I am thinking of saving some $$$ and moving a file server to linux from win2003 srvr std. This server will act as a file/ftp server. Easy enough right?

I have multiple WinXP computers that will need access to shared folders on this server. These shared folders will all be mapped when the computer logs into AD. In the smb.conf if you set the security to user it prompts for a user and password every time you connect, can you pass these creds via a windows batch file when it's trying to map to the shared folder on the linux server?

I have also played around with likewise, but it's more for adding/removing comps to AD, it doesn't really help configure rights/security for shares.

There is a major difference in the way XP Home and XP Professional operate here, a fact that I only recently tripped over. XP Home only knows how to be a member of a workgroup; XP Professional has the stuff in it to actually join a domain (in theWindoze sense). This may affect how you set up your Samba configuration.

Both OS versions do save the password used to log on, but that may or may not do any good, because XP Home, at least, always logs on with the username it gets from its logon. If that name is unknown to your Samba stuff, you are out of luck; it will demand new credentials. Fortunately, there is a facility in the Samba suite to deal with this. In /etc/samba, there should be a file named smbusers, and one named smbpasswd. The first produces a mapping from Windoze logon names to Linux accounts, and the second provides SMB passwords for those accounts. In order to get the Windoze users the access you are describing, I think you will have to create some Linux accounts with access to the shared stuff, and then create the mapping from those usernames to the linux accounts. Once this is done, the automatic password saving into .acl files on the Windoze systems should give you repeated logon without requiring your users to type in a password every time.

Good luck.

PS: To get XP Home to log on to the shared stuff, I had to put a .BAT file into the All Users start menu, so that it executed whenever anyone logged on.

thanks dkm, thats the answer I was looking for

Doing it this way still prompts for a login...is that unavoidable? On the upside the xp machines remember the creds for the share. Ultimately I would like them to be able to connect to the share without having to enter creds.

I created smb users with the same names and passwords as their AD accounts.

I then mapped the accounts in the smbusers file like this

unixuser = FQDN\AD-loginname

I can connect to the share, but it prompts for the creds first. I thought that by mapping a unix user to the AD account it would pass right through...maybe i mapped wrong?

Welcome to the complexities foisted on us by the good folks in Redmond.

As with so many things in this area, the answer is "it depends". There are 4 different styles of back-end interaction during authentication (user, domain, server, and ads). AFAIK, these all expect a username/password combo from the client machine that is logging in; I think that the FQDN part is not needed (or allowed) in the /etc/samba/smbusers mapping file.

Recent versions of the Samba suite allow you to turn on detailed logging for particular portions of the SMB interaction; I think you have reached the point where that is your best option to find out what is going on. My guess is that the client computer is attempting a logon, being rejected, and then asking the user to supply credentials. To examine whether this is actually the case, you can set the log level for smbd in the configuration file: After this, restart smbd, and have one of the client machines attempt access to one of the shares. This should produce a detailed logfile trace of what is happening inside smbd; from that, you can infer whether your mappings are working or not.

thanks again dkm...i will try this