Zhang Weiwu
2007-Apr-11 04:18 UTC
[Samba] samba: offer public share to Windows 98 and writable share to Windows XP
Dear List. My requirement is to set up a samba share named "music" that: I. it's read-only accessible from both Windows 98 and Windows 2000/XP not requiring password; II. it's write-accessible from Windows XP protected by a password. I thought in order to cope with Windows 98 I need to I. use "security = share" (done), and set "guest ok = nobody" II. make sure "nobody" have read-only access on the Linux server the directory to be shared (done) III. test the server against Windows all versions to make sure public read-only access is okay and do not require a password (done); Now my problem is: the windows XP user who should have write access to the share, never actually got write access. Here is how it happens: I. A user "music" (same as the share name) exists on Linux samba server and have full write access to the directory being shared; II. the Windows XP user, when accessing the share, is not prompted for password and got read-only access (expected); III. now the XP user wish to write the share, she go to create a map from the share "\\server\music" to "Z:", in that dialog box she got the option to login as another user (fine); IV. she choose to login as "music", password which is the password of Linux user "music", and click login; V. login failed, she is asked for username again (surprise);>From what I've read on the smb.conf manual, it says:Note that smbd ALWAYS uses a valid UNIX user to act on behalf of the client, even in security = share level security. As clients are not required to send a username to the server in share level security, smbd uses several techniques to determine the correct UNIX user to use on behalf of the client. [snip] * The name of the service the client requested is added as a potential username. [snip] If the guest only parameter is not set, then this list is then tried with the supplied password. The first user for whom the password matches will be used as the UNIX user. So, if I understood the manual correctly, the name of the service "music" is a potential username, and the password sent from Windows XP to Samba on Linux is tried with "music" and should gets validated as Linux user "music". This should happen whatever username the Windows XP user filled, because "music" will always be a potential username. The question is now how do I let the Windows XP user write the share? I'd very much appreciate a solution and somone point me out my misunderstanding of the manual (if I did). Thanks a lot in advance! -- Zhang Weiwu Real Softservice realss.com +86 592 2091112
Zhang Weiwu
2007-Apr-11 04:20 UTC
[Samba] Re: samba: offer public share to Windows 98 and writable share to Windows XP
On Wed, 2007-04-11 at 11:57 +0800, Zhang Weiwu wrote:> Dear List. My requirement is to set up a samba share named "music" > that: > I. it's read-only accessible from both Windows 98 and Windows > 2000/XP not requiring password; > II. it's write-accessible from Windows XP protected by a password.In my last email I forgot to mention my "uname -a" and my smb.conf [global] server string = File Server Sappho %v log file = /var/log/samba/log.%m map to guest = nobody hosts allow = 218.193.55. security = share encrypt passwords = no bind interfaces only = 218.193.55.205 dos charset = 936 unix charset = UTF-8 [music] comment = /var/music path = /var/music guest ok = yes read only = no Later I am aware that Windows NT (including XP) probably doesn't work with "encrypt passwords = no" so I removed that line, the result is, Windows XP user can always map the share as user "music" but after mounted the user still don't have permission to write to the share. Sambe log shows the user is still "nobody" but not "music". [2007/04/11 02:15:59, 1] smbd/service.c:make_connection_snum(693) 218.193.55.233 (218.193.55.233) connect to service music initially as user nobody (uid=65534, gid=65534) (pid 15327) my system information: sappho ~ # equery which samba /usr/portage/net-fs/samba/samba-3.0.24.ebuild sappho ~ # uname -a Linux sappho.realss.com 2.6.18-gentoo-r3 #23 Mon Apr 9 23:27:21 HKT 2007 sparc64 sun4u TI UltraSparc IIi (Sabre) GNU/Linux My latest smb.conf: sappho ~ # cat /etc/samba/smb.conf [global] server string = File Server Sappho %v log file = /var/log/samba/log.%m map to guest = nobody hosts allow = 218.193.55. security = share bind interfaces only = 218.193.55.205 dos charset = 936 unix charset = UTF-8 [music] comment = /var/music path = /var/music guest ok = yes read only = no