Re: [Samba] Windows XP greyed-out Guest user password prompt
Jules Agee: (replying to self again) Update: The Windows XP (SP2, BTW) client tries three times to log in to the Samba server with the Windows username, which is different from the Samba username. As one would expect, Samba replies to each of the three requests with a STATUS_WRONG_PASSWORD message, and in the same packets the Action segment reads 0x0001 Guest: Logged in as GUEST. If a new XP user is created with the same username and password as the Samba account, the problem goes away. But if either the XP username or the XP password differs from Samba's info, the user is never prompted for the real username or password. I don't understand. One either logs onto the domain (which has a name) or onto the local machine (which has a different name). One can't logon to both at the same time, the choice is given at logon time. The advantage of the domain logon is, that users can move from machine to machine (for example in a teachers' common room, as I have) and just carry on with their work in a familiar environment. Why would you want to synchronize local and domain accounts? Unfortunately, we have situations where the desired behavior is for Windows to allow the Samba username to be different from the Windows XP client username, and prompt for a different username if the currently-logged-in username/pw fails. Instead, XP forces a guest login. I'd think that this is purely a client issue, except that when I try this with a Windows 2000 server or a 2003 server, I'm prompted for a username AND password if the Windows XP uid/pw fails. For what it's worth, Samba returns STATUS_WRONG_PASSWORD errors (even if the Samba user doesn't exist), while the Windows 2000 server returns STATUS_LOGON_FAILURE errors. --Tonni [...] -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows XP greyed-out Guest user password prompt
Tony Earnshaw wrote: Jules Agee: (replying to self again) Update: The Windows XP (SP2, BTW) client tries three times to log in to the Samba server with the Windows username, which is different from the Samba username. As one would expect, Samba replies to each of the three requests with a STATUS_WRONG_PASSWORD message, and in the same packets the Action segment reads 0x0001 Guest: Logged in as GUEST. If a new XP user is created with the same username and password as the Samba account, the problem goes away. But if either the XP username or the XP password differs from Samba's info, the user is never prompted for the real username or password. I don't understand. One either logs onto the domain (which has a name) or onto the local machine (which has a different name). One can't logon to both at the same time, the choice is given at logon time. The advantage of the domain logon is, that users can move from machine to machine (for example in a teachers' common room, as I have) and just carry on with their work in a familiar environment. Why would you want to synchronize local and domain accounts? There is no domain, and no domain server. Due to circumstances out of my control, we are only using workgroup shares. The samba servers are set security = share in smb.conf. They share authentication data via an LDAP server, but that information is not accessible to or synchronized with the local desktop logins at this time. I don't want to synchronize them. What I want is for Windows XP to *prompt* the user for which username they would like to use to access the share on the Samba server, since the local Windows username will always fail for the Samba server login. Instead, they are only presented with a prompt for the Guest password. I should have been clearer in my earlier message. Here is the blow-by-blow for the authentication dialog: XP: Negotiate Protocol Request, what are your capabilities? Samba: Negotiate Protocol Response, I can do this and this and this XP: I'd like to make an anonymous connection to the $IPC share, please. Samba: OK, no problem. You're successfully connected as Guest. XP: How about you let me log in as (local XP uid, local XP pw) instead of Guest? Samba: Nope, sorry, STATUS_WRONG_PASSWORD but Action = 0x0001 (you're still logged in as Guest) XP: Aww, c'mon, lemme log in as (local XP userid, local XP pw) Samba: Nope, sorry, STATUS_WRONG_PASSWORD but you're still logged in as Guest XP: PLEZE let me log in as (local XP userid, local XP pw) Samba: Uh-uh. STATUS_WRONG_PASSWORD. You're still logged in as Guest The local XP userid doesn't exist in Samba's authentication data source, and it's not supposed to. When XP is unsuccessful doing the above negotiation with a Windows 2000 or 2003 server, then it prompts the user for a different username and password. But when the user does the exact same thing with a Samba server, it doesn't allow the user to choose a different username. It just presents a dialog asking for the Guest login password. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows XP greyed-out Guest user password prompt
On Monday 28 March 2005 20:07, Jules Agee wrote: updates] comment = Software Updates path = /var/local/fileshare/admin/updates browsable = no create mask = 774 group = SystemAdmin directory mask = 0775 nt acl support = no read only = yes guest ok = yes Hi Jules This may be way off, but i know how frustrating it can be not getting any suggestions! I have a samba server with a guest share, the only difference i can see is that i have guest only = yes. Here is one of the read only shares (sanitised): [guests] path = /guest/share guest only = Yes guest ok = Yes This works fine from XPSP2 and SP1 clients, the server is security = domain though, so this may make a difference, although non-domain machines/users connect with no problems to the guest shares. Hope this helps! H pgpSIHb3jtAHD.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows XP greyed-out Guest user password prompt
