[Samba] Problems with force (user|group) and XP Professional?

Thu Jul 3 18:12:30 GMT 2003

Thus spake John H Terpstra (jht at samba.org) [03/07/03 13:28]:
> > I'm not exactly sure why or how, but it appears that XP picks up the fact
> > that it's being connected as the forced user (smbguest), and continues
> > trying to authenticate to other services/shares as that user (smbugest).
> > I'm not sure if this carry-over is being done in XP or in Samba or in their
> > interaction, but I know it's happening.
> 
> I have not seen this happening - have tested both SHARE mode and USER mode
> security. I have tested this with:
> 
> 	Win 98 / Me / NT4 Wkstn / 2000 Pro / XP Pro

I've seen this happen a couple of times.  It may also correspond with the
fact that the user logs in to their workstation with a different username
from that which they attach to Samba with.

This is in USER mode.

> Please post your smb.conf file. I'd like to see how you have configured
> this.

Well, this is the configuration post-change.  Note, the system is Samba
3.0b1 running on FreeBSD 4.8-STABLE.  Previous to this change, the lines:

    force user = smbguest
    force group = smbguest

were in both the [general] and [apps] service declarations.  As well:

    invalid users = smbguest

was in every other service declaration.  As you can see, I've sinced changed
to 'valid users', hopefully to keep it clean.

    [global]
      netbios name = lava
      workgroup = Sentex

      map to guest = bad user
      guest account = smbguest

      wins support = yes
      os level = 99
      local master = yes
      preferred master = yes
      security = user
      encrypt passwords = yes

      log file = /var/log/samba/log.%m
      max log size = 500
      log level = 2
      syslog only = no
      syslog = 0

      printing = cups
      printcap name = cups
      show add printer wizard = yes

      nt acl support = no
      socket options = TCP_NODELAY 

      name resolve order = wins host lmhosts bcast
      dns proxy = yes 

      preserve case = yes
      short preserve case = yes

      obey pam restrictions = no

    [homes]
       browseable = no
       read only = no
       writeable = yes
       comment = Home Sweet Home
       create mask = 0640
       directory mask = 0751
       hide dot files = no
       invalid users = smbguest guest

    [general]
       comment = A multi-purpose share
       browseable = yes
       path = /export/general
       printable = no

       read only = no
       writable = yes

       create mask = 0666
       directory mask = 0777
       write list = @staff
       inherit acls = yes

    [apps]
       comment = A multi-purpose Applications share
       browseable = yes
       path = /export/apps
       printable = no

       read only = yes
       writable = no

    [sales]
       comment = The Sales database
       browseable = yes
       path = /home/sales
       printable = no

       force group = sales

       read only = no
       writeable = yes

       create mask = 0770
       directory mask = 0770
       inherit acls = yes

       valid users = @sales

    [marketing]
       comment = For Marketing Folk
       browseable = yes
       path = /home/marketing
       printable = no

       force group = marketing

       read only = no
       writeable = yes

       create mask = 0770
       directory mask = 0770
       inherit acls = yes

       valid users = @marketing

    [printers]
       comment = Printers
       printable = yes
       path = /var/spool/samba
       read only = no
       guest ok = no
       browseable = yes
       writeable = no
       valid users = @staff
       printer admin = @wheel