I've got a bit of a problem with Samba. I just can't work out how to change passwords or remove users. I've just got user security.. lines in smb.conf are:
security = user passdb backend = tdbsam
I've removed the user using pdbedit, I've removed the unix user, smbpasswd says the user doesn't exist yet I can still connect to the shares. I'm obviously just missing something here. Can anyone point me in the right direction?
thanks
On Tue, 2009-06-23 at 10:08 +0100, Kevin Thorpe wrote:
I've got a bit of a problem with Samba. I just can't work out how to change passwords or remove users. I've just got user security.. lines in smb.conf are:
security = user passdb backend = tdbsam
I've removed the user using pdbedit, I've removed the unix user, smbpasswd says the user doesn't exist yet I can still connect to the shares. I'm obviously just missing something here. Can anyone point me in the right direction?
thanks _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
check out smbpasswd
On 23/06/2009 10:25, Coert Waagmeester wrote:
On Tue, 2009-06-23 at 10:08 +0100, Kevin Thorpe wrote:
I've got a bit of a problem with Samba. I just can't work out how to change passwords or remove users. I've just got user security.. lines in smb.conf are:
security = user passdb backend = tdbsam
I've removed the user using pdbedit, I've removed the unix user, smbpasswd says the user doesn't exist yet I can still connect to the shares. I'm obviously just missing something here. Can anyone point me in the right direction?
tp://lists.centos.org/mailman/listinfo/centos
check out smbpasswd
[root@database samba]# smbpasswd kevin New SMB password: Retype new SMB password: Failed to find entry for user kevin. Failed to modify password entry for user kevin
Yet I can still connect to the shares as kevin..... strange
On Tue, 2009-06-23 at 10:25 +0100, Kevin Thorpe wrote:
On 23/06/2009 10:25, Coert Waagmeester wrote:
On Tue, 2009-06-23 at 10:08 +0100, Kevin Thorpe wrote:
[root@database samba]# smbpasswd kevin New SMB password: Retype new SMB password: Failed to find entry for user kevin. Failed to modify password entry for user kevin
Yet I can still connect to the shares as kevin..... strange
--- Post your Share Configuration. Restart samba? service smb restart. How are you connecting to the share? VIA Linux or Windows?
john
On Tue, Jun 23, 2009 at 5:25 AM, Kevin Thorpekevin@pibenchmark.com wrote:
Yet I can still connect to the shares as kevin..... strange
As root try:
# service smb reload
Brett
On 23/06/2009 10:39, Brett Serkez wrote:
On Tue, Jun 23, 2009 at 5:25 AM, Kevin Thorpekevin@pibenchmark.com wrote:
Yet I can still connect to the shares as kevin..... strange
As root try:
# service smb reload
Curiouser and curiouser. That worked, I can't connect now. Why should Samba cache the password file? Seems a bit of a security problem to me.
On Tue, 2009-06-23 at 10:46 +0100, Kevin Thorpe wrote:
On 23/06/2009 10:39, Brett Serkez wrote:
On Tue, Jun 23, 2009 at 5:25 AM, Kevin Thorpekevin@pibenchmark.com wrote:
Yet I can still connect to the shares as kevin..... strange
As root try:
# service smb reload
Curiouser and curiouser. That worked, I can't connect now. Why should Samba cache the password file? Seems a bit of a security problem to me.
--- The samba Caching directory is in /var/cache/samba . Why should it Cache it? For quicker access. That is the way it is designed and I know of no security flaw in that. Just executing service smb reload will not disconnect a user. But using "restart" will dump all the users.
John
On 23/06/2009 11:00, JohnS wrote:
On Tue, 2009-06-23 at 10:46 +0100, Kevin Thorpe wrote:
On 23/06/2009 10:39, Brett Serkez wrote:
On Tue, Jun 23, 2009 at 5:25 AM, Kevin Thorpekevin@pibenchmark.com wrote:
Yet I can still connect to the shares as kevin..... strange
As root try:
# service smb reload
Curiouser and curiouser. That worked, I can't connect now. Why should Samba cache the password file? Seems a bit of a security problem to me.
The samba Caching directory is in /var/cache/samba . Why should it Cache it? For quicker access. That is the way it is designed and I know of no security flaw in that. Just executing service smb reload will not disconnect a user. But using "restart" will dump all the users.
Oh, I didn't spot the distinction between 'reload' and 'restart'. Personally I would have forced that after a password change, or at the very least after deleting a user because otherwise they seem to still be able to get in.
Sorry, I've still got problems.
