[ale] Samba Not Quite Right

Jonathan Glass jonathan.glass at ibb.gatech.edu
Tue Aug 19 10:17:31 EDT 2003



> I've got Samba up and running on Gentoo, which is also up and running (a
> minor
> miracle in and of itself, as the 2.4.20 kernel that comes with the current
> version of Gentoo wouldn't boot on this nVidia-chipset machine).
>
> WinXP machines on the network can see the server and, if I double-click on
> the
> server, I'm asked for a username and password.  If I supply mine, I can
> get into
> the one share I created.
>
> This isn't quite what I want to have happen.  I would like for at least
> one
> read-only share to appear without the need for a username and password,
> and I
> plan to make other shares that *will* require un/pw access.  I would like
> all
> shares to at least appear when the server is double-clicked, without
> having to
> enter a un/pw.
>
> This is the share definition for that one read-only share as it now
> stands:
>
> [library]
>    comment = General data/sw for internal use
>    path = /share/library
>    public = yes
>    writable = no
>    write list = jeff
>
> Other important global parameters:
>
>    security = user
>    encrypt passwords = yes
>    smb passwd file = /etc/samba/private/smbpasswd
>
> There is a Win2K PDC here with accounts, but I have no control over them
> (to
> include existence), so, if I want to be able to provide and control access
> to
> this Samba server, I have to manage the accounts and use smbpasswd as
> needed.
>
> How can I best get the behavior I want?
>
> - Jeff

Well, you can cheat a little.  This will force anyone connecting to the
"public" share to have a smbguest account sans entering a username and
password.

[public]
        comment = Public Share
        path = /path/to/share
        browseable = yes
        guest ok = yes
        guest only = yes
        read only = no
        writeable = yes
        create mask = 0777
        directory mask = 0777

ON the issue of not controlling accounts:  Do you really want to keep
track/manage usernames and passwords?  If a Win2K server is already doing
the authentication, then it only makes sense to use their authentication
so the users only have a single username and password to remember.  You
may not have control over who exists on the network, but you can control
who can access what on your server.  I did this for a previous employer,
deploying one web server for students, and another for faculty, all doing
auth through a Winnt PDC.

HTH

-- 
Jonathan Glass
Systems Support Specialist II
IBB/GTEC
W: 404-385-0127
C: 404-444-4086
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale





More information about the Ale mailing list