[Samba] Access to shares from within and outside of a Domain

Marian Mlcoch, Ing mm at tsmp.sk
Fri Aug 1 12:32:16 GMT 2003 

I dont understand why two configs send when you need one... but ok
First create one config for all machine
What you use username map ?
In smbpasswd not need nobody user  remove it!

> [global]
>  workgroup = TEST
>  username map = /etc/samab/users.map
>  security = user
>  smb passwd file = /etc/samba/smbpasswd
>  name resolve order = host
>  allow hosts = 192.21.28.0/255.255.255.0 192.21.25.0/255.255.255.0
127.0.0.0/255.0.0.0
>  deadtime = 30
>  debug level =3
>  encrypt passwords = yes
>  log file = /var/log/samba/log.%U
>  guest account = nobody
>  map to guest = bad user
>  passwd program = /usr/bin/passwd %u
>  unix password sync = yes
>  passwd chat = New*Password* %n\n \
>  \nRe-enter*new*Password* %n\n \
>  *successfully*changed*\n
> [data]
>  comment = Test share
>  path = /data
>  guest ok = yes
>  browseable = no
>  writable = yes
>  create mask = 0760
>  directory mask = 0770

Samba allways need authentication ! But if user (test) logged to domain
exist on samba and have identic password then windows login automatic and
you not asked. Identic user of standalone server can be connect without auth
only if username and pass is on samba.
If not then is asked and mapped to user guest if username and password miss.
Then connect is possibly.

If you need automatic backup script then try enter password in script be net
command parameter
net use x: \\sss\sss anypass

this command will be automatic map you as guest.

Bye.

----- Original Message ----- 
From: "Richard Booth" <r.booth at ulcc.ac.uk>
To: "Marian Mlcoch, Ing" <mm at tsmp.sk>
Cc: <samba at lists.samba.org>
Sent: Friday, August 01, 2003 1:58 PM
Subject: Re: [Samba] Access to shares from within and outside of a Domain


> Hi Marian,
>
> In summary, I want to be able to access the "Data" share without
> authenticating
> from both the W2K Domain and Standalone servers networks. The Data share
> is purely to store backup data and has been secured using ipchains, etc.
> What I need is a smb.conf file that lets me do this. Current set up below.
>
> Thanks - Richard.
>
>
****************************************************************************
******
>
> The samba system is set up as follows:
>         <eth1>-192.21.28.10 - W2K Domain server network
> Samba sys(Data share)-|
>         <eth2>-129.21.25.3 - Standalone servers network
>
> If I use "security = users" I get to the shares from the w2K domain,
> with a valid account, but get asked to authenticate from the
> stand alone machines. smb.conf for this set up below:
>
> [global]
>  workgroup = TEST
>  username map = /etc/samab/users.map
>  security = user
>  smb passwd file = /etc/samba/smbpasswd
>  name resolve order = host
>  allow hosts = 192.21.28.0/255.255.255.0 127.0.0.0/255.0.0.0
>  deadtime = 30
>  debug level =3
>  encrypt passwords = yes
>  log file = /var/log/samba/log.%U
>  guest account = nobody
>  map to guest = bad user
>  passwd program = /usr/bin/passwd %u
>  unix password sync = yes
>  passwd chat = New*Password* %n\n \
>  \nRe-enter*new*Password* %n\n \
>  *successfully*changed*\n
> [data]
>  comment = Test share
>  path = /data
>  guest ok = yes
>  browseable = no
>  writable = yes
>  create mask = 0760
>  directory mask = 0770
>
> smbpasswd file:
> test:280:512A282D2562C7BEAAD.......:[UX ]:LCT-3F27EAF8:
> nobody:99:AAD3B435B51404EEAA.......:[UX ]:LCT-3F28CAC7:
>
> If I use "security = share" I get to the share from the workstations,
> without authenticating, but cannot map the share from the W2K domain.
> smb.conf for this set up below:
> [global]
>  workgroup = TEST
>  allow hosts = 192.21.25.0/255.255.255.0 127.0.0.0/255.0.0.0
>  name resolve order = host
>  guest account = nobody
>  username map = /etc/samab/users.map
>  log file = /var/log/samba/log.%U
>  security = share
>  encrypt passwords = yes
>  deadtime = 30
>  browseable = no
>  debug level = 3
>  disable spoolss = yes
> [data]
>  comment = Test share
>  path = /data1
>  browseable = no
>  writable = yes
>  guest ok = yes
>  create mask = 0760
>  directory mask = 0770
>
> >send not snipped all smb.conf and schematic router net conf of your
servers
> >and clients that one work and  one not.
> >Domain not domain is not exact diferent ... for standalone servers.
> >You must have any missed config.
> >Send list of users from smbpasswd.
> >
> >Bye.
> >
> >
>
>
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list