I'm trying to set up a new Samba user. I've done useradd to put them in passwd, I've done smbpasswd to set a samba password. They're in the required group (spendtrak) for this share. I've even restarted samba. When I try and connect to the share with 'connect using a different username' form XP it just keeps asking me for the password. I can connect to the share as myself, but not if I define myself as the 'different user name'. Is there a log anywhere which will tell me what's going wrong with the login.
Sorry, but this is frustrating the hell out of me.
# share for spendtrak [spendtrak] comment = Spendtrak Files path = /home/spendtrak writable = yes printable = no valid users = +spendtrak force group = spendtrak create mode = 0660 create mask = 0660 force create mode = 0660 directory mode = 0770 directory mask = 0770 force directory mode = 0770 inherit permissions = yes
On 23/06/2009 11:34, Kevin Thorpe wrote:
Sorry, I've still got problems.
I'm trying to set up a new Samba user. I've done useradd to put them in passwd, I've done smbpasswd to set a samba password. They're in the required group (spendtrak) for this share. I've even restarted samba. When I try and connect to the share with 'connect using a different username' form XP it just keeps asking me for the password. I can connect to the share as myself, but not if I define myself as the 'different user name'. Is there a log anywhere which will tell me what's going wrong with the login.
Sorry, but this is frustrating the hell out of me.
# share for spendtrak [spendtrak] comment = Spendtrak Files path = /home/spendtrak writable = yes printable = no valid users = +spendtrak force group = spendtrak create mode = 0660 create mask = 0660 force create mode = 0660 directory mode = 0770 directory mask = 0770 force directory mode = 0770 inherit permissions = yes
Well smbclient seems to work fine so I guess it's Windows at fault (as per bloody usual).
On 23/06/2009 11:39, Kevin Thorpe wrote:
On 23/06/2009 11:34, Kevin Thorpe wrote:
Sorry, I've still got problems.
I'm trying to set up a new Samba user. I've done useradd to put them in passwd, I've done smbpasswd to set a samba password. They're in the required group (spendtrak) for this share. I've even restarted samba. When I try and connect to the share with 'connect using a different username' form XP it just keeps asking me for the password. I can connect to the share as myself, but not if I define myself as the 'different user name'. Is there a log anywhere which will tell me what's going wrong with the login.
Sorry, but this is frustrating the hell out of me.
# share for spendtrak
[spendtrak] comment = Spendtrak Files path = /home/spendtrak writable = yes printable = no valid users = +spendtrak force group = spendtrak create mode = 0660 create mask = 0660 force create mode = 0660 directory mode = 0770 directory mask = 0770 force directory mode = 0770 inherit permissions = yes
Well smbclient seems to work fine so I guess it's Windows at fault (as per bloody usual).
Well I finally worked it out. Reboot Windows then it works. Bah! Stupid Microsoft. Wasted half my morning because Windows is broken.
On Tue, Jun 23, 2009 at 6:49 AM, Kevin Thorpekevin@pibenchmark.com wrote:
On 23/06/2009 11:39, Kevin Thorpe wrote: Well I finally worked it out. Reboot Windows then it works. Bah! Stupid Microsoft. Wasted half my morning because Windows is broken.
Windows "helpfully" remembers your username and password for the duration of your login. A logoff and back in would had sufficed.
What I have found is that Windows remembers username and password per host, so once you connect to a share on a given host with a particular username and password, you cannot connect to the same host with a different username and password.
One work around is to use the "netbios aliases" feature which allows a server to have multiple names on a network. This would allow you to connect to the same server with different user names during the same Windows session as it would think you are connecting to a different host.
Brett
Kevin Thorpe wrote:
I'm trying to set up a new Samba user. I've done useradd to put them in passwd, I've done smbpasswd to set a samba password. They're in the required group (spendtrak) for this share. I've even restarted samba. When I try and connect to the share with 'connect using a different username' form XP it just keeps asking me for the password. I can connect to the share as myself, but not if I define myself as the 'different user name'. Is there a log anywhere which will tell me what's going wrong with the login.
Sorry, but this is frustrating the hell out of me.
# share for spendtrak
[spendtrak] comment = Spendtrak Files path = /home/spendtrak writable = yes printable = no valid users = +spendtrak force group = spendtrak create mode = 0660 create mask = 0660 force create mode = 0660 directory mode = 0770 directory mask = 0770 force directory mode = 0770 inherit permissions = yes
Well smbclient seems to work fine so I guess it's Windows at fault (as per bloody usual).
