[Wylug-help] Problem came when I tried to use Samba

[Jason Lander]

Richard,

> Although I can see the Linux workgroup (default as Mygroup) on the Windows 
> network it gives me an access denied message, even if I logon as an account 
> called "root" on Windows (password set to the same as the root account on 
> Linux.)

Check the log files for error messages.

You may need to set the samba debug level up to 3, 5, 10 or 100. Each of 
these gives more detailed error reports.

It is useful to know that Samba and Windows authentication have changed 
many times over the years and Windows and Samba are not always in step.

Samba supports at least 4 different mechanisms for passing credentials in 
Windows and offers assorted ways of checking them.

Passwords can be sent as...

   plain-text
   LANMAN   aka NTLM
   NT4      aka NTLM2
   Kerberos

Plain text and LANMAN are depreciated. No modern version of Windows will 
send passwords in plain text. Kerberos is only really used when you are 
refering Samba passwords back to a real Active Directory.

As for checking the validity of a user:

* Plain text passwords can be compared with the Unix passwd file - though
   this is seldom done

* Most authentications can be referred up to a windows Domain controller.
   This requires that one of

     security = server
     security = domain

   is set and a password server is defined

* LANMAN and NT4 passwords can be checked against a separate password
   backend database.

   Backends include the smbpasswd file; an LDAP server; NIS+ or SQL

   This requires

     security = user

   and a suitable value for

     passdb backend

You might also check for messages about

   server signing

Windows can get very paranoid about who it is talking to...


- Jason