Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

10.4: Accessing older SMB servers Network
Tiger only hintI found this over in the Tiger discussion area at Apple's website, and thought I would share it. If you are having trouble mapping network mount points from a server using an older version of Samba (a.k.a. SMB or Windows sharing), here's a workaround...

Tiger now assumes that your SMB server accepts encrypted passwords. Older Windows NT and Unix/Linux servers running Samba (versions older that 3.0) are configured to accept plain text passwords. It is highly recommended that the severs be reconfigured to accept encrypted passwords. However, below is a fix to tell Tiger to send a plain text password for authentication. This assumes you have a working knowledge of the Unix command line:
  1. Open a Terminal session

  2. Type cd /etc

  3. Type sudo vi nsmb.conf -- do NOT edit the smb.conf file. You may not have this file, in which case the command will create it.

  4. Add these lines to the file:
    [default]
    minauth=none
    
  5. Save file (wq in vi) and quit the editor.
Be aware that with this change, Samba now sends plain text passwords, which can be easily captured (via tcpdump).

[robg adds: One of the things 10.4.1 addresses is Samba connectivity; I'm not sure if it's related to this password encryption issue or not.]
    •    
  • Currently 1.00 / 5
  • 1
  • 2
  • 3
  • 4
  • 5
  (3 votes cast)
 
[26,338 views]  

10.4: Accessing older SMB servers | 14 comments | Create New Account
Click here to return to the '10.4: Accessing older SMB servers' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.4: Accessing older SMB servers
Authored by: alternatekev on May 18, '05 11:54:28AM

I submitted this same hint, in almost exactly the same way, and our usernames are a little too close for comfort. :)



[ Reply to This | # ]
10.4: Accessing older SMB servers
Authored by: victory on May 18, '05 07:14:03PM
Like many others, I found that after my upgrade to 10.4, I could no longer open SMB connections to a Samba 2.2.x server on an FreeBSD box. As you stated, the reason is that the SMB client in Tiger now attempts to use encrypted passwords, while older versions of Samba aren't configured that way by default.

Since I administer the box in question (ok, so it's just a development server and I'm actually the only user :), it was easy enough to enable the Samba server to use encrypted passwords by uncommenting/adding:

encrypt passwords = yes

in smb.conf and restarting (or kill -HUP-ing smbd)

[ Reply to This | # ]

10.4: Accessing older SMB servers
Authored by: epicurean on May 27, '05 10:04:11AM

I followed the steps. But, how exactly to I save this entry in vi?

I should know better than to mess in things I'm not 100% familiar with. But I have this exact encrypted password issue and am on my own as far as resolving it.

It would be helpful if someone was willing to detail out the entire process. Including how to delete the nsmb.conf file if I happened to have screwed it up! (which i probably did).



[ Reply to This | # ]
10.4: Accessing older SMB servers
Authored by: attackwolf on May 27, '05 04:31:32PM
Ouch! Good point, the parent post probably should have used a different text editor.
Try using pico in stead of vi. Pico used to be installed with OS X and it shows you the basic commands right at the bottom of the screen. (control-o to save and control-x to quit)

But, as to your question about vi. Vi works in two modes, insert mode where anything you type appears on the screen and edit mode where everything you type is a command.

So, to quit vi after you've typed your stuff, press the escape key to switch to edit mode. (press the letter i to switch back to insert mode if you desire)

Once in edit mode, type :wq

Yes, that's right, you need the colon followed by the w to save followed by the q to quit.
OR
type ZZ

Yes, that's two capital Z's without any colons. That command saves and quits as well.

(One last note about :wq vs ZZ is that :wq will show up at the bottom of the screen because typing : enters a 'command line editing' mode while typing ZZ will just save and quit without showing you anything. )

But like I said, if pico is available use that. I used pico for several years with OS X and other unix/linux os's until I came to my current job where I was told I should learn vi, and it's a great program, but if you don't need a powerful text editor, stick with pico.

To delete the nsmb.conf file type

cd /etc
sudo rm nsmb.conf


Again, to anyone reading this, please note that pico is GOOD. And, nsmb.conf has the letter 'N' in front. (Not that I know what the nsmb.conf file is, but I do know that you wouldn't want to delete your smb.conf file when you meant your nsmb.conf file)

To anyone who wants to learn more about vi, the version installed on mac os x jaguar and newer is VIM. So go to www.vim.org and look around. vi is the old school program, while VIM is Vi IMproved, and improved it is, with lots of neat plugins and features.

