I'm trying to replace an old Windows 2000 server that is current set up with a
number of open anonymous shares used by a legacy application that must remain
in production for a few more years. I spent a few hours trying to create
anonymous shares on a 2008 R2 box but gave up. My next idea was to use Samba
to create an anonymous share, and following this quick-n-dirty HowTo:
http://www.debuntu.org/samba-how-to-share-files-for-your-lan-without-userpassword/,
I set up a Lucid Lynx box with samba (3.4.7~dfsg-1ubuntu3.10) to do just that.
Works great... as long as you're on the same subnet as the Samba server.
So our subnets are roughly set up thusly:
* 172.21.11.0/24 - Linux servers
* 172.21.110.0/24 - Test PCs (Win7 x64)
* 172.18.224.0/20 - Production PCs (Win7 x64)
* 204.133.165.0/24 (treated as an internal network, don't ask) - Old server
subnet
And the specific machines I'll be discussing are:
* 172.21.11.24 - Samba server (wrc-deploy)
* 172.21.110.68 - My test PC (Win7 x64)
* 204.133.165.24 - Old Windows 2000 server
So from another Linux server, on the same subnet (broadcast domain), I can do
the following without a problem:
jheese@wrc-aptcache1:~$ smbclient -NL wrc-deploy
Domain=[WELDCORCC] OS=[Unix] Server=[Samba 3.4.7]
Sharename Type Comment
--------- ---- -------
APS Disk APS share
CARSBIN Disk CARSBIN share
CARSPROJ Disk CARSPROJ share
CivilDocs Disk CivilDocs share
DA_CrystalEase Disk DA_CrystalEase share
RMSDist Disk RMSDist share
RMSDistTRN Disk RMSDistTRN share
RMSTools Disk RMSTools share
TibCAD Disk TibCAD share
IPC$ IPC IPC Service (wrc-deploy)
Domain=[WELDCORCC] OS=[Unix] Server=[Samba 3.4.7]
Server Comment
--------- -------
Workgroup Master
--------- -------
WORKGROUP WRC-DEPLOY
jheese@wrc-aptcache1:~$ smbclient -N //wrc-deploy/RMSDist
Domain=[WELDCORCC] OS=[Unix] Server=[Samba 3.4.7]
Server not using user level security and no password supplied.
smb: \> ls
. D 0 Mon Mar 25 15:44:53 2013
.. D 0 Mon Mar 25 15:24:20 2013
test A 0 Mon Mar 25 15:45:01 2013
60617 blocks of size 262144. 49484 blocks available
smb: \> q
jheese@wrc-aptcache1:~$
Great!
However, from my Windows test PC on the 172.21.110.0/24 subnet, if I try to
browse to \\wrc-deploy or \\wrc-deploy\RMSDist, say, I get "The account is not
authorized to log in from this station."
However, and I think this is key, I can browse to \\172.21.11.24 and
\\172.21.11.24\RMSDist without a problem... DNS is absolutely working
properly, and I can ping, telnet, etc. to the name "wrc-deploy" from my test PC
without a problem.
Also, I know that it's not the old NTLM/LM security options because I can hit
the old Windows 2000 server's shares from my test PC without a problem, and
it's on the old server subnet, 204.133.165.0/24.
To my knowledge, no WINS server has ever been configured on this network, nor
do we have any broadcast forwarding configured on our routers to make the old
server's shares browse properly.
I've Googled the crap out of this, including the specific error message, seeing
about using Samba 4.x to do this instead of Samba 3.x, whether WINS is
necessary (I'd really like to not have to go this route if possible), and
everything else, but I can't find anyone else in this same situation.
So, can anyone please suggest ways to make this work. I don't care how it's
done, but the requirements are:
* Anonymous CIFS shares
* Works by name across subnets
* Without a WINS server on each subnet (we have waaaaay too many subnets, some
in weird places)
* (Preferably) Without WINS altogether
Let me know if you need any specific information as far as config files,
versions, or diagrams. Thanks in advance!
Jon Heese
Systems Administrator
Weld County Computer Services
ACS Government Systems, Inc., A Xerox Company
tel: 970-304-6570 x2552
jhe...@co.weld.co.us
Confidentiality Notice: This electronic transmission and any attached documents
or other writings are intended only for the person or entity to which it is
addressed and may contain information that is privileged, confidential or
otherwise protected from disclosure. If you have received this communication in
error, please immediately notify sender by return e-mail and destroy the
communication. Any disclosure, copying, distribution or the taking of any
action concerning the contents of this communication or any attachments by
anyone other than the named recipient is strictly prohibited.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
