[Samba] Re: Windows XP & greyed-out Guest user password prompt

Wed Mar 30 21:19:40 GMT 2005

It is because you are using

security = share

which is emulating the old Win9x way of sharing where the username is
irrelevant, which is why XP just sets it to guest and greys it out, and
all that matters is knowing the password to the particular share. 

Share a folder from Win9x using the type of sharing where you set a
password to access a folder and then access it from XP.  You'll see the
same thing - greyed out guest.

Tom Schaefer

On Wed, 30 Mar 2005 10:01:49 -0800
Jules Agee <julesa at pcf.com> wrote:

> Tony Earnshaw wrote:
> > Jules Agee:
> > 
> > 
> >>(replying to self again)
> >>Update:
> >>The Windows XP (SP2, BTW) client tries three times to log in to the
> >>Samba server with the Windows username, which is different from the
> >>Samba username. As one would expect, Samba replies to each of the
three> >>requests with a "STATUS_WRONG_PASSWORD" message, and in the same
packets> >>the Action segment reads 0x0001 "Guest: Logged in as GUEST". If
a new XP> >>user is created with the same username and password as the
Samba account,> >>the problem goes away. But if either the XP username or
the XP password> >>differs from Samba's info, the user is never prompted
for the real> >>username or password.
> > 
> > 
> > I don't understand. One either logs onto the domain (which has a name)
or> > onto the local machine (which has a different name). One can't logon
to> > both at the same time, the choice is given at logon time. The
advantage of> > the domain logon is, that users can move from machine to
machine (for> > example in a teachers' common room, as I have) and just
carry on with> > their work in a familiar environment. Why would you want
to synchronize> > local and domain accounts?
> 
> There is no domain, and no domain server. Due to circumstances out of my
> control, we are only using workgroup shares. The samba servers are set 
> "security = share" in smb.conf. They share authentication data via an 
> LDAP server, but that information is not accessible to or synchronized 
> with the local desktop logins at this time.
> 
> I don't want to synchronize them. What I want is for Windows XP to 
> *prompt* the user for which username they would like to use to access 
> the share on the Samba server, since the local Windows username will 
> always fail for the Samba server login. Instead, they are only presented
> with a prompt for the Guest password.
> 
> I should have been clearer in my earlier message. Here is the 
> blow-by-blow for the authentication dialog:
> 
> XP: Negotiate Protocol Request, what are your capabilities?
> Samba: Negotiate Protocol Response, I can do this and this and this
> XP: I'd like to make an anonymous connection to the $IPC share, please.
> Samba: OK, no problem. You're successfully connected as Guest.
> XP: How about you let me log in as (local XP uid, local XP pw) instead 
> of Guest?
> Samba: Nope, sorry, STATUS_WRONG_PASSWORD but Action = 0x0001 (you're 
> still logged in as Guest)
> XP: Aww, c'mon, lemme log in as (local XP userid, local XP pw)
> Samba: Nope, sorry, STATUS_WRONG_PASSWORD but you're still logged in as 
> Guest
> XP: PLEEEEEZE let me log in as (local XP userid, local XP pw)
> Samba: Uh-uh. STATUS_WRONG_PASSWORD. You're still logged in as Guest
> 
> The local XP userid doesn't exist in Samba's authentication data source,
> and it's not supposed to. When XP is unsuccessful doing the above 
> negotiation with a Windows 2000 or 2003 server, then it prompts the user
> for a different username and password. But when the user does the exact 
> same thing with a Samba server, it doesn't allow the user to choose a 
> different username. It just presents a dialog asking for the Guest login
> password.
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
> 