Hi everyone,
I want to achieve the following setup:
- have a share that is read-only and accessible for guest users;
- have the same share be modified by an authenticated specific user.
This is running on debian lenny, samba 3.2.5.
My smb.conf is as follows:
[global]
workgroup = WORKGROUP
netbios name = cast
remote announce = 192.168.1.99/WORKGROUP
server string = %h server
dns proxy = no
interfaces = eth0
hosts allow = 192.168.1.0/24
username map = /etc/samba/usermap
security = share
client plaintext auth = yes
encrypt passwords = no
passdb backend = smbpasswd
lanman auth = yes
client lanman auth = yes
load printers = no
printing = none
socket options = TCP_NODELAY IPTOS_LOWDELAY
[workplace]
comment = workplace
browseable = yes
path = /var/workplace
guest ok = yes
public = yes
read only = yes
[admin]
comment = cristi admin
browseable = yes
path = /var/workplace
public = yes
guest ok = no
read only = no
writeable = yes
username = cristi
admin users = cristi
valid users = cristi
I did smbpasswd -a cristi and also smbpasswd -e cristi. User cristi also has
an account on the linux box. The passwords are the same. /etc/samba/usermap
contains: cristi = cristi .
I can access \\192.168.1.99\workplace <file:///\\192.168.1.99\workplace>
without authentication, everything is read-only, as it should. When
accessing \\192.168.1.99\admin <file:///\\192.168.1.99\admin> , I get a
User\Password prompt, exactly the way I want it, but when typing cristi +
password it says that the login is invalid. I also tried to map the share
from windows, same thing.
The odd this is that if I issue 'smbclient -U cristi
//192.168.1.99/admin' on the server CLI it logs me in (with the following
message: Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.2.5] Server not using
user level security and no password supplied.). That aside, I do have admin
privileges.
But this works only when accessing from the server. If I am
on another machine, it will fail. Logs say the following thing:
check_ntlm_password: Authentication for user [cristi] -> [cristi] FAILED
with error NT_STATUS_LOGON_FAILURE
check_ntlm_password: Checking password for unmapped user
[WORKGROUP]\[cristi]@[192.168.1.13] with the new password interface
check_ntlm_password: mapped user is: [CAST]\[cristi]@[192.168.1.13]
check_ntlm_password: Authentication for user [cristi] -> [cristi] FAILED
with error NT_STATUS_LOGON_FAILURE
So I am out of alternatives. I have tried almost every
combination the past 4 days. Please don't suggest using security = user.
Help me oh please.
Alex F.
On 8 February 2010 01:58, Alex Florescu <alex at acasa.ro> wrote:> Hi everyone, > > I want to achieve the following setup: > > - have a share that is read-only and accessible for guest users; > > - have the same share be modified by an authenticated specific user. > > This is running on debian lenny, samba 3.2.5. > > My smb.conf is as follows: > > [global] > ? workgroup = WORKGROUP > ? netbios name = cast > ? remote announce = 192.168.1.99/WORKGROUP > ? server string = %h server > ? dns proxy = no > ? interfaces = eth0 > ? hosts allow = 192.168.1.0/24 > ?username map = /etc/samba/usermap > security = shareI don't think you want "security = share".> ? client plaintext auth = yes > ? encrypt passwords = no > ?passdb backend = smbpasswd > lanman auth = yes > ? client lanman auth = yes > ?load printers = no > ? printing = none > socket options = TCP_NODELAY IPTOS_LOWDELAY > > [workplace] > ? ? ? ?comment = workplace > ? ? ? ?browseable = yes > ? ? ? ?path = /var/workplace > ? ? ? ?guest ok = yes > ? ? ? ?public = yes > ? ? ? ?read only = yes > > [admin] > ? ? ? ?comment = cristi admin > ? ? ? ?browseable = yes > ? ? ? ?path = /var/workplace > ? ? ? ?public = yes > ? ? ? ?guest ok = no > ? ? ? ?read only = no > ? ? ? ?writeable = yes > ? ? ? ?username = cristi > ? ? ? ?admin users = cristi > ? ? ? ?valid users = cristi > > I did smbpasswd -a cristi and also smbpasswd -e cristi. User cristi also has > an account on the linux box. The passwords are the same. /etc/samba/usermap > contains: cristi = cristi . > > I can access \\192.168.1.99\workplace <file:///\\192.168.1.99\workplace> > without authentication, everything is read-only, as it should. When > accessing \\192.168.1.99\admin <file:///\\192.168.1.99\admin> , I get a > User\Password prompt, exactly the way I want it, but when typing cristi + > password it says that the login is invalid. I also tried to map the share > from windows, same thing. > > ? ? ? ? ? ? ? ?The odd this is that if I issue ?'smbclient -U cristi > //192.168.1.99/admin' ?on the server CLI it logs me in (with the following > message: Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.2.5] Server not using > user level security and no password supplied.). That aside, I do have admin > privileges. > > ? ? ? ? ? ? ? ?But this works only when accessing from the server. If I am > on another machine, it will fail. Logs say the following thing: > > check_ntlm_password: ?Authentication for user [cristi] -> [cristi] FAILED > with error NT_STATUS_LOGON_FAILURE > > ?check_ntlm_password: ?Checking password for unmapped user > [WORKGROUP]\[cristi]@[192.168.1.13] with the new password interface > > ?check_ntlm_password: ?mapped user is: [CAST]\[cristi]@[192.168.1.13] > > ?check_ntlm_password: ?Authentication for user [cristi] -> [cristi] FAILED > with error NT_STATUS_LOGON_FAILURE > > ? ? ? ? ? ? ? ?So I am out of alternatives. I have tried almost every > combination the past 4 days. Please don't suggest using security = user.-- Michael Wood <esiotrot at gmail.com>
>So I still have 'security = share' and I thought why it complained aboutauthentication failure. In smbpasswd, passwords are encrypted,>but in my general config I had 'encrypt passwords = no' and that's why itdidn't work. I changed it to yes. "Funny" thing is that I can access the share from a XP-machine but if I try to connect through the 'File Browser' from Ubuntu, it fails: check_ntlm_password: Authentication for user [cristi] -> [cristi] FAILED with error NT_STATUS_WRONG_PASSWORD [2010/02/08 18:10:18, 2] smbd/service.c:make_connection_snum(762) If i use 'mount -t cifs [bla..bla]' it works though. I just "love" computers.