Guest chotie Posted August 14, 2003 Report Share Posted August 14, 2003 I used swat to create the share and it looks ok. From the windows machines i can see the share but when i try to access the samba share it asks for password?? Any suggestions or hints are very appreciated. Br, chotie chot@home.se Quote Link to comment Share on other sites More sharing options...
MottS Posted August 14, 2003 Report Share Posted August 14, 2003 You have to either run a 'share' level security or 'user'. Now, if you are asked for a password then you run a 'user' level security samba. Read the following and modify your /etc/samba/smb.conf according to your needs. 'share' Or 'user' Level Security----------------------------------- Samba has two authentication models which do not rely on a third server, 'share' and 'user'. On 'share' level security, requests are authenticated per share, on 'user' level, the default, the request is authenticated before listing the shares. While this seems to be a minor detail, it is worth considering which level you want. The 'share' level makes it easier to set up public shares on the Linux server, whereas the 'user' level provides a bit more comfort and security for authenticated logins. In the first incarnation of this article back in '99, I described the setup using the 'share' level. In it's second incarnation in '01, I switched to 'user'. Each attempt left some people unsatisfied. So this time, I'm going to describe both, and you can choose which one you want to implement ;-). section index top Configuring A 'share level' Samba Server ------------------------------------------------ Either use SWAT or open '/etc/samba/smb.conf' in a text editor as 'root'. Change the workgroup default value to the one you are using on your network. Change security = user to security = share. Search for the [tmp] section and remove the semicolons in front of these lines: [tmp] comment = Temporary file space path = /tmp read only = no public = yes Save and start the Samba server as 'root' with service smb start This allows all clients ('public = yes') in your workgroup to access the '/tmp' directory on your Linux machine and to put files there ('read-only = no'). Accessing Home Directories Example: Your account name on the Linux machine is 'jim', your profile name on the Windows machine is 'Jim Smith'. You want to use your 'Jim Smith' profile to access your 'jim' home directory. Open '/etc/samba/smb.conf' in an editor as 'root'. Remove the semicolon in front of the line username map = /etc/samba/smbusers Open '/etc/samba/smbusers' as 'root' in an editor. Add the line jim = "Jim Smith" As 'root', run the command smbpasswd -a jim using jim's account password as the new Samba password. Restart Samba as 'root' with service samba restart Go to your Windows machine and hit the 'reload' button in the 'Network Neighbor'. A new folder ('jim') will appear. Double click on it, provide the password (not the password of the profile on the Windows machine, but the password of the 'jim' account on the Linux machine!), et voila, jim's home directory. Explanation: In '/etc/samba/smb.conf', you'll find this entry: [homes] comment = Home Directories browseable = no writable = yes This opens all valid home directories on the Linux machine for read / write access. In order to access a home directory, the user profile name from the Windows machine has to match the Linux account name the home directory belongs to. Otherwise the share isn't even displayed ('browseable = no'). In order to map a Windows user profile name to a Unix account name, the file '/etc/samba/smbusers' is used. Notice that you can map an arbitrary number of profile names against a Unix account name. If the profile name contains empty spaces, it has to be enclosed in quotes. Alternatively you can create a user profile on the Windows machine with a user name which matches the Unix account name ('jim' in the given example). Then no mapping on the Linux machine has to be performed. SMB and the Unix user account system both use one-way encrypted authentication. Since there is no way to decrypt one of these systems and thus compare hashes, Samba needs its own password file, '/etc/samba/smbpasswd'. Notice that accounts added to that file via the 'smbpasswd' commandhave to be valid accounts on the Linux system. The passwords do not have to match, though, that is you can set a Samba password different from that account's password on the Unix machine. Using the '-n' option to 'smbpasswd', you can also 'create' passwordless accounts, but then you have to add null passwords = yes to 'smb.conf' in order to allow clients to access shares under these accounts. Changes to the '/etc/samba/smbpasswd' file require restarting the Samba server to take effect. section index top Configuring A 'user level' Samba Server ------------------------------------------------ Open '/etc/samba/smb.conf' as 'root' in the editor of your choice: Set the 'workgroup' value to the workgroup your MS Windows machines are members of. Below that option add this line: map to guest = Bad User Scroll down to ; guest account = pcguest Remove the semicolon and replace 'pcguest' with 'ftp' Scroll down to [tmp] and remove the semicolons from these lines: ;[tmp]; comment = Temporary file space; path = /tmp; read only = no; public = yes The first step makes the Samba server a member of the Windows workgroup. The last opens the '/tmp' directory ('path = /tmp') for read / write access ('read only = no') to every member ('public = yes') of the workgroup. The second and third step need some more elaborate explaining. In 'user' level security mode, 'Samba' relies on '/etc/samba/smbpasswd' to decide if a connection request is granted or not. That is, authentication is performed before the available shares are listed. In 'share' level security, shares appear on the browse list without authentication (unless browseable = no is set). If you try to connect (e.g. by clicking on the machine name in the 'Network Neighborhood' window) from a Windows machine with a user profile name / password combination not listed in '/etc/samba/smbpasswd', you will be presented with the dreaded 'IPC$' share password window. This window is bogus, you can't provide a matching password. In order to allow non-authenticated connections from the workgroup, Samba has to be configured to treat requests with 'invalid' SMB account names as 'guest' logins and to map that 'guest' login to an existing system account. That's what you are doing in steps two and three. Now start (or restart) the Samba server with service smb start Open the 'Network Neighborhood' on a Windows machine and display the workgroup. Your Linux Samba server should now appear along the other machines. Double click on it and the 'tmp' share should be displayed. Congratulations! ;-). Accessing Home Directories -------------------------------- Example: Your account name on the Linux machine is 'jim', your profile name on the Windows machine is 'Jim Smith'. You want to use your 'Jim Smith' profile to access your 'jim' home directory. Open '/etc/samba/smb.conf' in an editor as 'root'. Remove the semicolon in front of the line username map = /etc/samba/smbusers Open '/etc/samba/smbusers' as 'root' in an editor. Add the line jim = "Jim Smith" As 'root', run the command smbpasswd -a jim using the password for the 'Jim Smith' Windows user profile as the new Samba password. Restart Samba as 'root' with service samba restart Hit the 'reload' button in the 'Network Neighbor'. A new folder ('jim') will appear. Double click on it, et voila, jim's home directory. Notice that in contrast to 'share' level security, you will not receive a password request upon entering the home directory. This is because you have already been authenticated earlier. SOURCE: The 'OLD DOCS' button top right of this forum ;-) MOttS Quote Link to comment Share on other sites More sharing options...
Guest chotie Posted August 14, 2003 Report Share Posted August 14, 2003 Thanks.. I will try that first thing tomorrow!! By the way, can you recommend any good book in Mandrake linux? Br, Chotie chot@home.se Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.