I wrote a few days ago because I couldn't get my Windows and Linux machines to see each other. Turning off the Linux firewall seemed to fix that problem. But now I've got a whole raft of new ones.

I'm running Windows XP Pro SP2 on one machine, and Suse Linux Enterprise Desktop on the other.

When I try to open a Linux folder on the Windows machine, I get asked for a password. Since I didn't set a password on the folder, I'm not sure what to do.

It's much worse on the Linux machine. When I browse the network, I get icons for the shared folders on the Windows machine, but when I click one of them, this message or something like it appears:



Cannot open smb-workgroup-My Music

The filename "smb-workgroup-My Music" indicates that this file is of type "x-directory/smb-share". The contents of the file indicate that the file is of type "desktop configuration file". If you open this file, the file might present a security risk to your system.

Do not open the file unless you created the file yourself, or received the file from a trusted source. To open the file, rename the file to the correct extension for "desktop configuration file", then open the file normally. Alternatively, use the Open With menu to choose a specific application for the file.


I have no idea what any of this means. I'm completely confused. Any of you ever seen this before? Thanks.

you need to read the samba docs.

post your smb.conf file.


Soule

It sounds like you have two problems to resolve. 1) Open the correct ports 2) Configuring SHARE level security mode in smb.conf.

If you to to YaST2 -> Security and Users -> Firewall, you can set up the firewall. You didn't supply much information on your network setup. Such as where you get internet access. If one interface on the Linux Box is connected to a cable/dsl/telephone modem, then that interface should be assigned to the external zone. Select "Interfaces" -> Select your modem or modem connected interface -> Select "Change" -> Select "External" in the drop down box. On one computer, I have the Wireless interface assigned to the "External" zone, and the ethernet interface assigned to the "Internal" zone. I have a cable modem so I am not using ppoe. Therefore the two interfaces are set up on different subnets.

Once you have the interface assigned to a zone, select "Allowed Services", on the list to the left. On the right select your zone in the top drop down box, and in the second drop down box, select "Samba Server" and click add.

Please install the "samba-docs" package. This will install a lot of Samba documentation including the book "Samba 3 by Example", by John H. Terpstra. The first example in the book is for a charity office, using the "security = SHARE" mode, and sets up a share that anyone in the LAN has full access to without needing to use a password. See Section 2.2.2 for this example. This sounds like what you want.

If you have an account on the linux machine, you might want to consider using USER level security instead.

# smb.conf is the main Samba configuration file. You find a full commented
# version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the
# samba-doc package is installed.
# Date: 2006-06-16
[global]
workgroup = MONITORTAN-MAIN
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
map to guest = Bad User
include = /etc/samba/dhcp.conf
logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U\.9xprofile
logon drive = P:
usershare max shares = 100
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
[profiles]
comment = Network Profiles Service
path = %H
read only = No
store dos attributes = Yes
create mask = 0600
directory mask = 0700
[users]
comment = All users
path = /home
read only = No
inherit acls = Yes
veto files = /aquota.user/groups/shares/
[groups]
comment = All groups
path = /home/groups
read only = No
inherit acls = Yes
[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @ntadmin root
force group = ntadmin
create mask = 0664
directory mask = 0775

You don't even have a "security =" line in the global section. Unless there is a fallback default, I think that you may want to add one. Since you have XP pro, you can also use "security = DOMAIN" and configure the server as a domain controller.

On other thing. You could use "swat" to configure your samba server. To do this, you will need to enable the xinetd services in YaST2. Then you need an xinet config for swat.
In Yast2 -> Network Services -> Network Services (xinetd) you can enable and start the service.

Then at the Linux server, point your web browser to "http://localhost:901".
This will give you the front page to Samba's administration tool. After you are finished, you can to into YaST2 again and stop, or disable the swat service. The xinetd config only allows access from localhost, and the firewall should prevent someone from spoofing the localhost address, but only starting the service when you need it is an extra precaution.

While you are at it, you might want to configure and secure the ssh server. If in the /etc/ssh/sshd_config file, if you have the line "AllowUsers yourusername" and change the "PermitRootLogon" entry to "no", this will do allot to securing your server from ssh attack. The "AllowUsers" takes precedent over "AllowGroups". Anyone else or any group will be denied access.

I think your last post came when I was writing mine. In your smb.conf file, I don't see a "security =" line. I also don't see a section for the share you mentioned. Do users have home directories on the server, or do you have a directory that you want to share to all users? How did you create the share? I don't really understand what you mean by "smb-workgroup-My Music". Do you mean, smb://workgroup/My\ Music or in a windows machine \\smb\WORKGROUP\My Music

By the way, life would be a lot easier if you got rid of the space in the share name. Sorry, but the "My " in front of everything is one of "My" pet peeves. If you just want to offer a share, then you might want to use "security = share". If this is to be a public share, consider creating a directory for the share outside your home directory if that is where is is. For example, /var/music/ or /home/music.
Then you could add a section like this to your smb.cnf file
Then add the user and group and change the permissions on the folder:
root# mkdir /home/music
root# chmod 755 /home/music
root# groupadd musiclovers
root# useradd -m musiclover
New password: XXXXXXXX
Re-enter new password: XXXXXXXX

root# chown -R musiclover.musiclovers /home/music
root# chmod -R ug+rwxs,0-w,0+rx /home/music

Also, make sure that the name of your server is in the /etc/hosts file. So that smbd can resolve the name of the Samba server to its IP address.

I adapted this from Example 2.2 of the Samba-3 By Example book.

Why don't you read this:
http://us5.samba.org/samba/docs/man/...#draft-smbconf
and change it to your needs?
Or, as SUSE-user, install the DOCs and read simply the DOCs in:
/usr/share/doc/packages/samba/