Hello, we have problem with user authentication when accessing shared folders at standalone Samba server (security=share) from Windows XP. There is no problem accessing public folders ("guest ok=yes" and "guest only=yes"). But when trying to access non-public folders ("guest ok=no" with valid users definition), username / password dialog appears, but username is always "servername/Guest" and is greyed out, so it can not be changed. Windows 2000 client is OK - user can enter whatever username in username field. I know the difference between "share" and "user" security modes, which might cause the unchangeable username. But it works in Win2000 ... and based on their specs none of them suits IMHO our objective: - to have public folders and folders with limited access on one server - don't annoy users with authentication when they want to access public folders at all. (username/password authentication should proceed only when clicking on non-public folder). Is this possible ? Like allow clients to send username in share mode or don't require login to server in user mode first ? Or any other way ? Thanks. Charon Just in case ... Samba version 3.0.20 and smb.conf: ------------------------------------------ [global] server string = XXXXXX netbios name = XXXXX workgroup = XXXXXX domain master = yes local master = yes preferred master = yes os level = 127 wins support = yes interfaces = eth0 lo bind interfaces only = yes hosts allow = 192.168.1. 127. security = share encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd guest account = share load printers = yes printing = lprng printcap name = /etc/printcap max print jobs = 200 lpq cache time = 20 printer admin = user syslog only = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = no kernel oplocks = no [printers] comment = All printers path = /var/spool/print/samba guest ok = yes writeable = no browsable = no printable = yes print command = /usr/bin/lpr -U%U@%M -r -P%p %s lpq command = /usr/bin/lpq -U%U@%M -P%p lprm command = /usr/bin/lprm -U%U@%M -P%p %j lppause command = /usr/bin/lpc -U%U@%M hold %p %j lpresume command = /usr/bin/lpc -U%U@%M release %p %j queuepause command = /usr/bin/lpc -U%U@%M stop %p queueresume command = /usr/bin/lpc -U%U@%M start %p # # Default folders # # internet presentation [Internet] path = /var/share/internet guest ok = no writable = yes printable = no valid users = +admins create mode = 0664 directory mode = 0775 vfs objects = netatalk # intranet presentation [Intranet] path = /var/share/intranet guest ok = no writable = yes printable = no valid users = +share create mode = 0664 directory mode = 0775 vfs objects = netatalk # users shared data [Z] path = /var/share/public guest ok = yes guest only = yes writable = yes printable = no vfs objects = netatalk --------------------------------------------------
Hi Are you using your server as part of a domain if so I think that domain master should be set to no -----Original Message----- From: Jouda Hrouda [mailto:mlszs@seznam.cz] Sent: 06 October 2005 15:01 To: samba@lists.samba.org Subject: [Samba] authentication problem with WinXP clients Hello, we have problem with user authentication when accessing shared folders at standalone Samba server (security=share) from Windows XP. There is no problem accessing public folders ("guest ok=yes" and "guest only=yes"). But when trying to access non-public folders ("guest ok=no" with valid users definition), username / password dialog appears, but username is always "servername/Guest" and is greyed out, so it can not be changed. Windows 2000 client is OK - user can enter whatever username in username field. I know the difference between "share" and "user" security modes, which might cause the unchangeable username. But it works in Win2000 ... and based on their specs none of them suits IMHO our objective: - to have public folders and folders with limited access on one server - don't annoy users with authentication when they want to access public folders at all. (username/password authentication should proceed only when clicking on non-public folder). Is this possible ? Like allow clients to send username in share mode or don't require login to server in user mode first ? Or any other way ? Thanks. Charon Just in case ... Samba version 3.0.20 and smb.conf: ------------------------------------------ [global] server string = XXXXXX netbios name = XXXXX workgroup = XXXXXX domain master = yes local master = yes preferred master = yes os level = 127 wins support = yes interfaces = eth0 lo bind interfaces only = yes hosts allow = 192.168.1. 127. security = share encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd guest account = share load printers = yes printing = lprng printcap name = /etc/printcap max print jobs = 200 lpq cache time = 20 printer admin = user syslog only = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = no kernel oplocks = no [printers] comment = All printers path = /var/spool/print/samba guest ok = yes writeable = no browsable = no printable = yes print command = /usr/bin/lpr -U%U@%M -r -P%p %s lpq command = /usr/bin/lpq -U%U@%M -P%p lprm command = /usr/bin/lprm -U%U@%M -P%p %j lppause command = /usr/bin/lpc -U%U@%M hold %p %j lpresume command = /usr/bin/lpc -U%U@%M release %p %j queuepause command = /usr/bin/lpc -U%U@%M stop %p queueresume command = /usr/bin/lpc -U%U@%M start %p # # Default folders # # internet presentation [Internet] path = /var/share/internet guest ok = no writable = yes printable = no valid users = +admins create mode = 0664 directory mode = 0775 vfs objects = netatalk # intranet presentation [Intranet] path = /var/share/intranet guest ok = no writable = yes printable = no valid users = +share create mode = 0664 directory mode = 0775 vfs objects = netatalk # users shared data [Z] path = /var/share/public guest ok = yes guest only = yes writable = yes printable = no vfs objects = netatalk --------------------------------------------------