[Samba] Access to shares from within and outside of a Domain

Richard Booth r.booth at ulcc.ac.uk
Thu Jul 31 10:00:44 GMT 2003 

Hi Marian,

Guess what I'm really trying to do is make my share available to systems 
within our domain *and* to stand alone workstations (ie *not* in the 
domain). Unless I'm missing something obvious, it seems that you can do 
one or the other, but not both at the same time (although, i can't 
believe there's not a way of doing this)!

The Domain and workstations also sit on different networks, hence the 2 
NIC's.

I've looked into smb.conf settings using both "security = user" and 
"security = share" (from the documentation, it would also appear that 
"security = domain" will essentially provide the same type of 
authentication as "security = user").

If I use "share" I get to the share from the workstations, without 
authenticating, but cannot map the share from the domain.
If I use "users" I can get to the shares from our domain, with a valid 
account, but get asked to authenticate from the stand alone machines.

This situation has arisen, as we need to backup systems within our 
domain and some stand alone workstations. I want to be able to provide a 
share that is available without authentication to either group of systems.

Do you or any one in the samba community have any suggestions? Is this 
possible with samba?

Thanks,

Richard.

>Your problem is not samba but domain controller on eth2 subnet.
>W2k users on this net is joined to domain and samba not. Try create acount
>for samba on machine control panel W2k PDC as standalone NT server. Or
>simply join samba to domain from samba by smbpasswd -j ...
>
>Bye.
>
>----- Original Message ----- 
>From: "Richard Booth" <r.booth at ulcc.ac.uk>
>To: <samba at lists.samba.org>
>Sent: Tuesday, July 29, 2003 4:28 PM
>Subject: [Samba] Access to shares via two NIC
>
>
>  
>
>>Hi,
>>
>>I have the following problem with samba:
>>
>>The set up:
>>Redhat 9.0 system, with two NIC's (eth1/2) for two networks.
>>
>>Shares available:
>><eth1># smbclient -L \\\\TEST28 -U%
>><eth2># smbclient -L \\\\TEST25 -U%
>>Both give -
>>added interface ip=192.21.28.10 bcast=192.21.28.255 nmask=255.255.255.0
>>added interface ip=129.21.25.3 bcast=192.21.25.255 nmask=255.255.255.0
>>Domain=[WINS-BU] OS=[Unix] Server=[Samba 2.2.7-security-rollup-fix]
>>      Sharename      Type      Comment
>>      ---------      ----      -------
>>      data1          Disk      Data Share
>>      IPC$           IPC       IPC Service (Windows servers bachup shares)
>>      ADMIN$      Disk      IPC Service (Windows servers bachup shares)
>>
>>      Server               Comment
>>      ---------            -------
>>      TEST
>>
>>smb.conf:
>>[global]
>>    <snip>
>>   encrypt passwords = yes
>>   smb passwd file = /etc/samba/smbpasswd
>>   guest account = nobody
>>   allow hosts = x y z etc
>>   <snip>
>>[Data]
>>   comment = Test Group Share
>>   path = /data
>>   browseable = yes
>>   writable = yes
>>   guest ok = yes
>>
>>Cleints connecting to smb server:
>>All W2K server or W2K professional on both networks.
>>
>>The problem:
>>Share /data1 can be seen and accessed using the guest account, by all
>>system on interface eth1, but -
>>
>>Share /data1 can *not* be accessed using the guest account, by any
>>system, on interface eth2.
>>I get the classic error message "The account is not authorized to log in
>>from this station"
>>
>>The only difference between the networks is that eth1 tends to have
>>stand alone systems, whilst the
>>systems on eth2 belong to a domain.
>>
>>This is driving me nuts! Any help would be much appreciated.
>>
>>Cheers,
>>
>>-- 
>>To unsubscribe from this list go to the following URL and read the
>>instructions:  http://lists.samba.org/mailman/listinfo/samba
>>    
>>
>
>
>
>  
>

More information about the samba mailing list