Browse list and user authentication error
heikowu at ceosg.de
Thu Sep 27 16:24:02 GMT 2001
Hello to all!
I have a small problem with the way Windows 98 gets user lists and
authenticates when accessing a resource.
I am trying to do the following: Depending on which user connects, several
shares are browseable = yes or browseable = no.
The shares also contain a valid users line that limits the access to the user
that enables the browseable = yes line.
(No, I don't use [homes], as the layout of the homes is slightly complicated
by the old structure of the organization that I do the sysadm for)
If I use Windows Network Logon without a Domain Logon, this works perfectly
fine; all shares that are browseable are displayed in the Nethood, and I can
access all shares with the correct priviledges that I specified in the config
file. If I try to access a share that is not browseable (and whose valid
users line doesn't match), Windows 98 barfs with "Could not find share"
(correct behaviour, I guess...).
When I then switch to Domain Logon (the domain is called MEGAKIDS, and the
server is actually configured for Domain Security level), a funny thing
1. my logon script mounts a share to a local drive, this works perfectly
well, the share is accessible and the user that is logging in has access to
this share (well, it's his home directory). This share nevertheless doesn't
appear in the Nethood, it seems to be "non-browseable". But when I enter the
path as a whole, I can access the share nevertheless.
2. The Nethood only shows those directories that are enabled when you log on
as "anonymous", even when I log in as the samba admin. When I try to write to
one of those "anonymous" shares, Windows 98 barfs with "Not allowed", as it
shouldn't with the Samba admin.
3. When I try to access a share (that should be browseable) directly, Windows
98 barfs with "Could not find share".
Well, long explanation with little in it: When I turned on debugging, I saw
that Windows 98, although the logon was successful, authenticated as nobody
when getting the browse list, and also authenticated as nobody when trying to
get one of the restricted resources.
Is this "known behaviour"? I mean it is senseless in some way or another
(sounds just like Microsoft... ;)) for domain-logons to behave this way.
Is there anything I can do about it? Might it even be a misconfiguration of
Hope to hear from someone soon!
More information about the samba