Networking with Windows7

Hi

I have a Win7 Ultimate x64 and Suse 11.2 x64 system.
I’m trying to connect to linux shares from windows, but the credentials are not accepted. I notice in the login window it says
Access Denied before I even enter a username.

All the samba shares are enabled and visible from windows.
In win7 I set send unencrypted psswd to 3rd party smb servers and send LM NTLM and use NTLMv2 if negotiated.

No problem accessing win7 from suse

Here is my smb.conf if it helps…

dhcp.conf:# This file is created by /etc/sysconfig/network/scripts/dhcpcd-hook-samba.
dhcp.conf:# It’s possible to disable dynamic changes by setting DHCLIENT_MODIFY_SMB_CONF
dhcp.conf:# of /etc/sysconfig/network/dhcp to ‘no’.
Binary file passdb.tdb matches
Binary file secrets.tdb matches
smb.conf:# smb.conf is the main Samba configuration file. You find a full commented
smb.conf:# version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the
smb.conf:# samba-doc package is installed.
smb.conf:# Date: 2009-10-27
smb.conf:[global]
smb.conf: workgroup = NEBULA
smb.conf: passdb backend = tdbsam
smb.conf: printing = cups
smb.conf: printcap name = cups
smb.conf: printcap cache time = 750
smb.conf: cups options = raw
smb.conf: map to guest = Bad User
smb.conf: logon path = \%L\profiles.msprofile
smb.conf: logon home = \%L%U.9xprofile
smb.conf: logon drive = P:
smb.conf: usershare allow guests = Yes
smb.conf: add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$
smb.conf: domain logons = No
smb.conf: domain master = No
smb.conf: security = user
smb.conf: wins support = No
smb.conf: idmap gid = 10000-20000
smb.conf: idmap uid = 10000-20000
smb.conf: ldap suffix =
smb.conf: wins server =
smb.conf:[homes]
smb.conf: comment = Home Directories
smb.conf: valid users = %S, %D%w%S
smb.conf: browseable = No
smb.conf: read only = No
smb.conf: inherit acls = Yes
smb.conf:[profiles]
smb.conf: comment = Network Profiles Service
smb.conf: path = %H
smb.conf: read only = No
smb.conf: store dos attributes = Yes
smb.conf: create mask = 0600
smb.conf: directory mask = 0700
smb.conf:
smb.conf:[users]
smb.conf: comment = All users
smb.conf: path = /home
smb.conf: read only = No
smb.conf: inherit acls = Yes
smb.conf: veto files = /aquota.user/groups/shares/
smb.conf:[groups]
smb.conf: comment = All groups
smb.conf: path = /home/groups
smb.conf: read only = No
smb.conf: inherit acls = Yes
smb.conf:[printers]
smb.conf: comment = All Printers
smb.conf: path = /var/tmp
smb.conf: printable = Yes
smb.conf: create mask = 0600
smb.conf: browseable = No
smb.conf:[print$]
smb.conf: comment = Printer Drivers
smb.conf: path = /var/lib/samba/drivers
smb.conf: write list = @ntadmin root
smb.conf: force group = ntadmin
smb.conf: create mask = 0664
smb.conf: directory mask = 0775
smb.conf:
smb.conf:[netlogon]

Can you access the shares from other Windows versions?

Did you use smbpasswd on the linux box to store the user’s passwords

this is my first time configuring samba.
i trying a login from an xp x64 pc, but no luck
i have not used smbpasswd… reading up on it now

if i understand this correctly, i need to create a new user and then use smbpasswd to create a password? i thought i could just use existing linux user accounts?

When you create a user in Linux, most info is stored in /etc/passwd, except the passwords which are stored in /etc/shadow

Samba uses these users but cannot use these passwords, so you have to create them separately using smbpasswd.

If your users only have to use the server as a samba user, there is no need to have 2 seperate password backends, in that case you only create the passwords using smbpasswd.

If both are needed you are (if you have more than a handfull of users) better of storing user and password info in ldap. This is where SUSE shines IMHO because YaST has some pretty need tooling to make this happen.

On Mon February 8 2010 03:26 pm, klandafu wrote:

>
> if i understand this correctly, i need to create a new user and then use
> smbpasswd to create a password? i thought i could just use existing
> linux user accounts?
>
>
klandafu;

You do not need to create any special users. All valid Linux users can be
Samba Users. However, as joostvanrooij as noted, you need to create a Samba
password. In a terminal window enter:


su
smbpasswd -a <username>

In the above <username> must be a valid Linux user, the password you assign
with smbpasswd need not be the same as their login password ( but can be if
you want).

By default Windows will pass the username/password of the Windows user to the
server first. These means that it’s a bit easier if the Windows
username/password pair matches the Samba username/password pair.

P. V.
“We’re all in this together, I’m pulling for you.” Red Green

smbpasswd works fine, and I can login as expected.
However, I cannot get ldap to work.

I’ve tried with and without tls.
The gui seems straight forward, so I’m at a loss.

On Sat February 13 2010 05:26 pm, klandafu wrote:

>
> smbpasswd works fine, and I can login as expected.
> However, I cannot get ldap to work.
>
> I’ve tried with and without tls.
> The gui seems straight forward, so I’m at a loss.
>
>
klandafu;

From your earlier posts I missed the fact you were trying to use ldap. You
might find chapter 5 of “Samba3 by Example” helpful:
http://www.samba.org/samba/docs/man/Samba-Guide/happy.html

Linux and Windows use different encryption for their passwords and your ldap
needs to contain both a linux password and a windows password. They can be
the same but they are saved separately with different encryption.

Note: The link to Idealx_tools in the above guide is obsolete, the tools are
available here:
http://sourceforge.net/projects/smbldap-tools/

If you are trying to add a Windows7 machine to the domain see:
http://wiki.samba.org/index.php/Windows7

P. V.
“We’re all in this together, I’m pulling for you.” Red Green

Try this one in your windows 7

  1. Open the Administrative Tools in the Control Panel
  2. Open the Local Security Policy
  3. Select the Security Option under Local Policies
  4. Choose Send LM & NTLM responses in Network security: LAN
    manager authentication level