I hope somebody can help me with this. I posed this question a week ago and got several well-meaning answers that were not very helpful. I have 10 Windows XP workstations and 100 users. Each of the 100 users has an account on my Samba server (running Samba 3.03 on Mandrake Linux 10). Each user has several shares on the Samba server which are unique to that user. In other words, only THAT user can access his/her shares, and THAT user has read/write priviledges for those shares. BTW, I define each user's shares by listings in "smb.username.conf" files and the "include=smb.%U.conf" option (I may have that backwards it may be "username.smb.conf" and "include=%U.smb.conf", I have it right on my server.) The problem is, I need each of my 100 users to be able to logon to the Samba server (with READ/WRITE access to their own shares) from any of the 10 Windows XP workstations. It's not a problem if the user has an account on the XP machine that matches the username and password on the Linux Samba server. But users don't have their own machines and it's impractical to create 100 user accounts on EACH Windows XP workstation. Especially when the list of users changes every few months. So my question is, how can those 100 users logon to the Samba server from ANY workstation without having an account on the Windows XP workstation that matches their username/password on the Samba server? I have a clumsy workaround right now, but I need something better. This is what I can do now: -- I have a Samba share that is accessible to everyone. -- In Windows XP, if I "map network drive" on that share and select "connect using different username", I get an opportunity to enter the username and password for the specific user. -- Once the Windows XP machine connects to the Samba server, the Samba server "knows" who the user is and displays a list of the user's own unique shares -- which can then be mapped as well. The thing that's awkward about this technique, however, is that I'm having to map a public share JUST to communicate to the Samba server the username and password. Isn't there a way to get the Samba server to ask for a username and password when the user clicks on the name of the Samba server in Explorer? That's what happens when I click on the name of a Windows XP machine (XP Machine 1) from another Windows XP machine (XP Machine 2) when I'm logged on to Machine 2 with a username and password that does not match an account on XP Machine 1. I get a dialog box asking for a username and password. If I enter a username that has an account on the first machine -- and the matching password -- I connect and get read/write access to all shared drives and folders. I want to get the same dialog box when I click on the Linux Samba server. But how? Thanks in advance for the help. Regards, Andy Liebman
> So my question is, how can those 100 users logon to the Samba server from ANY > workstation without having an account on the Windows XP workstation that > matches their username/password on the Samba server?Why don't you want to creat a domain?> Isn't there a way to get the Samba server to ask for a username and password > when the user clicks on the name of the Samba server in Explorer?The server can't ask the user for another username/password. It is a clients decision to ask the user for additional credentials. Unless you find out what specific setting triggers explorer to ask (null session, guest account settings or something, try ethereal) you are out of luck. Maybe you write a script that mounts the shares with net use and give the samba username with /user:name * to ask for the password.
> In a message dated 9/29/2004 6:20:07 AM Eastern Daylight Time,holger.krull@gmx.de> writes:Thanks for the reply>> So my question is, how can those 100 users logon to the Samba server fromANY>> workstation without having an account on the Windows XP workstation that >> matches their username/password on the Samba server? > > Why don't you want to creat a domain?How do you define and create a domain? And is it difficult to maintain a domain as the users change? And what if the Samba server is just one of many servers on a network that might have other domains and domain servers? And what if the workstations have to access other domains? This is the sort of environment where my system has to work.> >> Isn't there a way to get the Samba server to ask for a username andpassword>> when the user clicks on the name of the Samba server in Explorer? > > The server can't ask the user for another username/password. It is a > clients decision to ask the user for additional credentials. Unless you > find out what specific setting triggers explorer to ask (null session, > guest account settings or something, try ethereal) you are out of luck. > > Maybe you write a script that mounts the shares with net use and give > the samba username with /user:name * to ask for the password.Any clues about how to write that script. I'm not a samba expert.
