samba - Apr 2007 - samba: offer public share to Windows 98 and writable share to Windows XP

Dear List. My requirement is to set up a samba share named "music"
that: 
     I. it's read-only accessible from both Windows 98 and Windows
        2000/XP not requiring password; 
    II. it's write-accessible from Windows XP protected by a password.

I thought in order to cope with Windows 98 I need to 
     I. use "security = share" (done), and set "guest ok =
nobody"
    II. make sure "nobody" have read-only access on the Linux server
the
        directory to be shared (done) 
   III. test the server against Windows all versions to make sure public
        read-only access is okay and do not require a password (done);

Now my problem is: the windows XP user who should have write access to
the share, never actually got write access. Here is how it happens:

     I. A user "music" (same as the share name) exists on Linux samba
        server and have full write access to the directory being
        shared; 
    II. the Windows XP user, when accessing the share, is not prompted
        for password and got read-only access (expected); 
   III. now the XP user wish to write the share, she go to create a map
        from the share "\\server\music" to "Z:", in that
dialog box she
        got the option to login as another user (fine); 
    IV. she choose to login as "music", password which is the password
        of Linux user "music", and click login; 
     V. login failed, she is asked for username again (surprise);
>From what I've read on the smb.conf manual, it says:
        Note  that  smbd  ALWAYS uses a valid UNIX user to act on behalf
        of the client, even in security = share level security.
        
        As clients are not required to send a username to the server in
        share level  security,  smbd  uses several techniques to
        determine the correct UNIX user to use on behalf of the client.
        
        [snip]
              * The name of the service the client requested is added as
                a potential username. 
        [snip]
        
        If  the  guest only parameter is not set, then this list is then
        tried with the supplied password. The first user for whom the
        password matches will be used as the UNIX user.

So, if I understood the manual correctly, the name of the service
"music" is a potential username, and the password sent from Windows XP
to Samba on Linux is tried with "music" and should gets validated as
Linux user "music". This should happen whatever username the Windows
XP
user filled, because "music" will always be a potential username.

The question is now how do I let the Windows XP user write the share?
I'd very much appreciate a solution and somone point me out my
misunderstanding of the manual (if I did). Thanks a lot in advance!

-- 
Zhang Weiwu
Real Softservice
http://www.realss.com
+86 592 2091112

On Wed, 2007-04-11 at 11:57 +0800, Zhang Weiwu wrote:
> Dear List. My requirement is to set up a samba share named
"music"
> that: 
>      I. it's read-only accessible from both Windows 98 and Windows
>         2000/XP not requiring password; 
>     II. it's write-accessible from Windows XP protected by a password.
In my last email I forgot to mention my "uname -a" and my smb.conf

[global]
  server string = File Server Sappho %v
  log file = /var/log/samba/log.%m
  map to guest = nobody
  hosts allow = 218.193.55.
  security = share
  encrypt passwords = no
  bind interfaces only = 218.193.55.205
  dos charset = 936
  unix charset = UTF-8

[music]
   comment = /var/music
   path = /var/music
   guest ok = yes
   read only = no

Later I am aware that Windows NT (including XP) probably doesn't work
with "encrypt passwords = no" so I removed that line, the result is,
Windows XP user can always map the share as user "music" but after
mounted the user still don't have permission to write to the share.
Sambe log shows the user is still "nobody" but not "music".

        [2007/04/11 02:15:59, 1]
        smbd/service.c:make_connection_snum(693)
          218.193.55.233 (218.193.55.233) connect to service music initially as
user nobody (uid=65534, gid=65534) (pid 15327)

my system information:
sappho ~ # equery which samba
/usr/portage/net-fs/samba/samba-3.0.24.ebuild
sappho ~ # uname -a
Linux sappho.realss.com 2.6.18-gentoo-r3 #23 Mon Apr 9 23:27:21 HKT 2007 sparc64
sun4u TI UltraSparc IIi (Sabre) GNU/Linux

My latest smb.conf:

sappho ~ # cat /etc/samba/smb.conf
[global]
  server string = File Server Sappho %v
  log file = /var/log/samba/log.%m
  map to guest = nobody
  hosts allow = 218.193.55.
  security = share
  bind interfaces only = 218.193.55.205
  dos charset = 936
  unix charset = UTF-8

[music]
   comment = /var/music
   path = /var/music
   guest ok = yes
   read only = no