Jon Heese
2013-Apr-09 17:00 UTC
[Samba] Anonymous Samba share across subnets (without WINS?)
I'm trying to replace an old Windows 2000 server that is current set up with
a number of open anonymous shares used by a legacy application that must remain
in production for a few more years. I spent a few hours trying to create
anonymous shares on a 2008 R2 box but gave up. My next idea was to use Samba to
create an anonymous share, and following this quick-n-dirty HowTo:
http://www.debuntu.org/samba-how-to-share-files-for-your-lan-without-userpassword/,
I set up a Lucid Lynx box with samba (3.4.7~dfsg-1ubuntu3.10) to do just that.
Works great... as long as you're on the same subnet as the Samba server.
So our subnets are roughly set up thusly:
* 172.21.11.0/24 - Linux servers
* 172.21.110.0/24 - Test PCs (Win7 x64)
* 172.18.224.0/20 - Production PCs (Win7 x64)
* 204.133.165.0/24 (treated as an internal network, don't ask) - Old server
subnet
And the specific machines I'll be discussing are:
* 172.21.11.24 - Samba server (wrc-deploy)
* 172.21.110.68 - My test PC (Win7 x64)
* 204.133.165.24 - Old Windows 2000 server
So from another Linux server, on the same subnet (broadcast domain), I can do
the following without a problem:
jheese at wrc-aptcache1:~$ smbclient -NL wrc-deploy
Domain=[WELDCORCC] OS=[Unix] Server=[Samba 3.4.7]
Sharename Type Comment
--------- ---- -------
APS Disk APS share
CARSBIN Disk CARSBIN share
CARSPROJ Disk CARSPROJ share
CivilDocs Disk CivilDocs share
DA_CrystalEase Disk DA_CrystalEase share
RMSDist Disk RMSDist share
RMSDistTRN Disk RMSDistTRN share
RMSTools Disk RMSTools share
TibCAD Disk TibCAD share
IPC$ IPC IPC Service (wrc-deploy)
Domain=[WELDCORCC] OS=[Unix] Server=[Samba 3.4.7]
Server Comment
--------- -------
Workgroup Master
--------- -------
WORKGROUP WRC-DEPLOY
jheese at wrc-aptcache1:~$ smbclient -N //wrc-deploy/RMSDist
Domain=[WELDCORCC] OS=[Unix] Server=[Samba 3.4.7]
Server not using user level security and no password supplied.
smb: \> ls
. D 0 Mon Mar 25 15:44:53 2013
.. D 0 Mon Mar 25 15:24:20 2013
test A 0 Mon Mar 25 15:45:01 2013
60617 blocks of size 262144. 49484 blocks available
smb: \> q
jheese at wrc-aptcache1:~$
Great!
However, from my Windows test PC on the 172.21.110.0/24 subnet, if I try to
browse to \\wrc-deploy or \\wrc-deploy\RMSDist, say, I get "The account is
not authorized to log in from this station."
However, and I think this is key, I can browse to \\172.21.11.24 and
\\172.21.11.24\RMSDist without a problem... DNS is absolutely working properly,
and I can ping, telnet, etc. to the name "wrc-deploy" from my test PC
without a problem.
Also, I know that it's not the old NTLM/LM security options because I can
hit the old Windows 2000 server's shares from my test PC without a problem,
and it's on the old server subnet, 204.133.165.0/24.
To my knowledge, no WINS server has ever been configured on this network, nor do
we have any broadcast forwarding configured on our routers to make the old
server's shares browse properly.
I've Googled the crap out of this, including the specific error message,
seeing about using Samba 4.x to do this instead of Samba 3.x, whether WINS is
necessary (I'd really like to not have to go this route if possible), and
everything else, but I can't find anyone else in this same situation.
So, can anyone please suggest ways to make this work. I don't care how
it's done, but the requirements are:
* Anonymous CIFS shares
* Works by name across subnets
* Without a WINS server on each subnet (we have waaaaay too many subnets, some
in weird places)
* (Preferably) Without WINS altogether
Let me know if you need any specific information as far as config files,
versions, or diagrams. Thanks in advance!