Top post oh well... Make Samba a PDC join the XP workstations and use roaming profiles. AndyLiebman@aol.com wrote:>I hope somebody can help me with this. I posed this question a week ago and >got several well-meaning answers that were not very helpful. > >I have 10 Windows XP workstations and 100 users. Each of the 100 users has an >account on my Samba server (running Samba 3.03 on Mandrake Linux 10). > >Each user has several shares on the Samba server which are unique to that >user. In other words, only THAT user can access his/her shares, and THAT user has >read/write priviledges for those shares. > >BTW, I define each user's shares by listings in "smb.username.conf" files >and the "include=smb.%U.conf" option (I may have that backwards it may be >"username.smb.conf" and "include=%U.smb.conf", I have it right on my server.) > >The problem is, I need each of my 100 users to be able to logon to the Samba >server (with READ/WRITE access to their own shares) from any of the 10 Windows >XP workstations. It's not a problem if the user has an account on the XP >machine that matches the username and password on the Linux Samba server. > >But users don't have their own machines and it's impractical to create 100 >user accounts on EACH Windows XP workstation. Especially when the list of users >changes every few months. > >So my question is, how can those 100 users logon to the Samba server from ANY >workstation without having an account on the Windows XP workstation that >matches their username/password on the Samba server? > >I have a clumsy workaround right now, but I need something better. This is >what I can do now: > >-- I have a Samba share that is accessible to everyone. >-- In Windows XP, if I "map network drive" on that share and select "connect >using different username", I get an opportunity to enter the username and >password for the specific user. >-- Once the Windows XP machine connects to the Samba server, the Samba server >"knows" who the user is and displays a list of the user's own unique shares >-- which can then be mapped as well. > >The thing that's awkward about this technique, however, is that I'm having to >map a public share JUST to communicate to the Samba server the username and >password. > >Isn't there a way to get the Samba server to ask for a username and password >when the user clicks on the name of the Samba server in Explorer? > >That's what happens when I click on the name of a Windows XP machine (XP >Machine 1) from another Windows XP machine (XP Machine 2) when I'm logged on to >Machine 2 with a username and password that does not match an account on XP >Machine 1. I get a dialog box asking for a username and password. If I enter a >username that has an account on the first machine -- and the matching password >-- I connect and get read/write access to all shared drives and folders. > >I want to get the same dialog box when I click on the Linux Samba server. But >how? > >Thanks in advance for the help. > >Regards, >Andy Liebman > >
AndyLiebman@aol.com wrote:>So my question is, how can those 100 users logon to the Samba server from ANY >workstation without having an account on the Windows XP workstation that >matches their username/password on the Samba server? > >Either set up the Samba server as a domain controller and join the workstations to that domain, or if the workstations are part of another domain, join the Samba server to that domain and use winbind for authentication. This is explained in detail in the documentation.>Isn't there a way to get the Samba server to ask for a username and password >when the user clicks on the name of the Samba server in Explorer? > >Short answer: if the workstation already has a connection (mapped drive, cached connection, RPC connection, etc.) to this server, then no. Long answer: a limitation of Windows is that when you connect via SMB to a remote server, all connections to that server must use the same credentials. If you are connected to \\sambaserver\datafiles as the user *nigel* and wish to connect to \\sambaserver\frederick (which is accessible only to the user *frederick*), the Windows workstation attempts to connect as *nigel*. In order to connect as *frederick* you must break all connections to that server. Simply put, you cannot make two connections to a server from one workstation with two different sets of credentials. I haven't investigated the interaction between Windows workstation and Windows server versus between Windows workstation and Samba server, in terms of *when* you are asked for a password. When you click on the server name in Network Neighborhood / My Network Places, when are you presented with the login prompt? When you click on the server name? Or when you click on the share name under that server? Your Samba server may be presenting you with the share names, if you've configured it to map unknown users to a particular user or guest. This may be confusing your workstation into thinking that it's already authenticated to the Samba server, so you don't get the login prompt. Point of clarification: when I say "workstation" I mean the one you are at, attempting to connect remotely to the "server." The "server" CAN be another Windows XP workstation with shared files. The "workstation" is the client, the "server" is the host that's sharing the files. Don't confuse the terminology with proprietary branding and product naming. --Jon