[ Reply to This | # ]
10.4: Accessing older SMB servers
Authored by: epicurean on May 28, '05 05:04:42PM

Thanks attackwolf. You are right, pico - for the novice anyway - was much easier. Worked like a champ.

Turns out I must not have really been successful creating the nsmb.conf file with vi anyway. When I went to delete it as you describe, it indicated no file existed.

I'm thinking that because I didn't know what the heck I was doing (again, stupidly dangerous!) I just quit the terminal when I was in vi. Hopefully, that approach didn't leave any additional residue behind (like some tmp file or something).



[ Reply to This | # ]
10.4: Accessing older SMB servers
Authored by: triplef on May 29, '05 04:40:32PM
There's also technote available from Apple:
http://docs.info.apple.com/article.html?artnum=301580

[ Reply to This | # ]
10.4: Accessing older SMB servers
Authored by: b00le on Jun 28, '05 04:45:35AM

I'm still looking for a solution to my Tiger SMB problem. After upgrading (archive & install) I can connect to a shared volume on our Snap Server, but the volume appears empty and I can't even create a new folder, although Get Info says I have priveleges to read and write.

I've tried this hint. I've tried logging on using Cmd-K, using the terminal (smbclient doesn't work at all.) Console shows "mount_smbfs: spnego blob2principal error 1", whatever that means. Never had a problem under 10.3.

I'm the only mac in the company and I've never had to even speak to system adminsitrators about a problem before - this is really too much food for the Mac haters, always lying in wait...



[ Reply to This | # ]
10.4: Accessing older SMB servers
Authored by: greenrobotics on Jul 03, '05 06:22:21PM

Can you get the apple networking turned on in the Snap.
I had the same issue, tried the above hints above to no avail so I flipped on the Apple networking and I was functional.
I emptied the nsmb.conf because I did not know the delete command in the shell. For fun I tried to locate the file using Spotlight so I could delete it there but no results.
Regards,
Harry

---
Harry



[ Reply to This | # ]
10.4: Accessing older SMB servers
Authored by: b00le on Jul 05, '05 05:07:20AM

Yes - turned on Apple networking - no good. Not only that, I can't make a public folder available on the Mac to the rest of the network, so something is really broken here. So far I'm getting by with sneakernet and a flash drive, or ftp - which does work. Hoping not to have to reinstall...



[ Reply to This | # ]
10.4: Accessing older SMB servers
Authored by: b00le on Jul 13, '05 09:29:33AM

10.4.2 fixed it...



[ Reply to This | # ]
10.4: Accessing older SMB servers
Authored by: JWells on Aug 01, '05 04:44:51PM
Okay, so here's the question that I can't seem to get answered:

If I set minauth=none does that mean that I will always send in cleartext, or only when encrypted passwords are not supported?

In 10.3 I seem to remember a warning in the authentication dialog. Something to the effect of, "WARNING: Your password will be sent to this server as plain text which may be viewable by others on your network." Am I still going to get this, or is it just always going to be sent in cleartext?

[ Reply to This | # ]

10.4: Accessing older SMB servers
Authored by: shiro on Aug 30, '05 05:18:35PM

I feel obligated to reply after all the times MacOSX hints has helped me out. I've been fiddling with the problem of can't mount SMB shares for some time and found the following on apple's message boards. This will only help people who can admin their own SMB server, but hopefully that's most.

If your SMB server has security=share, try changing it to security=user.

Apparently, Applie is tracking a bug in which the Tiger client tries to encode passwords using UTF-16 for share, but not for user authentication. You SMB server can't deal with this so shares fail. It is not patched as of 10.4.2, but this work around might help in the mean time. See the following URL for follow up:

http://discussions.info.apple.com/webx?13@691.wq1ZaGJj9BG.3@.68b47911/22



[ Reply to This | # ]
10.4: Accessing older SMB servers
Authored by: rany on Oct 23, '05 12:07:23AM

Would anyone know how to reverse this change to the SMB settings on the Mac ??

-rany



[ Reply to This | # ]
10.4: Accessing older SMB servers
Authored by: Mars_Artis on Nov 06, '05 09:00:20AM

Hi mates.
Just a "silly" question.
Do we have to assume Windows XP is using plain or encrypted passwords? I was unable to find a clear question to this Q over Google.



[ Reply to This | # ]