Browse list and user authentication error

Heiko Wundram heikowu at ceosg.de
Thu Sep 27 16:24:02 GMT 2001


Hello to all!

I have a small problem with the way Windows 98 gets user lists and 
authenticates when accessing a resource.

I am trying to do the following: Depending on which user connects, several 
shares are browseable = yes or browseable = no.

The shares also contain a valid users line that limits the access to the user 
that enables the browseable = yes line.

(No, I don't use [homes], as the layout of the homes is slightly complicated 
by the old structure of the organization that I do the sysadm for)

If I use Windows Network Logon without a Domain Logon, this works perfectly 
fine; all shares that are browseable are displayed in the Nethood, and I can 
access all shares with the correct priviledges that I specified in the config 
file. If I try to access a share that is not browseable (and whose valid 
users line doesn't match), Windows 98 barfs with "Could not find share" 
(correct behaviour, I guess...).

When I then switch to Domain Logon (the domain is called MEGAKIDS, and the 
server is actually configured for Domain Security level), a funny thing 
happens:

1. my logon script mounts a share to a local drive, this works perfectly 
well, the share is accessible and the user that is logging in has access to 
this share (well, it's his home directory). This share nevertheless doesn't 
appear in the Nethood, it seems to be "non-browseable". But when I enter the 
path as a whole, I can access the share nevertheless.

2. The Nethood only shows those directories that are enabled when you log on 
as "anonymous", even when I log in as the samba admin. When I try to write to 
one of those "anonymous" shares, Windows 98 barfs with "Not allowed", as it 
shouldn't with the Samba admin.

3. When I try to access a share (that should be browseable) directly, Windows 
98 barfs with "Could not find share".

Well, long explanation with little in it: When I turned on debugging, I saw 
that Windows 98, although the logon was successful, authenticated as nobody 
when getting the browse list, and also authenticated as nobody when trying to 
get one of the restricted resources.

Is this "known behaviour"? I mean it is senseless in some way or another 
(sounds just like Microsoft... ;)) for domain-logons to behave this way.

Is there anything I can do about it? Might it even be a misconfiguration of 
Samba?

Hope to hear from someone soon!

-- 
Yours sincerely,

	Heiko Wundram




More information about the samba mailing list