>In a message dated 9/30/2004 1:55:16 AM Eastern Daylight Time,jon@sutinen.com> writes: > Long answer: a limitation of Windows is that when you connect via SMB to > > a remote server, all connections to that server must use the same > credentials. If you are connected to \\sambaserver\datafiles as the user > *nigel* and wish to connect to \\sambaserver\frederick (which is > accessible only to the user *frederick*), the Windows workstation > attempts to connect as *nigel*. In order to connect as *frederick* you > must break all connections to that server. Simply put, you cannot make > two connections to a server from one workstation with two different sets > of credentials.Thanks Jon, To further clarify the situation, User 2 will only want to connect to "User 2-specific shares" after User 1 logs off the Windows workstation. So, in theory, logging off should close all network connections. After User 1 logs off, User 2 goes to "Microsoft Windows Network" in Explorer and sees the following: - Workgroup_Name + Samba Server + Workstation 1 + Workstation 2 + Etc... If User 2 clicks on "Samba Server" he sees: - Workgroup_Name - Samba Server [ ] Public Share [ ] Printers and Faxes + Workstation 1 + Workstation 2 + Etc... What user 2 doesn't see is his own private shares. If he clicks on "Public Share", then when a few moments later he'll see this in Explorer: - Workgroup_Name - Samba Server [ ] Public Share available to Members of the Workgroup Only [ ] User 2 Private Share A [ ] User 2 Private Share B [ ] Printers and Faxes + Workstation 1 + Workstation 2 + Etc... I can create a similar effect if I am NOT logged on to the Windows workstation as a recognized Samba user by doing the following: So now, User 2 is logged on as "Non Samba User" and can see the following. - Workgroup_Name - Samba Server [ ] Public Share [ ] Printers and Faxes + Workstation 1 + Workstation 2 + Etc... If he clicks on "Public Share," he gets an error message that the share is not accessible "You might not havepermission to use this network resource. Contact the administrator... " However, if he maps the "Public Share" as a network drive, and selects "Connect using a different username" and inputs his own username and password, when he comes back to Explorer he sees this: - Workgroup_Name - Samba Server [ ] Public Share available to Members of the Workgroup Only [ ] User 2 Private Share A [ ] User 2 Private Share B [ ] Printers and Faxes + Workstation 1 + Workstation 2 + Etc... Same as above, when User 2 logged on to the Windows machine as himself. So, the question is, why isn't Windows asking for a username and password when User 2 clicks on Public Share, and instead giving an error message. And why isn't Windows asking for a username and password when User 2 clicks on "Samba Server". Why is it showing User 2 the "Public Share available to Members of the Workgroup Only" when it's not clear yet that User 2 is even a member of the workgroup? When I try to connect from one Windows workstation (# 2) to another (#1) , unless I'm logged on to workstation 2 as a user who has an account on workstation 1, I get a dialog box asking me for a username and password BEFORE I can see any shares on workstation 1. Do you think that with my Samba Server the fact that I'm SEEING that "Public Share available only to members of the workgroup" even though I can't access it is somehow related to why I'm not getting the username and password prompt? I really don't want to go down the Domain route. The servers I'm building need to be accessed by a large number of ever changing workstations ( including laptops that will come and go) and I don't want to create a nightmare for the person who has to administer the systems. If they have to constantly add computers to the domain, that will be a problem.
>In a message dated 9/30/2004 1:55:16 AM Eastern Daylight Time,jon@sutinen.com> writes: > Long answer: a limitation of Windows is that when you connect via SMB to > > a remote server, all connections to that server must use the same > credentials. If you are connected to \\sambaserver\datafiles as the user > *nigel* and wish to connect to \\sambaserver\frederick (which is > accessible only to the user *frederick*), the Windows workstation > attempts to connect as *nigel*. In order to connect as *frederick* you > must break all connections to that server. Simply put, you cannot make > two connections to a server from one workstation with two different sets > of credentials.I think I solved the problem. By setting the "Public Share only available to members of the Workgroup" as "not readable by guests," Windows will now prompt me for a username and password when I click on the share. The curious thing is, Windows still doesn't ask me for a username and password when I click on the "Samba Server". It shows me the "Public Share" and I have to click on that to get the prompt. That's different behavior than when I click on another Windows XP workstation. I don't see any shares until I'm authenticated. The other curious thing is, before I made the share "not readable by guests", I wasn't prompted for the password, but as a guest I couldn't open the folder anyway. I would get the "Not authorized to access this resource" message. Is there a problem with "map to guest = bad user" in global settings? BTW, I'm using Samba 3.0.2a, I believe. Came with Mandrake 10 Official. Andy Liebman