Jon Heese
Systems Administrator
Weld County Computer Services
ACS Government Systems, Inc., A Xerox Company
tel:?970-304-6570 x2552
jheese at co.weld.co.us
Confidentiality Notice: This electronic transmission and any attached documents
or other writings are intended only for the person or entity to which it is
addressed and may contain information that is privileged, confidential or
otherwise protected from disclosure. If you have received this communication in
error, please immediately notify sender by return e-mail and destroy the
communication. Any disclosure, copying, distribution or the taking of any action
concerning the contents of this communication or any attachments by anyone other
than the named recipient is strictly prohibited.
Chris Smith
2013-Apr-09 18:04 UTC
[Samba] Anonymous Samba share across subnets (without WINS?)
On Tue, Apr 9, 2013 at 1:00 PM, Jon Heese <jheese at co.weld.co.us> wrote:> My next idea was to use Samba to create an anonymous share, and following this quick-n-dirty HowTo: http://www.debuntu.org/samba-how-to-share-files-for-your-lan-without-userpassword/, I set up a Lucid Lynx box with samba (3.4.7~dfsg-1ubuntu3.10) to do just that.See my blog post here: http://blog.realcomputerguy.com/2010/12/samba-and-guest-shares-with-security.html
Jon Heese
2013-Apr-09 18:14 UTC
[Samba] Anonymous Samba share across subnets (without WINS?)
Awesome! That totally worked! Thanks so much for your help! Jon Heese Systems Administrator Weld County Computer Services ACS Government Systems, Inc., A Xerox Company tel:?970-304-6570 x2552 jheese at co.weld.co.us Confidentiality Notice: This electronic transmission and any attached documents or other writings are intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. If you have received this communication in error, please immediately notify sender by return e-mail and destroy the communication. Any disclosure, copying, distribution or the taking of any action concerning the contents of this communication or any attachments by anyone other than the named recipient is strictly prohibited. -----Original Message----- From: Chris Smith [mailto:smb_77 at chrissmith.org] Sent: Tuesday, April 09, 2013 12:04 PM To: Jon Heese Cc: samba at lists.samba.org Subject: Re: [Samba] Anonymous Samba share across subnets (without WINS?) On Tue, Apr 9, 2013 at 1:00 PM, Jon Heese <jheese at co.weld.co.us> wrote:> My next idea was to use Samba to create an anonymous share, and following this quick-n-dirty HowTo: https://console.mxlogic.com/redir/?1sKyYNsQsICSmkTXzD4Po093O3s9JY01OCGAdbAWC2YWBW4ZzVtSh_QbKRynblrynfS1sNapeHsOXtfyJJa6aNgMTvANOoVcsCej76XCNclfBioaz-DHHdP-95IJOVJCXbNJ5BNZZCXzX1JNwS2_id41Fr6dl8qqnjh08gH0IHlKxEw6dl8qq8a4ZzVEwSQqQEq8adA0rgQg6ywNapeHsPh00Eq31wAqajs_3VUIvIE6QjqpJ6ZS6rIeef6YDCnaos8, I set up a Lucid Lynx box with samba (3.4.7~dfsg-1ubuntu3.10) to do just that.See my blog post here: https://console.mxlogic.com/redir/?bBQnCbCzBASOOC_ssUCr01A3WAuz-DHHdP-95IJO-9ThLyaukRkxFvo85ObvQCnEjSfQbC9j9BWvpKcFBK1NK_9zANOoVcsCedTdyoGvaAMl7ZfnmrDYibprBPrdSnzqbbzXXdT7S3rz1I5-Aq83iScqGgQQKCy0gxm1pmHt3h0cqGgQQgk9X7Ph1JERFgQgkr80SxEwd51ykOtmVCy01gQ6318QkCV-7PNo_pgdFCQPqdXIcTossudUWMI