[Samba] Samba PDC with shares accessible for not logged users - how?

[Paul Gienger]

> this directory shouldn't be writable, so I have it now like that:
>
> [wpkg]
>   comment = Windows Packager
>   path = /home/samba/wpkg
>   read only = yes
>   browseable = yes
>   valid users = nobody, unattended, guest
>   guest ok = Yes
>   public = Yes
>
>
> but as the server is a domain controller, it prompts for a 
> username/password even if I just click on its icon (from win2k 
> workstation).

Most likely it's prompting you for a user/pass because you're not coming 
in as a valid user for the server. 

> This workstation already has a machine account.

Doesn't really matter for simple file access. Does matter for logging 
into the domain from said machine.

> What do you mean by "force user"?

Force user means, in a nutshell: Make it look like I'm this guy, where 
thisguy is the user named in the force user line.  You still need to be 
a valid authenticated user before going to said share. From the man page:

This specifies a UNIX user name that will be assigned as the default 
user for all users connecting to this service. This is useful for 
sharing files. You should also use it carefully as using it incorrectly 
can cause security problems.

This user name only gets used once a connection is established. Thus 
clients still need to connect as a valid user and supply a valid 
password. Once connected, all file operations will be performed as the 
"forced user", no matter what username the client connected as. This can 
be very useful.

In Samba 2.0.5 and above this parameter also causes the primary group of 
the forced user to be used as the primary group for all file activity. 
Prior to 2.0.5 the primary group was left as the primary group of the 
connecting user (this was a bug).


>
>
> Any more hints?
>
>
> Tomek


-- 
--
Paul Gienger                    Office: 701-281-1884
Applied Engineering Inc.
Systems Architect               Fax:    701-281-1322
URL: www.ae-solutions.com       mailto: pgienger at ae-solutions.com