[Samba] Access to shares from within and outside of a Domain

Richard Booth r.booth at ulcc.ac.uk
Thu Jul 31 10:00:44 GMT 2003

Hi Marian,

Guess what I'm really trying to do is make my share available to systems 
within our domain *and* to stand alone workstations (ie *not* in the 
domain). Unless I'm missing something obvious, it seems that you can do 
one or the other, but not both at the same time (although, i can't 
believe there's not a way of doing this)!

The Domain and workstations also sit on different networks, hence the 2 

I've looked into smb.conf settings using both "security = user" and 
"security = share" (from the documentation, it would also appear that 
"security = domain" will essentially provide the same type of 
authentication as "security = user").

If I use "share" I get to the share from the workstations, without 
authenticating, but cannot map the share from the domain.
If I use "users" I can get to the shares from our domain, with a valid 
account, but get asked to authenticate from the stand alone machines.

This situation has arisen, as we need to backup systems within our 
domain and some stand alone workstations. I want to be able to provide a 
share that is available without authentication to either group of systems.

Do you or any one in the samba community have any suggestions? Is this 
possible with samba?



>Your problem is not samba but domain controller on eth2 subnet.
>W2k users on this net is joined to domain and samba not. Try create acount
>for samba on machine control panel W2k PDC as standalone NT server. Or
>simply join samba to domain from samba by smbpasswd -j ...
>----- Original Message ----- 
>From: "Richard Booth" <r.booth at ulcc.ac.uk>
>To: <samba at lists.samba.org>
>Sent: Tuesday, July 29, 2003 4:28 PM
>Subject: [Samba] Access to shares via two NIC
>>I have the following problem with samba:
>>The set up:
>>Redhat 9.0 system, with two NIC's (eth1/2) for two networks.
>>Shares available:
>><eth1># smbclient -L \\\\TEST28 -U%
>><eth2># smbclient -L \\\\TEST25 -U%
>>Both give -
>>added interface ip= bcast= nmask=
>>added interface ip= bcast= nmask=
>>Domain=[WINS-BU] OS=[Unix] Server=[Samba 2.2.7-security-rollup-fix]
>>      Sharename      Type      Comment
>>      ---------      ----      -------
>>      data1          Disk      Data Share
>>      IPC$           IPC       IPC Service (Windows servers bachup shares)
>>      ADMIN$      Disk      IPC Service (Windows servers bachup shares)
>>      Server               Comment
>>      ---------            -------
>>      TEST
>>    <snip>
>>   encrypt passwords = yes
>>   smb passwd file = /etc/samba/smbpasswd
>>   guest account = nobody
>>   allow hosts = x y z etc
>>   <snip>
>>   comment = Test Group Share
>>   path = /data
>>   browseable = yes
>>   writable = yes
>>   guest ok = yes
>>Cleints connecting to smb server:
>>All W2K server or W2K professional on both networks.
>>The problem:
>>Share /data1 can be seen and accessed using the guest account, by all
>>system on interface eth1, but -
>>Share /data1 can *not* be accessed using the guest account, by any
>>system, on interface eth2.
>>I get the classic error message "The account is not authorized to log in
>>from this station"
>>The only difference between the networks is that eth1 tends to have
>>stand alone systems, whilst the
>>systems on eth2 belong to a domain.
>>This is driving me nuts! Any help would be much appreciated.
>>To unsubscribe from this list go to the following URL and read the
>>instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list