Interfacing to Samba

Posted: 05-01-2007, 08:23 AM
So I just upgraded to Vista from XP. Had a few issues with security,
couldn't open Control Panel or windows Explorer, was getting "Windows
Cannot Access the Specified Device, path. or file" etc.

That was until the Windows updates are installed.

Now, it's asking for authentication whenever I do anything.

I don't have a working domain server (I have Samba, but that doesn't
seem to be authenticating). I can't change the registry settings or use
secpol because I don't have an administrative account, despite, my
domain account blargle\sjdean supposedly being in the local
Administrators group of the PC. I can't install any programs, drivers or
make changes to the network, or even, hell, reset passwords...

Any thoughts?

Im desperate.

Cheers
Simon

Interfacing to Samba


Responses to "Interfacing to Samba"

Malke
Guest
Posts: n/a
 
Re: Interfacing to Samba
Posted: 05-01-2007, 12:50 PM
Simon Dean wrote:
> So I just upgraded to Vista from XP. Had a few issues with security,
> couldn't open Control Panel or windows Explorer, was getting "Windows
> Cannot Access the Specified Device, path. or file" etc.
>
> That was until the Windows updates are installed.
>
> Now, it's asking for authentication whenever I do anything.
>
> I don't have a working domain server (I have Samba, but that doesn't
> seem to be authenticating). I can't change the registry settings or use
> secpol because I don't have an administrative account, despite, my
> domain account blargle\sjdean supposedly being in the local
> Administrators group of the PC. I can't install any programs, drivers or
> make changes to the network, or even, hell, reset passwords...
Networking Vista with a *nix or OS X box:

From Michael Bishop (MS) - Basically, the issue with Samba and Vista is
that Vista no longer permits LM or NTLM authentication by default; only
NTLMv2. Samba versions 1.x and 2.x only support LM and NTLM, so there's
an issue there.

Mr. Bishop's recommended solution: upgrade to Samba 3.x and enable
NTLMv2 by adding "client ntlmv2 auth = yes" to your smb.conf file.
Because of another issues with previous versions, I strongly recommend
upgrading to 3.0.22 or later regardless of your choice for this
particular instance.

An alternate solution: change Vista's security settings to permit
lower-security authentications. (as below)

To enable Windows Vista to connect to Mac OS X or other *nix with
Windows File Sharing enabled, you will need to change the following
policy in Windows Vista:

Start>Run>secpol.msc [enter]

Click on "Local Policies" --> "Security Options"

Navigate to the policy "Network Security: LAN Manager authentication
level" and double-click it to get its Properties. By default Windows
Vista sets the policy to "NTVLM2 responses only". Use the drop-down
arrow to change this to "LM and NTLM use NTLMV2 session security if
negotiated".

In Vista Home Premium, you won't have this tool so per Steve Winograd, do:

1. Run the registry editor and open this key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa

1. If it doesn't already exist, create a DWORD value named
LmCompatibilityLevel

3. Set the value to 1

4. Reboot


Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User
Simon Dean
Guest
Posts: n/a
 
Re: Interfacing to Samba
Posted: 05-01-2007, 01:13 PM
Malke wrote:
> Simon Dean wrote:
>> So I just upgraded to Vista from XP. Had a few issues with
>> security, couldn't open Control Panel or windows Explorer, was
>> getting "Windows Cannot Access the Specified Device, path. or file"
>> etc.
>>
>> That was until the Windows updates are installed.
>>
>> Now, it's asking for authentication whenever I do anything.
>>
>> I don't have a working domain server (I have Samba, but that
>> doesn't seem to be authenticating). I can't change the registry
>> settings or use secpol because I don't have an administrative
>> account, despite, my domain account blargle\sjdean supposedly being
>> in the local Administrators group of the PC. I can't install any
>> programs, drivers or make changes to the network, or even, hell,
>> reset passwords...
>
Thanks for the reply... I'll try and work through this...
> Networking Vista with a *nix or OS X box:
>
> From Michael Bishop (MS) - Basically, the issue with Samba and Vista
> is that Vista no longer permits LM or NTLM authentication by default;
> only NTLMv2. Samba versions 1.x and 2.x only support LM and NTLM, so
> there's an issue there.
>
> Mr. Bishop's recommended solution: upgrade to Samba 3.x and enable
> NTLMv2 by adding "client ntlmv2 auth = yes" to your smb.conf file.
> Because of another issues with previous versions, I strongly
> recommend upgrading to 3.0.22 or later regardless of your choice for
> this particular instance.
I have upgraded to version 3.0.24 from 3.0.23. I have enabled ntlmv2,
without joy. I have tested this works from another Linux box and ntlmv2
authentication with success. However Vista -> Samba = no go.

> An alternate solution: change Vista's security settings to permit
> lower-security authentications. (as below)
>
> To enable Windows Vista to connect to Mac OS X or other *nix with
> Windows File Sharing enabled, you will need to change the following
> policy in Windows Vista:
>
> Start>Run>secpol.msc [enter]
That won't work for me. I need to enter the domain administrator's
password to get into secpol, which then, doesn't authenticate!

> In Vista Home Premium, you won't have this tool so per Steve
> Winograd, do:
>
> 1. Run the registry editor and open this key:
>
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa
>
> 1. If it doesn't already exist, create a DWORD value named
> LmCompatibilityLevel
>
> 3. Set the value to 1
>
> 4. Reboot
I have Business, but that key is there. However Windows tells me that it
cannot save the changes. So, that doesn't work either.

Guess I'll try and fall back to basics and reconfigure my Samba a line
at a time. However at this moment, I am completely puzzled.


Cya
Simon
Dyawlak
Guest
Posts: n/a
 
Re: Interfacing to Samba
Posted: 05-01-2007, 01:28 PM
havent you got a local admin account
"Simon Dean" <sjdean@simtext.plus.com> wrote in message
news:59osj5F2ko44kU1@mid.individual.net...
> Malke wrote:
>> Simon Dean wrote:
>>> So I just upgraded to Vista from XP. Had a few issues with
>>> security, couldn't open Control Panel or windows Explorer, was
>>> getting "Windows Cannot Access the Specified Device, path. or file"
>>> etc.
>>>
>>> That was until the Windows updates are installed.
>>>
>>> Now, it's asking for authentication whenever I do anything.
>>>
>>> I don't have a working domain server (I have Samba, but that
>>> doesn't seem to be authenticating). I can't change the registry
>>> settings or use secpol because I don't have an administrative
>>> account, despite, my domain account blargle\sjdean supposedly being
>>> in the local Administrators group of the PC. I can't install any
>>> programs, drivers or make changes to the network, or even, hell,
>>> reset passwords...
>>
>
> Thanks for the reply... I'll try and work through this...
>
>> Networking Vista with a *nix or OS X box:
>>
>> From Michael Bishop (MS) - Basically, the issue with Samba and Vista
>> is that Vista no longer permits LM or NTLM authentication by default;
>> only NTLMv2. Samba versions 1.x and 2.x only support LM and NTLM, so
>> there's an issue there.
>>
>> Mr. Bishop's recommended solution: upgrade to Samba 3.x and enable
>> NTLMv2 by adding "client ntlmv2 auth = yes" to your smb.conf file.
>> Because of another issues with previous versions, I strongly
>> recommend upgrading to 3.0.22 or later regardless of your choice for
>> this particular instance.
>
> I have upgraded to version 3.0.24 from 3.0.23. I have enabled ntlmv2,
> without joy. I have tested this works from another Linux box and ntlmv2
> authentication with success. However Vista -> Samba = no go.
>
>
>> An alternate solution: change Vista's security settings to permit
>> lower-security authentications. (as below)
>>
>> To enable Windows Vista to connect to Mac OS X or other *nix with Windows
>> File Sharing enabled, you will need to change the following policy in
>> Windows Vista:
>>
>> Start>Run>secpol.msc [enter]
>
> That won't work for me. I need to enter the domain administrator's
> password to get into secpol, which then, doesn't authenticate!
>
>
>> In Vista Home Premium, you won't have this tool so per Steve
>> Winograd, do:
>>
>> 1. Run the registry editor and open this key:
>>
>> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa
>>
>> 1. If it doesn't already exist, create a DWORD value named
>> LmCompatibilityLevel
>>
>> 3. Set the value to 1
>>
>> 4. Reboot
>
> I have Business, but that key is there. However Windows tells me that it
> cannot save the changes. So, that doesn't work either.
>
> Guess I'll try and fall back to basics and reconfigure my Samba a line at
> a time. However at this moment, I am completely puzzled.
>
>
> Cya
> Simon
Simon Dean
Guest
Posts: n/a
 
Re: Interfacing to Samba
Posted: 05-01-2007, 01:36 PM
Dyawlak wrote:
> havent you got a local admin account
I should do, but it doesn't like my password now. And there's no option
to create a password disk!

