Hello,
we have problem with user authentication when accessing shared folders at
standalone Samba server (security=share) from Windows XP.
There is no problem accessing public folders ("guest ok=yes" and
"guest
only=yes"). But when trying to access non-public folders ("guest
ok=no"
with valid users definition), username / password dialog appears, but username
is always "servername/Guest" and is greyed out, so it can not be
changed.
Windows 2000 client is OK - user can enter whatever username in username field.
I know the difference between "share" and "user" security
modes, which might
cause the unchangeable username. But it works in Win2000 ... and based on their
specs none of them suits IMHO our objective:
- to have public folders and folders with limited access on one server
- don't annoy users with authentication when they want to access public
folders at all.
(username/password authentication should proceed only when clicking on
non-public folder).
Is this possible ? Like allow clients to send username in share mode or
don't
require login to server in user mode first ? Or any other way ?
Thanks.
Charon
Just in case ... Samba version 3.0.20 and smb.conf:
------------------------------------------
[global]
server string = XXXXXX
netbios name = XXXXX
workgroup = XXXXXX
domain master = yes
local master = yes
preferred master = yes
os level = 127
wins support = yes
interfaces = eth0 lo
bind interfaces only = yes
hosts allow = 192.168.1. 127.
security = share
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
guest account = share
load printers = yes
printing = lprng
printcap name = /etc/printcap
max print jobs = 200
lpq cache time = 20
printer admin = user
syslog only = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = no
kernel oplocks = no
[printers]
comment = All printers
path = /var/spool/print/samba
guest ok = yes
writeable = no
browsable = no
printable = yes
print command = /usr/bin/lpr -U%U@%M -r -P%p %s
lpq command = /usr/bin/lpq -U%U@%M -P%p
lprm command = /usr/bin/lprm -U%U@%M -P%p %j
lppause command = /usr/bin/lpc -U%U@%M hold %p %j
lpresume command = /usr/bin/lpc -U%U@%M release %p %j
queuepause command = /usr/bin/lpc -U%U@%M stop %p
queueresume command = /usr/bin/lpc -U%U@%M start %p
#
# Default folders
#
# internet presentation
[Internet]
path = /var/share/internet
guest ok = no
writable = yes
printable = no
valid users = +admins
create mode = 0664
directory mode = 0775
vfs objects = netatalk
# intranet presentation
[Intranet]
path = /var/share/intranet
guest ok = no
writable = yes
printable = no
valid users = +share
create mode = 0664
directory mode = 0775
vfs objects = netatalk
# users shared data
[Z]
path = /var/share/public
guest ok = yes
guest only = yes
writable = yes
printable = no
vfs objects = netatalk
--------------------------------------------------
Hi
Are you using your server as part of a domain if so I think that domain
master should be set to no
-----Original Message-----
From: Jouda Hrouda [mailto:mlszs@seznam.cz]
Sent: 06 October 2005 15:01
To: samba@lists.samba.org
Subject: [Samba] authentication problem with WinXP clients
Hello,
we have problem with user authentication when accessing shared folders at
standalone Samba server (security=share) from Windows XP.
There is no problem accessing public folders ("guest ok=yes" and
"guest
only=yes"). But when trying to access non-public folders ("guest
ok=no"
with valid users definition), username / password dialog appears, but
username
is always "servername/Guest" and is greyed out, so it can not be
changed.
Windows 2000 client is OK - user can enter whatever username in username
field.
I know the difference between "share" and "user" security
modes, which might
cause the unchangeable username. But it works in Win2000 ... and based on
their
specs none of them suits IMHO our objective:
- to have public folders and folders with limited access on one server
- don't annoy users with authentication when they want to access public
folders at all.
(username/password authentication should proceed only when clicking on
non-public folder).
Is this possible ? Like allow clients to send username in share mode or
don't
require login to server in user mode first ? Or any other way ?
Thanks.
Charon
Just in case ... Samba version 3.0.20 and smb.conf:
------------------------------------------
[global]
server string = XXXXXX
netbios name = XXXXX
workgroup = XXXXXX
domain master = yes
local master = yes
preferred master = yes
os level = 127
wins support = yes
interfaces = eth0 lo
bind interfaces only = yes
hosts allow = 192.168.1. 127.
security = share
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
guest account = share
load printers = yes
printing = lprng
printcap name = /etc/printcap
max print jobs = 200
lpq cache time = 20
printer admin = user
syslog only = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = no
kernel oplocks = no
[printers]
comment = All printers
path = /var/spool/print/samba
guest ok = yes
writeable = no
browsable = no
printable = yes
print command = /usr/bin/lpr -U%U@%M -r -P%p %s
lpq command = /usr/bin/lpq -U%U@%M -P%p
lprm command = /usr/bin/lprm -U%U@%M -P%p %j
lppause command = /usr/bin/lpc -U%U@%M hold %p %j
lpresume command = /usr/bin/lpc -U%U@%M release %p %j
queuepause command = /usr/bin/lpc -U%U@%M stop %p
queueresume command = /usr/bin/lpc -U%U@%M start %p
#
# Default folders
#
# internet presentation
[Internet]
path = /var/share/internet
guest ok = no
writable = yes
printable = no
valid users = +admins
create mode = 0664
directory mode = 0775
vfs objects = netatalk
# intranet presentation
[Intranet]
path = /var/share/intranet
guest ok = no
writable = yes
printable = no
valid users = +share
create mode = 0664
directory mode = 0775
vfs objects = netatalk
# users shared data
[Z]
path = /var/share/public
guest ok = yes
guest only = yes
writable = yes
printable = no
vfs objects = netatalk
--------------------------------------------------