Well I finally worked it out. Reboot Windows then it works. Bah! Stupid Microsoft. Wasted half my morning because Windows is broken.
I don't think you can connect to the same machine as 2 different users - and windows will cache connections even if they aren't mapped to a drive letter. If it happens again, try 'NET USE' from a cmd window to see if you have lingering connections and delete them.
I don't think you can connect to the same machine as 2 different users - and windows will cache connections even if they aren't mapped to a drive letter. If it happens again, try 'NET USE' from a cmd window to see if you have lingering connections and delete them.
If it were a Windows server, yes, how ever if you use the netbios alias option in Samba, the Windows client thinks it is connecting to different servers, and the Samba server doesn't care. I know this works as I use it.
Brett
On Tue, 2009-06-23 at 11:20 -0400, Brett Serkez wrote:
I don't think you can connect to the same machine as 2 different users - and windows will cache connections even if they aren't mapped to a drive letter. If it happens again, try 'NET USE' from a cmd window to see if you have lingering connections and delete them.
If it were a Windows server, yes, how ever if you use the netbios alias option in Samba, the Windows client thinks it is connecting to different servers, and the Samba server doesn't care. I know this works as I use it.
Brett
--- And to that I can atest to also as I use it also. "netbios = no" For multiple different client connections.
John
Well I finally worked it out. Reboot Windows then it works. Bah! Stupid Microsoft. Wasted half my morning because Windows is broken.
restarting the workstation should also work:
net workstation stop net workstation start
in cmd.exe in windows xp.
net use
will show you current connections.
on 6-23-2009 3:34 AM Kevin Thorpe spake the following:
Sorry, I've still got problems.
I'm trying to set up a new Samba user. I've done useradd to put them in passwd, I've done smbpasswd to set a samba password. They're in the required group (spendtrak) for this share. I've even restarted samba. When I try and connect to the share with 'connect using a different username' form XP it just keeps asking me for the password. I can connect to the share as myself, but not if I define myself as the 'different user name'. Is there a log anywhere which will tell me what's going wrong with the login.
Sorry, but this is frustrating the hell out of me.
That is windows inability to not lock one user to a connection. Try a different machine, it should work.
On Tue, 2009-06-23 at 10:25 +0100, Kevin Thorpe wrote:
[root@database samba]# smbpasswd kevin New SMB password: Retype new SMB password: Failed to find entry for user kevin. Failed to modify password entry for user kevin
Yet I can still connect to the shares as kevin..... strange
--- And replying to you again if the user "kevin" is a System User You will still be able to connect to the share.
john
On 23/06/2009 10:43, JohnS wrote:
On Tue, 2009-06-23 at 10:25 +0100, Kevin Thorpe wrote:
[root@database samba]# smbpasswd kevin New SMB password: Retype new SMB password: Failed to find entry for user kevin. Failed to modify password entry for user kevin
Yet I can still connect to the shares as kevin..... strange
And replying to you again if the user "kevin" is a System User You will still be able to connect to the share.
Oh. Does that mean that Samba looks in passdb.tdb first then falls back to passwd/shadow?
On Tue, 2009-06-23 at 10:48 +0100, Kevin Thorpe wrote:
On 23/06/2009 10:43, JohnS wrote:
On Tue, 2009-06-23 at 10:25 +0100, Kevin Thorpe wrote:
[root@database samba]# smbpasswd kevin New SMB password: Retype new SMB password: Failed to find entry for user kevin. Failed to modify password entry for user kevin
Yet I can still connect to the shares as kevin..... strange
And replying to you again if the user "kevin" is a System User You will still be able to connect to the share.
Oh. Does that mean that Samba looks in passdb.tdb first then falls back to passwd/shadow?
--- Ok, what I mean is when kevin is a system user. Then you do smbpasswd kevin and enter a password samba uses the .tdb database when security = user.
When security = AD samba checks the Active Directory LDAP Database first. This help on explaining it?
John
On Tue, 2009-06-23 at 11:25 +0200, Coert Waagmeester wrote:
On Tue, 2009-06-23 at 10:08 +0100, Kevin Thorpe wrote:
I've got a bit of a problem with Samba. I just can't work out how to change passwords or remove users. I've just got user security.. lines in smb.conf are:
security = user passdb backend = tdbsam
I've removed the user using pdbedit, I've removed the unix user, smbpasswd says the user doesn't exist yet I can still connect to the shares. I'm obviously just missing something here. Can anyone point me in the right direction?
check out smbpasswd
--- You mean "smbpasswd --help" and then that will get you rolling.
John