On Wed, 2 Feb 2005 11:52:18 -0700, John H Terpstra <[EMAIL PROTECTED]> wrote: > Zane, > > In your original post you asserted that the documentation is deficient. > In what way are you offering to rectify the deficiency? >
I have found, that my original question, was from lack of understaning security. It was to get users to view the public directories on my Samba box without a password. I believe remote fixed that by telling me I should have Security = share in the global. That part, I did find in the documentation, particularly the Samba-guide.pdf, which I hadn't seen or found before you mentioned it. This caused my other desired function, to fail. (Samba based permissions to give a user write access, and allow others only read) > In the open source world there are many deficiencies - its just a fact of > life. The rule with open source is that because you have the source you can > fix the deficiency. That is something of an unwritten responsibility - when > you find a problem you fix it so that the next person does not have to go > through the same pain you did. I know, and I would be glad to help in any way possible. I love finding solutions and posting them in an effort to help other resolve their problems. I unfortunantly I haven't gotten into installing/usering the C++ compiler yet, although I think my 2 years of programing would be highly inadequite to even attemt to fix a problem (unless Very minor or small), I wouldn't be able to repair the source code. > > So please help sort out the deficiencies. There are two official Samba > documents: The Samba-HOWTO-Collection and the Samba-Guide. > I welcome your documentation updates in any form you can provide them. > You have my total attention and my commitment to fix the gaping holes. > > On Wednesday 02 February 2005 04:01, Zane Minninger wrote: > > Ok, I have read that PDF, and is doesn't look like it goes into what I > > want, but there is SO much info there, I'll be taking it to bed a for > > a few nights. Here is the basics that I have been able to > > understand--- > > > > I would like to have no username/password box appear when users on > > Win2000 and WinXP browse to \\server\ I would also like certain > > folders (\\server\pub\) to not require a username/password and only > > have Read access. > > Windows opens a secure channel to a server. It authenticates only the first > time that secure channel is opened. Subsequent connections from the client > use only already established credentials. You therefore can not do what you > want. In Windows NT4/200x/XPP an authentication failure may result in a > pop-up asking for new credentials but you should not depend on that for > access control as in many situations the client will not permit you access > anyhow. I agree, and concur. If you use the same loging session on the client box, the credientials are cached. I have been re-logging in each time after a successful attaching to the share, which does clear the credentials. The original though was if I needed to have write access to a folder, before making any connection to it, I could map a drive with crendentials and have the full access I needed. If I didn't, I just browse and could only read the data. > > > > The next step is the trick. > > > > Is there a way where in Windows I can Map a network drive and choose a > > different Username/password to connect to the \\server\pub share to > > give me permissions to add/delete. > > You just need to set your permissions and privileges in UNIX/Linux to work > correctly, or create additional shares for the same directory share point. That was the other way I was going to look into it. I do have the correct rights on the Unix system. The default / generic user has read to all folders in data (he has no rights but security is 775 for all files / folders in the shared directory. That should allow him read and execute, and it does if security = Share is turned on. > > > > OR > > > > Is there a way I can setup one share to not prompt for a > > Username/password and set another folder to prompt for a > > Username/Password. > > Show me how you would do this in Windows - Samba works that same way that > Windows does. In windows, I have tested this just now, My 2003 domain server (The pc is not attached, never has been, and there is no user accounts on it, app testing box only) I created a share, data. I gave permissions to the share of User1 and everyone. Everyone only has read. User1 has full control. I further went into the file system properties, stipped out all of MS's permissions and set User1 full control of all files and everyone read, read & execute, and List folder contents. I created 2 direcory below that. One private, one public. I kept the same permissions on public, giving user1 full and everyone read, read&execute, and list folder contents. I took out the everyone access to the private share and gave user1 full access. So, in a Linux based system, it would should look like this (correct me if I'm wrong) DATA (755) (I'm setting group access to 5 for now) | |------Public (755) | |------Private (700) So, with this configuration on the Win2003 server, again, my Personal PC is not part of the domain nor am I useing the same user name as the user on the box, I can log onto my WinXP pc, browse to \\server\data and it shows me the folders public and private. I can not copy a file here. I browse to public, I can not copy a file here either. I can not browse to private. Error, no access/permission. I log off my WinXP pc, and re login. I then map a network drive to z:\ \\server\data specifing a user of user1 and his password. When I browse my z:\ I can copy a file there (data directory), I can browse to public and copy a file there, I can browse to Private and copy a file there. The original test, where I didn't map a drive, and I just browsed to \\server\data gave me the access I needed, and just as importantly, did not ask me for a username / password. Again, this was my orignal desire. I don't like using windows, it doesn't house my large data structure, and I don't like having to re-load the OS every couple of years, trying to presuve the permissions, ETC so I want to use linux for this. > > ----------- > > From what I have seen, security = share will ignore all user login > > information. So, if I set the access to Share, Everyone can see > > everything. Period. Essentially I can't control a particular user > > access to any share. > > You need to read and digest the documentation better. Share mode security uses > only a password. That password can be "no password" or a password for read > access or for "full control" access. Read the documentation - that > information is in the Samba-HOWTO-Collection. I'll look samba's site as well as the how-to sites again for that, I never saw a place for that, although I'm not sure if that will help, I'm more than willing to learn. > > > > If I set the Security = User, it requires a username and password for > > each connection, even to \\server\. It won't let anyone connect and > > just view the certain shares. > > > > So, in senario terms, Bob can browse \\server\share1 from his PC and > > can see everything in the folder with read writes but not > > create/delete/modify rights. He adds a drive mapping for > > \\server\share1 and sets it to Z:, choosing to specify a username and > > password. He can now access \\server\share1 via Z:\ and has the > > pemission to create/delete/modify the files/folders. > > > > OR > > > > Senario 2, Bob browses to \\server\share1 where he can read all files, > > but doesn't have create/delete/modify rights, but he then browses to > > \\server\share2 which is the same directory as share1, but he is > > promped for a username and password, which he puts in and has full > > access to the folder. > > > > I hope this helps. I understand if I get replys of "It doesn't work > > that way, you can't do it, ETC" It would just be nice for anonymous > > read access, and then I can login and modfiy the files. > > How would you do all this with a Windows NT4/200x/XP server backend? > Samba does it the same way! I posted above a little more information about how I can attain the results I want on a Windows 2003 server. If need be, I'll put in my Win2000 server HD and test on the OS as well, although I think it will be the same. > - John T. Thank you for all your help John, as you probably notice I'm relativly new to Linux as a whole ane even more so to samba. Any help would be greatfull. If you would like, I have PC Anywhere setup on both my PC and Win2003 server if you want to see what I'm talking about with my example. And thank you for your patience. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