I have read about starting in Safe Mode because Vista disables your
local admin accounts? I'll give that a try...

Cya
Simon
Malke
Guest
Posts: n/a
 
Re: Interfacing to Samba
Posted: 05-01-2007, 02:15 PM
Simon Dean wrote:
> Dyawlak wrote:
>> havent you got a local admin account
>
> I should do, but it doesn't like my password now. And there's no option
> to create a password disk!
>
> I have read about starting in Safe Mode because Vista disables your
> local admin accounts? I'll give that a try...
>
> Cya
> Simon
Simon, having read your first thread and now this one, my guess (and of
course it's a guess since I can't see your computer!) is that the
upgrade did not go well. You shouldn't be having all those
authentication errors since you don't have a domain.

If I were you, I'd back up my data and do a clean install of Vista. Then
install drivers, programs (one at a time, testing after each and of
course having made sure they are Vista-compatible first), restore data
from backup. I know it's a lot of work, but my experience in cases like
yours is that it is the cleanest, most efficient solution.

You can do a "clean" install with an upgrade in an unofficial (but
effective) way:

1. Boot from the Windows Vista Upgrade DVD and start the setup program.
2. When prompted to enter your product key, DO NOT enter it. Click
"Next" and proceed with setup. This will install Windows Vista as a
30-day trial.
3. When prompted, select the edition of Vista which you have
purchased and continue with setup.
4. Once setup has been completed and you have been brought to the
desktop for the first time, run the install program from within Windows
Vista.
5. This time, type in your product key when prompted.
6. When asked whether to perform an Upgrade or Custom (advanced)
install, choose Custom (advanced) to perform a clean install of Vista.
Yes, this means that you will have to install Vista for a second time.
7. Once setup has completed for the second time, you should be able
to activate Windows Vista normally. You can also delete the Windows.old
directory which contains information from the first Vista install.


Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User
Simon Dean
Guest
Posts: n/a
 
Re: Interfacing to Samba
Posted: 05-02-2007, 08:25 AM
Avoided the dreaded re-install...

I managed to find a work around.

Reboot using the CD, Rescue and Recovery, do a system restore to remove
all Microsoft Updates which gave me back administrative rights to my
domain user.

This allowed me to go into User Accounts and set up an extra local admin
user, enable the original administrator, and change all passwords just
in case.

From here I then managed to re-join my domain and everythings working
now as it should.

I just need to copy one local profile to another since I thought it
would be a good time to change the domain name. I tried editing the
registry and the ProfileImagePath, but I keep getting logged off
everytime I try to log in. Looks like I'll just have to copy everything
by hand.

Cya
Simon
Malke
Guest
Posts: n/a
 
Re: Interfacing to Samba
Posted: 05-02-2007, 12:19 PM
Simon Dean wrote:
> Avoided the dreaded re-install...
>
> I managed to find a work around.
>
> Reboot using the CD, Rescue and Recovery, do a system restore to remove
> all Microsoft Updates which gave me back administrative rights to my
> domain user.
>
> This allowed me to go into User Accounts and set up an extra local admin
> user, enable the original administrator, and change all passwords just
> in case.
>
> From here I then managed to re-join my domain and everythings working
> now as it should.
>
> I just need to copy one local profile to another since I thought it
> would be a good time to change the domain name. I tried editing the
> registry and the ProfileImagePath, but I keep getting logged off
> everytime I try to log in. Looks like I'll just have to copy everything
> by hand.
I'm glad that worked for you. I did not realize that you did have a
domain since in the first post in this thread you said "I don't have a
working domain server". So I guess you *did* have a domain server.
Whatever, I'm glad you got things sorted.


Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User
Simon Dean
Guest
Posts: n/a
 
Re: Interfacing to Samba
Posted: 05-02-2007, 12:43 PM
Malke wrote:
> Simon Dean wrote:
>> Avoided the dreaded re-install...
>>
>> I managed to find a work around.
>>
>> Reboot using the CD, Rescue and Recovery, do a system restore to
>> remove all Microsoft Updates which gave me back administrative
>> rights to my domain user.
>>
>> This allowed me to go into User Accounts and set up an extra local
>> admin user, enable the original administrator, and change all
>> passwords just in case.
>>
>> From here I then managed to re-join my domain and everythings
>> working now as it should.
>>
>> I just need to copy one local profile to another since I thought it
>> would be a good time to change the domain name. I tried editing
>> the registry and the ProfileImagePath, but I keep getting logged
>> off everytime I try to log in. Looks like I'll just have to copy
>> everything by hand.
>
> I'm glad that worked for you. I did not realize that you did have a
> domain since in the first post in this thread you said "I don't have
> a working domain server". So I guess you *did* have a domain server.
> Whatever, I'm glad you got things sorted.
>
Sorry for the confusion. I mean, I don't have a Windows domain server, I
have Samba. But that's setup to be a domain server, but it's not
working. It should be, I can't authenticate to it. Still couldn't all
through that, though XP was fine, and somehow, I was able to see shares
on it, but I still couldn't authenticate to it despite setting up the
approrpiate ntlmv2.

Remove the Windows Updates, and hey presto!

There has to be something more to it than that.

CYa
Simon
Gerry Hickman
Guest
Posts: n/a
 
Re: Interfacing to Samba
Posted: 05-02-2007, 09:42 PM
Hi,

Bear in mind also that if the Vista box is not seen as being joined to a
domain, the local accounts (who are members of the Administrators group)
can no longer be used to Admin the box. This is a potential disaster
recovery disaster!

On win2k and XP, if the secure channel broke, you could still remotely
fix all the boxes by connecting as a local Administrator, on Vista (by
default) you can't. Domain Admins are the exception, but you need to be
on a domain, catch-22.

Simon Dean wrote:
> Malke wrote:
>> Simon Dean wrote:
>>> Avoided the dreaded re-install...
>>>
>>> I managed to find a work around.
>>>
>>> Reboot using the CD, Rescue and Recovery, do a system restore to
>>> remove all Microsoft Updates which gave me back administrative rights
>>> to my domain user.
>>>
>>> This allowed me to go into User Accounts and set up an extra local
>>> admin user, enable the original administrator, and change all
>>> passwords just in case.
>>>
>>> From here I then managed to re-join my domain and everythings working
>>> now as it should.
>>>
>>> I just need to copy one local profile to another since I thought it
>>> would be a good time to change the domain name. I tried editing the
>>> registry and the ProfileImagePath, but I keep getting logged off
>>> everytime I try to log in. Looks like I'll just have to copy
>>> everything by hand.
>>
>> I'm glad that worked for you. I did not realize that you did have a
>> domain since in the first post in this thread you said "I don't have a
>> working domain server". So I guess you *did* have a domain server.
>> Whatever, I'm glad you got things sorted.
>>
>
> Sorry for the confusion. I mean, I don't have a Windows domain server, I
> have Samba. But that's setup to be a domain server, but it's not
> working. It should be, I can't authenticate to it. Still couldn't all
> through that, though XP was fine, and somehow, I was able to see shares
> on it, but I still couldn't authenticate to it despite setting up the
> approrpiate ntlmv2.
>
> Remove the Windows Updates, and hey presto!
>
> There has to be something more to it than that.
>
> CYa
> Simon

--
Gerry Hickman (London UK)
 
LinkBack Thread Tools Display Modes
 


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Forum Jump


Similar Threads
Thread Thread Starter Forum Replies Last Post
Vista & Samba Lazius Windows Vista Networking & Sharing 3 02-23-2007 01:00 AM
Samba David Sherman Windows Vista Networking & Sharing 2 12-13-2006 05:28 AM
Third party Samba Mario Windows Vista 4 06-13-2006 02:40 AM
Outlook, Excel, and Word Interfacing. jlange@hrperspectives.com Windows XP Messenger 0 11-03-2003 03:27 PM