Hi, I have the following problem with samba: The set up: Redhat 9.0 system, with two NIC's (eth1/2) for two networks. Shares available: <eth1># smbclient -L \\\\TEST28 -U% <eth2># smbclient -L \\\\TEST25 -U% Both give - added interface ip=192.21.28.10 bcast=192.21.28.255 nmask=255.255.255.0 added interface ip=129.21.25.3 bcast=192.21.25.255 nmask=255.255.255.0 Domain=[WINS-BU] OS=[Unix] Server=[Samba 2.2.7-security-rollup-fix] Sharename Type Comment --------- ---- ------- data1 Disk Data Share IPC$ IPC IPC Service (Windows servers bachup shares) ADMIN$ Disk IPC Service (Windows servers bachup shares) Server Comment --------- ------- TEST smb.conf: [global] <snip> encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd guest account = nobody allow hosts = x y z etc <snip> [Data] comment = Test Group Share path = /data browseable = yes writable = yes guest ok = yes Cleints connecting to smb server: All W2K server or W2K professional on both networks. The problem: Share /data1 can be seen and accessed using the guest account, by all system on interface eth1, but - Share /data1 can *not* be accessed using the guest account, by any system, on interface eth2. I get the classic error message "The account is not authorized to log in from this station" The only difference between the networks is that eth1 tends to have stand alone systems, whilst the systems on eth2 belong to a domain. This is driving me nuts! Any help would be much appreciated. Cheers,
Your problem is not samba but domain controller on eth2 subnet. W2k users on this net is joined to domain and samba not. Try create acount for samba on machine control panel W2k PDC as standalone NT server. Or simply join samba to domain from samba by smbpasswd -j ... Bye. ----- Original Message ----- From: "Richard Booth" <r.booth@ulcc.ac.uk> To: <samba@lists.samba.org> Sent: Tuesday, July 29, 2003 4:28 PM Subject: [Samba] Access to shares via two NIC> Hi, > > I have the following problem with samba: > > The set up: > Redhat 9.0 system, with two NIC's (eth1/2) for two networks. > > Shares available: > <eth1># smbclient -L \\\\TEST28 -U% > <eth2># smbclient -L \\\\TEST25 -U% > Both give - > added interface ip=192.21.28.10 bcast=192.21.28.255 nmask=255.255.255.0 > added interface ip=129.21.25.3 bcast=192.21.25.255 nmask=255.255.255.0 > Domain=[WINS-BU] OS=[Unix] Server=[Samba 2.2.7-security-rollup-fix] > Sharename Type Comment > --------- ---- ------- > data1 Disk Data Share > IPC$ IPC IPC Service (Windows servers bachup shares) > ADMIN$ Disk IPC Service (Windows servers bachup shares) > > Server Comment > --------- ------- > TEST > > smb.conf: > [global] > <snip> > encrypt passwords = yes > smb passwd file = /etc/samba/smbpasswd > guest account = nobody > allow hosts = x y z etc > <snip> > [Data] > comment = Test Group Share > path = /data > browseable = yes > writable = yes > guest ok = yes > > Cleints connecting to smb server: > All W2K server or W2K professional on both networks. > > The problem: > Share /data1 can be seen and accessed using the guest account, by all > system on interface eth1, but - > > Share /data1 can *not* be accessed using the guest account, by any > system, on interface eth2. > I get the classic error message "The account is not authorized to log in > from this station" > > The only difference between the networks is that eth1 tends to have > stand alone systems, whilst the > systems on eth2 belong to a domain. > > This is driving me nuts! Any help would be much appreciated. > > Cheers, > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba
Marian Mlcoch, Ing
2003-Aug-01 12:32 UTC
[Samba] Access to shares from within and outside of a Domain
