Re: [Samba] Authentication from Vista?

2009-09-09 Thread raichea 
On Sep 6, 9:20=A0pm, Volker Lendecke  wrote:
>
> I very much doubt security=3Dshare works with ntlmv2. Please
> use security=3Duser.

Thanks Volker - that did the trick!

I'd used security=share as the man pages suggested that this was the
appropriate setting when most shares were meant to be for guest
access, and says it is tricky providing guest access with security=user. In 
fact, simply setting the "map to guest" parameter to "Bad User" does the trick.

Regards, Steve.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Authentication from Vista?

2009-09-06 Thread raichea 
I had a personal response that pointed me at this link to a post from Andrew 
Bartlett, which suggests that you may need "security = domain" for this to work:

http://lists.samba.org/archive/samba/2004-February/080470.html

I'm actually using security=share as most of my shares are usable by all. 
Looking at the smb.conf man pages doesn't really say if and how the security 
setting affects NTLMv2 authentication.

I'd appreciate any insights...


Cheers, Steve
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Authentication from Vista?

2009-09-05 Thread raichea 
I have a Linux server providing file and print services to a small 
network of XP systems.  The printer and most of the shares are available 
to all as read-only. One particular share is used by the XP 
Administrator accounts (mapped to root) to hold XP backup data. This has 
been working fine for the last couple of years.


A new system added to the network runs Vista Home Premium and along with 
many others (from googling around), I cannot get write access for the 
Admin account to work. My research has determined that this is due to 
Vista's use of NTLMv2 and there are many sites that recommend tweaking a 
Vista registry setting to put things back to normal by downgrading the 
authentication mechanism to that of XP, but that seems the wrong 
approach to me.


Samba (I'm running 3.2.7 on Suse 11.1) supports NTLMv2 from what I've 
read, but it doesn't seem to be attempting to use this protocol if I'm 
interpreting the smb.log output correctly - I see entries like this:



[2009/09/05 12:22:15,  0] libsmb/ntlm_check.c:smb_pwd_check_ntlmv1(54)
  smb_pwd_check_ntlmv1: incorrect password length (68)

but no reference to NTLMv2.

I've checked the smb.conf docs but can't see anything that looks 
particularly relevant - there are commands to disable the lower forms of 
authentication, but it seems that NTLMv2 should be enabled by default.


Anyone got advice, suggestions... if it comes to it, I can make the 
registry hack, but I'd rather do things the "proper" way.


Thanks for reading, Steve.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba