[Samba] Bringing a laptop to a Samba Network

Steve Cohen scohen at javactivity.org
Fri Feb 25 05:13:26 GMT 2005


Craig White wrote:
> On Thu, 2005-02-24 at 21:20 -0600, Steve Cohen wrote:
> 
>>Steve Cohen wrote:
>>
>>OK, let me ask this question another way, short and simple:
>>
>>In a security=SHARE samba network, is there any way for a computer 
>>outside the workgroup to connect to and use (not talking about "see") a 
>>printer shared by samba on that network?
>>
>>I've been reading logs, manpages, books, nothing I've seen deals with 
>>that situation.  This is a simple home network to which I want to 
>>occasionally bring a company-owned laptop.
>>
>>Please don't answer with questions about drivers, etc.  A driver has 
>>been installed on the outside computer (a Windows 2K laptop owned by my 
>>employer).  I have administrative rights on that laptop.
>>
>>The error is "Access Denied".  How can Samba be configured to get around 
>>this given that security=SHARE is required?
>>
>>I just can't believe this is that hard.  What am I missing?
> 
> ----
> If I recall correctly - you are using Red Hat 9 and samba 2.2.x
> 
> It's been a long time since I used 2.2.x and I've never used security =
> share. I have even noticed Gerry exclaiming that he wished that it were
> never made available.
> 
> My understanding is that security = share represents a mode like windows
> 98 file & printer sharing where each share represents a different
> password/login.
> 
> You problem would appear that your laptop is sending DOMAIN\username to
> the samba computer as login credentials and that is your problem. I
> would expect that if you had logging set up high enough, you would
> discover what is happening.
> 
> Anyway, I was trying to encourage you to send the -U USERNAME%PASSWORD
> thinking that it would use those credentials instead of the DOMAIN
> \username since your computer is joined to a work domain.
> 
> You could probably map the user DOMAIN\username to a 'local' user -
> see /etc/samba/smbusers for the concept.
> 
> I know that Gerry has mentioned an alternative of map guest = bad user
> for 'guest' access but that has been with reference to samba 3 and I
> have no idea if that works for samba 2.2.x and have never done it
> myself. This is a question that comes up once a week and is certainly
> findable in the archives - probably in documentation for Samba 2.2.x
> too. 
> 
> In the end, I'm not convinced that security = share is all that
> different from security = user for your purposes.
> 
> I would imagine that many people on this list are likewise using samba
> 3.x and their recollections of 2.2.x may be as hazy as mine. I do recall
> that 'Access Denied' was a common feature of samba 2.2.x when the user
> wasn't a member of the 'printer admin' group and I am sure that I have
> mentioned it previously - this message does not necessarily mean that
> you can't print to it.
> 
> There should be logs in /var/log/samba/log.MACHINE_NAME
> or /var/log/samba/log.IP_ADDRESS_OF_LAPTOP that might show the problem
> with credentials.
> 
> Craig
> 
> 
> 

Thanks.  I tried the printer admin thing and that made the "access 
denied" go away, but nothing comes out of the printer.  Worse yet, I've 
managed to disable printing also from my local boxes, which were 
previously working, somewhere in all the other changes I made, which is 
even more annoying.

And did I keep a backup of smb.conf?  NOOOO!  That would have been TOO EASY!

It's time for bed.  I'm an idiot.  I do know where the log files are, 
however.  Remember, I tried to send one last night, much to your 
annoyance.  I've looked at lots of them, from logging at level 1 to 
level 9 and they tell me lots, but none of what I'm needing to know. 
Reading them is a whole art in itself.  And I'm a programmer!

Maybe I'll check out converting to a security=USER system.  You say 
there's little difference, given my needs.  I'm still not sure how to do 
this given I've got users who don't want to enter passwords to log on 
(my family).

You seem down on 2.2.  Does 3.0 make any of this easier?

Maybe I'll upgrade my OS.  Maybe I'll throw the whole thing in the 
garbage.  Gaaaaaah!

Good night, and thanks for your help.  Tomorrow is another day.





More information about the samba mailing list