I dont understand why two configs send when you need one... but ok First create one config for all machine What you use username map ? In smbpasswd not need nobody user remove it!> [global] > workgroup = TEST > username map = /etc/samab/users.map > security = user > smb passwd file = /etc/samba/smbpasswd > name resolve order = host > allow hosts = 192.21.28.0/255.255.255.0 192.21.25.0/255.255.255.0127.0.0.0/255.0.0.0> deadtime = 30 > debug level =3 > encrypt passwords = yes > log file = /var/log/samba/log.%U > guest account = nobody > map to guest = bad user > passwd program = /usr/bin/passwd %u > unix password sync = yes > passwd chat = New*Password* %n\n \ > \nRe-enter*new*Password* %n\n \ > *successfully*changed*\n > [data] > comment = Test share > path = /data > guest ok = yes > browseable = no > writable = yes > create mask = 0760 > directory mask = 0770Samba allways need authentication ! But if user (test) logged to domain exist on samba and have identic password then windows login automatic and you not asked. Identic user of standalone server can be connect without auth only if username and pass is on samba. If not then is asked and mapped to user guest if username and password miss. Then connect is possibly. If you need automatic backup script then try enter password in script be net command parameter net use x: \\sss\sss anypass this command will be automatic map you as guest. Bye. ----- Original Message ----- From: "Richard Booth" <r.booth@ulcc.ac.uk> To: "Marian Mlcoch, Ing" <mm@tsmp.sk> Cc: <samba@lists.samba.org> Sent: Friday, August 01, 2003 1:58 PM Subject: Re: [Samba] Access to shares from within and outside of a Domain> Hi Marian, > > In summary, I want to be able to access the "Data" share without > authenticating > from both the W2K Domain and Standalone servers networks. The Data share > is purely to store backup data and has been secured using ipchains, etc. > What I need is a smb.conf file that lets me do this. Current set up below. > > Thanks - Richard. > >**************************************************************************** ******> > The samba system is set up as follows: > <eth1>-192.21.28.10 - W2K Domain server network > Samba sys(Data share)-| > <eth2>-129.21.25.3 - Standalone servers network > > If I use "security = users" I get to the shares from the w2K domain, > with a valid account, but get asked to authenticate from the > stand alone machines. smb.conf for this set up below: > > [global] > workgroup = TEST > username map = /etc/samab/users.map > security = user > smb passwd file = /etc/samba/smbpasswd > name resolve order = host > allow hosts = 192.21.28.0/255.255.255.0 127.0.0.0/255.0.0.0 > deadtime = 30 > debug level =3 > encrypt passwords = yes > log file = /var/log/samba/log.%U > guest account = nobody > map to guest = bad user > passwd program = /usr/bin/passwd %u > unix password sync = yes > passwd chat = New*Password* %n\n \ > \nRe-enter*new*Password* %n\n \ > *successfully*changed*\n > [data] > comment = Test share > path = /data > guest ok = yes > browseable = no > writable = yes > create mask = 0760 > directory mask = 0770 > > smbpasswd file: > test:280:512A282D2562C7BEAAD.......:[UX ]:LCT-3F27EAF8: > nobody:99:AAD3B435B51404EEAA.......:[UX ]:LCT-3F28CAC7: > > If I use "security = share" I get to the share from the workstations, > without authenticating, but cannot map the share from the W2K domain. > smb.conf for this set up below: > [global] > workgroup = TEST > allow hosts = 192.21.25.0/255.255.255.0 127.0.0.0/255.0.0.0 > name resolve order = host > guest account = nobody > username map = /etc/samab/users.map > log file = /var/log/samba/log.%U > security = share > encrypt passwords = yes > deadtime = 30 > browseable = no > debug level = 3 > disable spoolss = yes > [data] > comment = Test share > path = /data1 > browseable = no > writable = yes > guest ok = yes > create mask = 0760 > directory mask = 0770 > > >send not snipped all smb.conf and schematic router net conf of yourservers> >and clients that one work and one not. > >Domain not domain is not exact diferent ... for standalone servers. > >You must have any missed config. > >Send list of users from smbpasswd. > > > >Bye. > > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba