nmbd) then ran smbd (& nmbd) -D to make samba reread the conf file. Now I've lost the Linux server listing on Microsoft Neighborhood altogether.

When I try to add a new connection on windows, (as //kirtland/webfiles/ for example) it tells me I don't have permission to access that box so it pops up a user name & password dialog box. I enter the user name I have set up in both samba and windows (GeorgeK) and the password (which is the same in both windows and linux) and it tells me this is an incorrect login.

I am about ready to give up. Thanks for trying... Danke!

George K

 

[urgl]

Hi George,
no need to give up too soon you're almost there.
As long as you get something back from samba you are not lost.
Is there a linux user GeorgeK ? (case sensitive)
Did you do: smbpasswd -a GeorgeK ??
Did you enter the IP of kirtland as WINS server ?
THe fact that the samba server does not show up in the windows neighbourhood just shows a problem with your browse lists but you should still be able to access the shares.
Try to search your samba server from W2k by IP.

Hope that helps

Hans

 

[geokor]

Thank you for your help and patience.
Yes, there is a GeorgeK (case sensitive) on both the Linux and the Windoze boxes. Both have the same password (case sensitive).
Yes, I ran smbpasswd -a GeorgeK and put in the same password again.
Yes I put in the IP of kirtland as the wins server (192.168.1.100) - this is the same as the IP address of the server, correct? In other words, I am assuming I do not need a different IP for the Apache, the Samba, etc.
I am able to reach the htm files on the linux box using a Windows browser using either the IP (192.168.1.100) OR the name \\kirtland\testing\index.htm - both work fine.
But when I am working on a file and want to save it, I need to be able to "see" Kirtland on the explorer so I can save there. So far, no luck.
It seems like because it tells me I do not have authorization to save there the problem must be in the failure of windows to send the correct user and password.

Once, again, many thanks.

George K

PS - would it help if I posted my smb.conf file again with the changes I made per your instructions?

 

[urgl]

Yes, please post the smb.conf. More questions: is the W2K PC member of workgroup simple? Did you make any changes to the registry in W2k for Samba? If you use \\kirtland in the Windows browser do you see all your defined shares ?

I'm quite shure we will make it work.

Hans

 

[geokor]

Hello Hans. OK, I fixed the problem in windows (DNS Suffix wasn't listed) so that now both computers show up under Computers Near Me under My Network Places. BUT still, when I try to double click on the server (kirtland) all I get is a dialog that says "Incorrect password or unknown username for \\Kirtland" and it asks me to connect as ...
Here, if I type in GeorgeK and the password, it still will not go through and connect.

My smbd.conf is as follows:

[global]
usergroup = simple
security = user
browseable = yes
local master = yes
encrypt passwords = yes
wins support = yes
smb password file = /etc/smbpassword

[homes]
guest ok = no
browseable = no

[temp]
path = /tmp
browseable = yes

[webfiles]
path = /usr/local/httpd/htdocs
browseable = yes
read only = no
create mask = 0655
directory mask = 0755
public = yes
writeable = yes
readable = yes
guest ok = yes

And GeorgeK is in my password list with an encrypted password.

Thanks again for all your help and taking the time to help out someone starting out with Linux.

GeorgeK

PS: from your name I am guessing you are German, is that correct?

 

[HIRC]

George,

Although this defeats the purpose of using encrypted passwords, it might allow you to use the SMB share from Windows. Some SMB servers' requests for encrypted passwords FAIL when asking Windows for the pwd... I guess they forgot to day "please"! [LOL] You can always remove this entry if it fails!

Microsoft changed the way it handles passwords with SMB shares way back in Windows NT4 SP3. You can send the unencrypted password to the SMB server and see if that fixes your issue.

Using the Windows registry editor, navigate to the SMB parameters section

[HKLM\SYSTEM\CurrentControlSet\Services\MRxSmb\Parameters]

and add a new key named "EnablePlainTextPassword".
Add a REG_DWORD value "0" or "1" to set this feature.
- "0" prevents Windows from sending plain text pwd
- "1" ALLOWS plaintext when/if the SMB server requests it


Hope this helps...

 

[geokor]

Thanks for trying HIRC. But I believe it is already set to enable plain passwords. When I looked at HKEY-LOCAL-Machine\System\CurrentControlSet\Services\MRxSmb\Parameters it read:
Name Type Data
CscEnabled REG_DWORD 0x00000001(1)

so it is already set to 1 (allows plaintext...)

This has to be something very simple I am overlooking. I am pretty new to networking so it wouldn't surprise me if it was some single value, some small permission or something I am overlooking. Again, thanks!

George K

 

[urgl]

Hi George,

I tried your smb.conf on my server (never try that with Windows ;-) ) and it did work, some of the parameters are wrong but that could be because I use samba 2.2.1a.
Here's my version:

[global]
workgroup = linux
security = user
browseable = yes
local master = yes
encrypt passwords = yes
wins support = yes

[homes]
guest ok = no
browseable = no

[temp]
path = /tmp
browseable = yes

[webfiles]
path = /usr/local/httpd/htdocs
browseable = yes
read only = no
create mask = 0655
directory mask = 0755


Just changed the workgroup name, I didn't want to change it on my Win2K ;-) .
Try that and use testparm to check if all definitions are correct. Among all the parameters you will find
smb passwd file = somedir/smbpasswd
Take a look at that file if your user is in there. It should look like:

GeorgeK:502:01FC5A6BE7BC6929AAD3B435B51404EE:0CB6948805F797BF2A82807973B89537:[U ]:LCT-3CDADCC3:


Another thing is to look at the samba logs, IIRC on SuSE 7.1 the file is /var/log/log.smb or /var/log/samba/log.smb.
Before you do that change the log level (or debug level) parameter to 2. Restart Samba, I mean a real restart NOT just a kill -HUP. The log should give a good hint on where to look next.

Hans

PS.: German is pretty close - I'm Austrian.

 

[HIRC]

George,

I guess I should have been clearer in my earlier post.

The registry key
[HKLM\SYSTEM\CurrentControlSet\Services\MRxSmb\Parameters]
does NOT CONTAIN the entry you'll need for plaintext passwords. You need to create a new one (the CscEnabled entry is related to File Synchronization over SMB).

After you create a NEW DWORD value named "EnablePlainTextPassword", the registry key will look like this:

Name Type Data
CscEnabled REG_DWORD 0x00000001(1)
EnablePlainTextPassword REG_DWORD 0x00000001(1)


Remember, it isn't a good security practice to pass unencrypted passwords. I wouldn't leave this feature enabled beyond troubleshooting the SMB browsing problem.


Regards,
HIRC

 

[geokor]

Hans, thank you again for all your help. I will try your ideas in the morning and let you know how it works out.

Danke für Ihre Hilfe. Mein Deutsch ist nicht so gut als Ihr Englisch. Vor ich studierte den Jahren viel "High School" für 2 Jahre - and that was .... oh..... about 25 years ago!

HIRC, thank you for your help and time. I'm going to try Hans' ideas first since, as you point out, unecrypted passwords isn't a good idea. This is only a 2 computer LAN right now (as I learn) but eventually I will attach my other two puters and a cable modem this summer so I want it all "correct" by then! If I can't get Hans' ideas to work then I'll break out regedit again.

Thank you both.

GeorgeK

 

[geokor]

OK, Hans, I made the changes, ran testparm, made sure GeorgeK was listed in smbpasswd, and it still was the same. I checked the log and found that when it was saying that GeorgeK couldn't log in, it was all in lower case, so I deleted GeorgeK and replaced that user with georgek. It made no difference - problems still the same. I can "see" the server on My Network but can not access it because I am not authorized.

HIRC, I tried your idea and it made things much worse! As soon as I changed the registry by adding the line you suggested, I lost the server on My Network altogether. (I also the entry in my smb conf file to not encrypt passwords). Once I reversed it and encrypted the passwords in SAMBA and deleted the line in the registry the server showed back up in My Network.

George K - The Frustrated!