(replying to self again) Update: The Windows XP (SP2, BTW) client tries three times to log in to the Samba server with the Windows username, which is different from the Samba username. As one would expect, Samba replies to each of the three requests with a STATUS_WRONG_PASSWORD message, and in the same packets the Action segment reads 0x0001 Guest: Logged in as GUEST. If a new XP user is created with the same username and password as the Samba account, the problem goes away. But if either the XP username or the XP password differs from Samba's info, the user is never prompted for the real username or password. Unfortunately, we have situations where the desired behavior is for Windows to allow the Samba username to be different from the Windows XP client username, and prompt for a different username if the currently-logged-in username/pw fails. Instead, XP forces a guest login. I'd think that this is purely a client issue, except that when I try this with a Windows 2000 server or a 2003 server, I'm prompted for a username AND password if the Windows XP uid/pw fails. For what it's worth, Samba returns STATUS_WRONG_PASSWORD errors (even if the Samba user doesn't exist), while the Windows 2000 server returns STATUS_LOGON_FAILURE errors. -Jules Jules Agee wrote: (replying to self) I'd appreciate any response at all (including RTFM, but a pointer to which FM I should R again would be very appreciated). Again, we're running Samba 3.0.7 on Debian Sarge, and this problem doesn't appear when we connect to Windows file servers, so I thought someone here might have some information that might help me track down the solution. Thanks for your time! Jules Agee wrote: Hi, we've been using Samba for a while, and are just now starting to switch our desktop computers to Windows XP. We are having a problem where connections to our Samba server fail, and the user is presented with a password prompt asking for a password for user Guest. They can't select a different user. I've searched the Microsoft knowledgebase, and the Samba list archives, and there are others who have seen this problem, but none of the suggestions presented seem to help. We are currently using security = share because there are some legacy scripts that depend on not getting prompted for a username to access some read-only shares we have set up. But just for troubleshooting, I have tried setting security = user and map to guest = Bad User but XP still presents the guest password prompt and the user still isn't allowed to specify their username. We are not using a domain controller. Everything works great when using a Windows 2000 client. In XP, mapping a drive to the Samba share works fine. From XP's command prompt, if the user's Windows login and password match what's in our LDAP directory (and they usually do), it lets them right in -- the user doesn't even get a password dialog when they do this: net use \\fileserver.example.com\share /user:joebob But if you just set up a shortcut to \\fileserver.example.com\share or if you try to connect from the run line, it fails tries to force them to login with the guest account. If anyone has any suggestions, or can even make a guess at an explanation for this behavior, I'd really appreciate it. Thanks! -Jules [EMAIL PROTECTED] smb.conf, slightly sanitized: [global] admin users = jane,joe,bob security = share encrypt passwords = true ldap suffix = o=internet ldap admin dn=cn=Administrator,o=internet passdb backend = ldapsam:ldaps://ldap1.example.com ldaps://ldap2.example.com guest account = nobody invalid users = root workgroup = IS netbios name = fileserver.example.com server string = File Server name resolve order = host bcast socket options = SO_KEEPALIVE,TCP_NODELAY oplocks = yes kernel oplocks = yes level2 oplocks = no encrypt passwords = yes create mask = 770 directory mask = 0770 log level = 2 log file = /var/log/samba/%m.log max log size = 1 map to guest = Bad Password load printers = no delete veto files = yes hide files = /Icon?/ veto files = /.AppleDouble/.AppleDesktop/Network Trash Folder/TheVolumeSettingsFolder/TheFindByContentFolder/ dns proxy = no log file = /var/log/samba/log.%m. max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d preserve case = yes [private] comment = Your Private Home Directory path = /home/%u group = default writable = yes create mask = 0700 directory mask = 0700 [IS] comment = Information Systems path = /var/local/fileshare/IS nt acl support = no create mask = 777 directory mask = 0777 read only = No group = IS valid users = @IS,@ISAnalyst,@SupportAnalyst,@SystemAdmin [updates]
Re: [Samba] Windows XP greyed-out Guest user password prompt
(replying to self) I'd appreciate any response at all (including RTFM, but a pointer to which FM I should R again would be very appreciated). Again, we're running Samba 3.0.7 on Debian Sarge, and this problem doesn't appear when we connect to Windows file servers, so I thought someone here might have some information that might help me track down the solution. Thanks for your time! Jules Agee wrote: Hi, we've been using Samba for a while, and are just now starting to switch our desktop computers to Windows XP. We are having a problem where connections to our Samba server fail, and the user is presented with a password prompt asking for a password for user Guest. They can't select a different user. I've searched the Microsoft knowledgebase, and the Samba list archives, and there are others who have seen this problem, but none of the suggestions presented seem to help. We are currently using security = share because there are some legacy scripts that depend on not getting prompted for a username to access some read-only shares we have set up. But just for troubleshooting, I have tried setting security = user and map to guest = Bad User but XP still presents the guest password prompt and the user still isn't allowed to specify their username. We are not using a domain controller. Everything works great when using a Windows 