PUBLIC AND OPEN Samba share

[Netopia]

Hey All,

I've got a Linux box on the network that I want to have a totally public share. I've got OS-X clients and NT4 Domain clients and even some people that have XP-Home on their laptops (no domain authentication) and I need to be able to have anyone get into the share WITHOUT having to supply a username and password.

I've been pulling my hair out trying to make it work, but I can't seem to find a way. I keep testing from XP and NT and no matter what I do, an authentication dialog box always pops up.

Any ideas? Is it even possible?

Thanks,

Joe

 

[Robor]

I think you need to enable/configure 'guess access'. I did some googling and found a bunch of stuff on it but it looks like you'll have to edit your /etc/smb.conf file to do it.

 

[Netopia]

With guest access, it looks like they still need to enter "guest" and I have to allow null passwords. I'm looking for NO authentication.

OR...

Is there a way to make the Linux box check with my NT4 controller? Perhaps it could be made to operate as a normal share would on the domain and reuse the login info. The Samba server itself is recognized as a member of the domain already.

Joe

 

[Robor]

I was messing with this at home a few weeks ago. I managed to get my WinXP Pro box able to view the share. I can't remember if I had to enter username/password once and save it or if I added my Windows username to the Linux box and used the smb.conf file to allow access to that Windows username.

 

[Nothinman]

Guest access is no authentication, any version of Windows should be able to deal with that. You might also need to use the 'map to guest' option.

But you can most definitely have Samba do transparent authentication against a domain controller and that would be the preferred method since it'll actually give you some username accouting.

 

[doog519]

You said authentication dialog box always pops up. A couple things.... The current user on your Linux box is not admin? You should be logged in as a user. And does the user have a password?
If not the top line in the authentication dialog box should be just the computers name. Leave password blank click ok.
Other thing is.....Do you have your firewall disabled?

 

[cleverhandle]

You may also need the "guest only" option - otherwise the Samba server may try to do username authenticated access first and ask for credentials before falling back to guest access.

 

[Netopia]

Hmmm... no firewall between any of the boxes and the share is set up for "guest only" access. Still getting the dialog box for authentication.

None of the people who will use the share are users of the Linux box (nor have accounts), which is why I want to make it a purely public share.

Any other ideas?

Joe

 

[Nothinman]

You may also need the "guest only" option - otherwise the Samba server may try to do username authenticated access first and ask for credentials before falling back to guest access.

That's what 'map to guest' option is for, you can have it log them in as a guest as soon as they login with a bad username, password or uid.

 

[Netopia]

Originally posted by: Nothinman

You may also need the "guest only" option - otherwise the Samba server may try to do username authenticated access first and ask for credentials before falling back to guest access.

That's what 'map to guest' option is for, you can have it log them in as a guest as soon as they login with a bad username, password or uid.

So does that mean that what I'm looking for... a share that never asks for authentication as all... is not possible?.... or at least not without jumping through abnormal hoops?

Any idea how to get it to authenticate against an NT4 PDC? I saw Kerberos (looking under webmin) but I don't believe that NT4 is that advanced.

Joe

 

[MrChad]

Originally posted by: Netopia

Originally posted by: Nothinman

You may also need the "guest only" option - otherwise the Samba server may try to do username authenticated access first and ask for credentials before falling back to guest access.

That's what 'map to guest' option is for, you can have it log them in as a guest as soon as they login with a bad username, password or uid.

So does that mean that what I'm looking for... a share that never asks for authentication as all... is not possible?.... or at least not without jumping through abnormal hoops?

Any idea how to get it to authenticate against an NT4 PDC? I saw Kerberos (looking under webmin) but I don't believe that NT4 is that advanced.

Joe

A quick Google points in the direction of WinBind.

 

[Nothinman]

So does that mean that what I'm looking for... a share that never asks for authentication as all... is not possible?.... or at least not without jumping through abnormal hoops?

No, if you set 'map to guest = bad user' it'll log them in as guest automatically as soon as they login with a bad username which Windows will try automatically. Same thing with 'map to guest = bad password' except it requires a valid username IIRC. The extra hoop required is extremely simple, IMO. You might need to mess with permissions a bit, but you would have to do that anyway.

Any idea how to get it to authenticate against an NT4 PDC? I saw Kerberos (looking under webmin) but I don't believe that NT4 is that advanced.

You need to use ' security = [ads|domain|server]' (obviously ads will only work if you have AD setup) and 'password server = NT-PDC, NT-BDC1, NT-BDC2, *' just like the smb.conf man page says.

 

[Netopia]

I'm slowly getting my feet wet in Linux. It's hard when 95% of what I have to do all day is Windows support... but I thank you all for helping AND pointing me in the right direction to do more reading.

Merci Beaucoup!

Joe

 

[Jason Clark]

Good stuff

 

[xtknight]

 

[Nothinman]

I'm slowly getting my feet wet in Linux. It's hard when 95% of what I have to do all day is Windows support... but I thank you all for helping AND pointing me in the right direction to do more reading.

Yea, starting out is the hardest part because everything is done so differently, but it gets a lot easier once you get accustomed to it and after a while Windows starts to feel like the backwards system.

 

[Netopia]

The only thing I REALLY REALLY like about Windows better that *nix is how grainy permissions are. I'm sure you can probably replicate similar permissions in *nix, but I think you'd probably have to make a WHOLE bunch of different groups and have lots of strange, mixed assignments to them.

My favorite thing about most (obviously not ALL) *nixes is that they are FREE!

Joe

 

[cleverhandle]

Originally posted by: Netopia
The only thing I REALLY REALLY like about Windows better that *nix is how grainy permissions are. I'm sure you can probably replicate similar permissions in *nix, but I think you'd probably have to make a WHOLE bunch of different groups and have lots of strange, mixed assignments to them.

No, you would use POSIX ACL's. Slightly different from Windows groups in a couple of details, but the same basic idea.

 

[Nothinman]

The only thing I REALLY REALLY like about Windows better that *nix is how grainy permissions are. I'm sure you can probably replicate similar permissions in *nix, but I think you'd probably have to make a WHOLE bunch of different groups and have lots of strange, mixed assignments to them.

You can use POSIX ACLs as cleverhandle said, but you're still stuck with only rwx rights. Windows permissions are a lot more granular, but in most cases you don't need them and if you micromange your ACLs you just end up confusing yourself and causing more work =)

My favorite thing about most (obviously not ALL) *nixes is that they are FREE!

My favorite thing is the consistency when compared to Windows, but I guess I've been using them long enough now that I've become spoiled and gotten used to the freedom =)