[Samba] Access to shares from within and outside of a Domain

Richard Booth r.booth at ulcc.ac.uk
Fri Aug 1 11:58:37 GMT 2003


Hi Marian,

In summary, I want to be able to access the "Data" share without 
authenticating
from both the W2K Domain and Standalone servers networks. The Data share
is purely to store backup data and has been secured using ipchains, etc.
What I need is a smb.conf file that lets me do this. Current set up below.

Thanks - Richard.

**********************************************************************************

The samba system is set up as follows:
        <eth1>-192.21.28.10 - W2K Domain server network
Samba sys(Data share)-|
        <eth2>-129.21.25.3 - Standalone servers network

If I use "security = users" I get to the shares from the w2K domain,
with a valid account, but get asked to authenticate from the
stand alone machines. smb.conf for this set up below:

[global]
 workgroup = TEST
 username map = /etc/samab/users.map
 security = user
 smb passwd file = /etc/samba/smbpasswd
 name resolve order = host
 allow hosts = 192.21.28.0/255.255.255.0 127.0.0.0/255.0.0.0
 deadtime = 30
 debug level =3
 encrypt passwords = yes
 log file = /var/log/samba/log.%U
 guest account = nobody
 map to guest = bad user
 passwd program = /usr/bin/passwd %u
 unix password sync = yes
 passwd chat = New*Password* %n\n \
 \nRe-enter*new*Password* %n\n \
 *successfully*changed*\n
[data]
 comment = Test share
 path = /data
 guest ok = yes
 browseable = no
 writable = yes
 create mask = 0760
 directory mask = 0770

smbpasswd file:
test:280:512A282D2562C7BEAAD.......:[UX ]:LCT-3F27EAF8:
nobody:99:AAD3B435B51404EEAA.......:[UX ]:LCT-3F28CAC7:

If I use "security = share" I get to the share from the workstations,
without authenticating, but cannot map the share from the W2K domain.
smb.conf for this set up below:
[global]
 workgroup = TEST
 allow hosts = 192.21.25.0/255.255.255.0 127.0.0.0/255.0.0.0
 name resolve order = host
 guest account = nobody
 username map = /etc/samab/users.map
 log file = /var/log/samba/log.%U
 security = share
 encrypt passwords = yes
 deadtime = 30
 browseable = no
 debug level = 3
 disable spoolss = yes
[data]
 comment = Test share
 path = /data1
 browseable = no
 writable = yes
 guest ok = yes
 create mask = 0760
 directory mask = 0770

>send not snipped all smb.conf and schematic router net conf of your servers
>and clients that one work and  one not.
>Domain not domain is not exact diferent ... for standalone servers.
>You must have any missed config.
>Send list of users from smbpasswd.
>
>Bye.
>  
>





More information about the samba mailing list