2000 client. In XP, mapping a drive to the Samba share works fine. From XP's command prompt, if the user's Windows login and password match what's in our LDAP directory (and they usually do), it lets them right in -- the user doesn't even get a password dialog when they do this: net use \\fileserver.example.com\share /user:joebob But if you just set up a shortcut to \\fileserver.example.com\share or if you try to connect from the run line, it fails tries to force them to login with the guest account. If anyone has any suggestions, or can even make a guess at an explanation for this behavior, I'd really appreciate it. Thanks! -Jules [EMAIL PROTECTED] smb.conf, slightly sanitized: [global] admin users = jane,joe,bob security = share encrypt passwords = true ldap suffix = o=internet ldap admin dn=cn=Administrator,o=internet passdb backend = ldapsam:ldaps://ldap1.example.com ldaps://ldap2.example.com guest account = nobody invalid users = root workgroup = IS netbios name = fileserver.example.com server string = File Server name resolve order = host bcast socket options = SO_KEEPALIVE,TCP_NODELAY oplocks = yes kernel oplocks = yes level2 oplocks = no encrypt passwords = yes create mask = 770 directory mask = 0770 log level = 2 log file = /var/log/samba/%m.log max log size = 1 map to guest = Bad Password load printers = no delete veto files = yes hide files = /Icon?/ veto files = /.AppleDouble/.AppleDesktop/Network Trash Folder/TheVolumeSettingsFolder/TheFindByContentFolder/ dns proxy = no log file = /var/log/samba/log.%m. max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d preserve case = yes [private] comment = Your Private Home Directory path = /home/%u group = default writable = yes create mask = 0700 directory mask = 0700 [IS] comment = Information Systems path = /var/local/fileshare/IS nt acl support = no create mask = 777 directory mask = 0777 read only = No group = IS valid users = @IS,@ISAnalyst,@SupportAnalyst,@SystemAdmin [updates] comment = Software Updates path = /var/local/fileshare/admin/updates browsable = no create mask = 774 group = SystemAdmin directory mask = 0775 nt acl support = no read only = yes guest ok = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Windows XP greyed-out Guest user password prompt
Hi, we've been using Samba for a while, and are just now starting to switch our desktop computers to Windows XP. We are having a problem where connections to our Samba server fail, and the user is presented with a password prompt asking for a password for user Guest. They can't select a different user. I've searched the Microsoft knowledgebase, and the Samba list archives, and there are others who have seen this problem, but none of the suggestions presented seem to help. We are currently using security = share because there are some legacy scripts that depend on not getting prompted for a username to access some read-only shares we have set up. But just for troubleshooting, I have tried setting security = user and map to guest = Bad User but XP still presents the guest password prompt and the user still isn't allowed to specify their username. We are not using a domain controller. Everything works great when using a Windows 2000 client. In XP, mapping a drive to the Samba share works fine. From XP's command prompt, if the user's Windows login and password match what's in our LDAP directory (and they usually do), it lets them right in -- the user doesn't even get a password dialog when they do this: net use \\fileserver.example.com\share /user:joebob But if you just set up a shortcut to \\fileserver.example.com\share or if you try to connect from the run line, it fails tries to force them to login with the guest account. If anyone has any suggestions, or can even make a guess at an explanation for this behavior, I'd really appreciate it. Thanks! -Jules [EMAIL PROTECTED] smb.conf, slightly sanitized: [global] admin users = jane,joe,bob security = share encrypt passwords = true ldap suffix = o=internet ldap admin dn=cn=Administrator,o=internet passdb backend = ldapsam:ldaps://ldap1.example.com ldaps://ldap2.example.com guest account = nobody invalid users = root workgroup = IS netbios name = fileserver.example.com server string = File Server name resolve order = host bcast socket options = SO_KEEPALIVE,TCP_NODELAY oplocks = yes kernel oplocks = yes level2 oplocks = no encrypt passwords = yes create mask = 770 directory mask = 0770 log level = 2 log file = /var/log/samba/%m.log max log size = 1 map to guest = Bad Password load printers = no delete veto files = yes hide files = /Icon?/ veto files = /.AppleDouble/.AppleDesktop/Network Trash Folder/TheVolumeSettingsFolder/TheFindByContentFolder/ dns proxy = no log file = /var/log/samba/log.%m. max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d preserve case = yes [private] comment = Your Private Home Directory path = /home/%u group = default writable = yes create mask = 0700 directory mask = 0700 [IS] comment = Information Systems path = /var/local/fileshare/IS nt acl support = no create mask = 777 directory mask = 0777 read only = No group = IS valid users = @IS,@ISAnalyst,@SupportAnalyst,@SystemAdmin [updates] comment = Software Updates path = /var/local/fileshare/admin/updates browsable = no create mask = 774 group = SystemAdmin directory mask = 0775 nt acl support = no read only = yes guest ok = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows XP greyed-out Guest user password prompt
(replying to self) Jules Agee wrote: Hi, we've been using Samba for a while, and are just now starting to switch our desktop computers to Windows XP. We are having a problem where connections to our Samba server fail, and the user is presented with a password prompt asking for a password for user Guest. They can't select a different user. Sorry, forgot to mention that we're running Samba 3.0.7 on Debian GNU/Linux -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba