[Samba] Bringing a laptop to a Samba Network

Steve Cohen scohen at javactivity.org
Fri Feb 25 00:21:11 GMT 2005 

Steve Cohen wrote:
> Craig White wrote:
> I think here we come to the nub of the matter - passwords and user ids.
> 
> I have other Windows boxes on the network and they are able to print on 
> this printer without supplying a password or username.  These are home 
> computers on a home network.  In smb.conf I have
> 
> guest account = nobody
> hosts allow = 192.168.123.0/255.255.255.0
> hosts deny =
> 
> [printers]
> guest ok = yes
> 
> This configuration allows the Windows boxes on my home network to print 
> on the Linux box printer.
> 
> Why doesn't it also allow the laptop to print?
> 
> Can it be that since the other computers do not require a password logon 
>  they succeed at gaining access as "nobody" but since the laptop does 
> require a password logon, that this MUST be mapped somehow to a valid 
> user on the linux system?  That would make sense, since I did see my 
> user id on the laptop in the log.  Furthermore, the other boxes are 
> members of the same workgroup as the Linux box while the laptop isn't.
> 
> I guess I was assuming that "nobody" was a catchall for all unknown 
> users.  I guess that is not the case.  Perhaps that trick only works for 
> workgroup members?  I will go ahead and try to set up a valid id mapping 
> for the laptop.
> 

OK, it's clear that the problem with my laptop is one of passwords.  My 
problem seems to be this:

This is a home network, with family users who just want to be able to 
print.  They have no other needs for the network.  They don't log on 
with passwords and aren't about to start now.

The laptop comes from a corporate-security world.  It can't be made a 
member of the home network's work group.  And attempting to access the 
printer is sending the userid from the laptop to Samba, so it can't be 
"nobody."

The following sentence in the docs that come with SWAT seems to offer a 
tantalizing suggestion:

"It is possible to use smbd in a  hybrid mode where it is offers both 
user and share level security under different  NetBIOS aliases."  There 
is a link on NetBIOS aliases, which explains what they are, but doesn't 
show an example of this "hybrid mode".

And yet the "hybrid mode" sounds exactly like what I want.  I want 
security=SHARE for my home users but I want security=USER for my laptop. 
  Can someone point me to an example smb.conf that implements such a 
configuration?

Thank you.

More information about the samba mailing list