Re: [Samba] Access to shares from within and outside of a Domain
Hi Marian, In summary, I want to be able to access the "Data" share without authenticating from both the W2K Domain and Standalone servers networks. The Data share is purely to store backup data and has been secured using ipchains, etc. What I need is a smb.conf file that lets me do this. Current set up below. Thanks - Richard. ** The samba system is set up as follows: -192.21.28.10 - W2K Domain server network Samba sys(Data share)-| -129.21.25.3 - Standalone servers network If I use "security = users" I get to the shares from the w2K domain, with a valid account, but get asked to authenticate from the stand alone machines. smb.conf for this set up below: [global] workgroup = TEST username map = /etc/samab/users.map security = user smb passwd file = /etc/samba/smbpasswd name resolve order = host allow hosts = 192.21.28.0/255.255.255.0 127.0.0.0/255.0.0.0 deadtime = 30 debug level =3 encrypt passwords = yes log file = /var/log/samba/log.%U guest account = nobody map to guest = bad user passwd program = /usr/bin/passwd %u unix password sync = yes passwd chat = New*Password* %n\n \ \nRe-enter*new*Password* %n\n \ *successfully*changed*\n [data] comment = Test share path = /data guest ok = yes browseable = no writable = yes create mask = 0760 directory mask = 0770 smbpasswd file: test:280:512A282D2562C7BEAAD...:[UX ]:LCT-3F27EAF8: nobody:99:AAD3B435B51404EEAA...:[UX ]:LCT-3F28CAC7: If I use "security = share" I get to the share from the workstations, without authenticating, but cannot map the share from the W2K domain. smb.conf for this set up below: [global] workgroup = TEST allow hosts = 192.21.25.0/255.255.255.0 127.0.0.0/255.0.0.0 name resolve order = host guest account = nobody username map = /etc/samab/users.map log file = /var/log/samba/log.%U security = share encrypt passwords = yes deadtime = 30 browseable = no debug level = 3 disable spoolss = yes [data] comment = Test share path = /data1 browseable = no writable = yes guest ok = yes create mask = 0760 directory mask = 0770 send not snipped all smb.conf and schematic router net conf of your servers and clients that one work and one not. Domain not domain is not exact diferent ... for standalone servers. You must have any missed config. Send list of users from smbpasswd. Bye. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Access to shares from within and outside of a Domain
Hi Marian, Guess what I'm really trying to do is make my share available to systems within our domain *and* to stand alone workstations (ie *not* in the domain). Unless I'm missing something obvious, it seems that you can do one or the other, but not both at the same time (although, i can't believe there's not a way of doing this)! The Domain and workstations also sit on different networks, hence the 2 NIC's. I've looked into smb.conf settings using both "security = user" and "security = share" (from the documentation, it would also appear that "security = domain" will essentially provide the same type of authentication as "security = user"). If I use "share" I get to the share from the workstations, without authenticating, but cannot map the share from the domain. If I use "users" I can get to the shares from our domain, with a valid account, but get asked to authenticate from the stand alone machines. This situation has arisen, as we need to backup systems within our domain and some stand alone workstations. I want to be able to provide a share that is available without authentication to either group of systems. Do you or any one in the samba community have any suggestions? Is this possible with samba? Thanks, Richard. Your problem is not samba but domain controller on eth2 subnet. W2k users on this net is joined to domain and samba not. Try create acount for samba on machine control panel W2k PDC as standalone NT server. Or simply join samba to domain from samba by smbpasswd -j ... Bye. - Original Message - From: "Richard Booth" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, July 29, 2003 4:28 PM Subject: [Samba] Access to shares via two NIC Hi, I have the following problem with samba: The set up: Redhat 9.0 system, with two NIC's (eth1/2) for two networks. Shares available: # smbclient -L TEST28 -U% # smbclient -L TEST25 -U% Both give - added interface ip=192.21.28.10 bcast=192.21.28.255 nmask=255.255.255.0 added interface ip=129.21.25.3 bcast=192.21.25.255 nmask=255.255.255.0 Domain=[WINS-BU] OS=[Unix] Server=[Samba 2.2.7-security-rollup-fix] Sharename Type Comment - --- data1 Disk Data Share IPC$ IPC IPC Service (Windows servers bachup shares) ADMIN$ Disk IPC Service (Windows servers bachup shares) Server Comment ---- TEST smb.conf: [global] encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd guest account = nobody allow hosts = x y z etc [Data] comment = Test Group Share path = /data browseable = yes writable = yes guest ok = yes Cleints connecting to smb server: All W2K server or W2K professional on both networks. The problem: Share /data1 can be seen and accessed using the guest account, by all system on interface eth1, but - Share /data1 can *not* be accessed using the guest account, by any system, on interface eth2. I get the classic error message "The account is not authorized to log in from this station" The only difference between the networks is that eth1 tends to have stand alone systems, whilst the systems on eth2 belong to a domain. This is driving me nuts! Any help would be much appreciated. Cheers, -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Access to shares via two NIC
Hi, I have the following problem with samba: The set up: Redhat 9.0 system, with two NIC's (eth1/2) for two networks. Shares available: # smbclient -L TEST28 -U% # smbclient -L TEST25 -U% Both give - added interface ip=192.21.28.10 bcast=192.21.28.255 nmask=255.255.255.0 added interface ip=129.21.25.3 bcast=192.21.25.255 nmask=255.255.255.0 Domain=[WINS-BU] OS=[Unix] Server=[Samba 2.2.7-security-rollup-fix] Sharename Type Comment - --- data1 Disk Data Share IPC$ IPC IPC Service (Windows servers bachup shares) ADMIN$ Disk IPC Service (Windows servers bachup shares) Server Comment ---- TEST smb.conf: [global] encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd guest account = nobody allow hosts = x y z etc [Data] comment = Test Group Share path = /data browseable = yes writable = yes guest ok = yes Cleints connecting to smb server: All W2K server or W2K professional on both networks. The problem: Share /data1 can be seen and accessed using the guest account, by all system on interface eth1, but - Share /data1 can *not* be accessed using the guest account, by any system, on interface eth2. I get the classic error message "The account is not authorized to log in from this station" The only difference between the networks is that eth1 tends to have stand alone systems, whilst the systems on eth2 belong to a domain. This is driving me nuts! Any help would be much appreciated. Cheers, -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba