LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Closed Thread
  Search this Thread
Old 07-01-2013, 08:18 PM   #1
Dev00
LQ Newbie
 
Registered: Jul 2013
Posts: 5

Rep: Reputation: Disabled
Sharing a Samba mount from Linux across multiple Windows users.


I'm not sure if this topic falls under a Windows forum or Linux.

Here's what I'm trying to achieve:

- Expose a file path in Linux through Samba service.
- Mount the same path as a Windows Drive, say X:, on a Windows 2003 Server, as the NT System account, so that services running on windows can see it.
- Allow users who have accounts on the Windows 2k3 server also see the X: drive for read/write access

I have been able to achieve exactly the above when
a) the remote file system was another windows machine and SMB/NetBIOS was used to share/mount/access the drive
b) the remote file system was an NFS mount from a AIX/Unix share

When Linux is used as the file system host, the mount process itself works, and the resulting X: drive can be accessed by the user who mounted it. Of course, in this case the NT System is mounting it and can be accessed as well. However, when another user logs in, he/she can see the X: drive, but a password not correct error pops up when the drive is double-clicked.

The drive is mounted using the standard format:

net use X: \\server-name\path <password> /user:<application-system-user> /persistent:YES

The smb.conf entry for security looks like this:

security = share
passdb backend = tdbsam
valid users = <application-system-user>
path = /shared-path/
writeable = yes
:
:

While I know "security = share" is deprecated, when "security = user" is used instead, the error message complains of a user name and password.

Long term, I may use a domain controller and configure accordingly with the "security = domain" option. But for now I am willing to make it work with the share or user option.

I was able to work around by adding the failed user's username/password in smbpasswd, adding the user to the "valid users" entry in smb.conf, and adding the relevant entry in smbusers.

It looks like Windows 2003 is negotiating the logged on user's credentials instead of what is already mapped within the pre-authenticated mount ! How do I force the share to auto-negotiate using the <application-system-user> credential instead ? Especially since this works fine for the Windows/SMB and Unix/NFS share from the exact same Windows 2003 server (smb client).

The <application-system-user> is a valid Linux account as well as a samba account, with all the right read/write privileges. I've even changed group security policy to use LM, NTLM or even NTLMv2 when possible, within the Windows 2k3 server to see if it's a negotiation error. Made no difference. What am I missing here ?

Any assistance is appreciated.

Regards,
Dev

Last edited by Dev00; 07-01-2013 at 08:20 PM.
 
Old 07-04-2013, 09:00 AM   #2
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 3,348

Rep: Reputation: Disabled
You really need to use something other than security = share, as not only is is deprecated in Samba, it doesn't work properly in any post-ME version of Windows.

Quote:
Originally Posted by Dev00 View Post
- Allow users who have accounts on the Windows 2k3 server also see the X: drive for read/write access
Do you want Samba to authenticate against Active Directory? In that case, what you're looking for is security = ADS, and you will have to create a computer account in AD by "joining" the domain with net ads join.
 
Old 07-05-2013, 12:47 PM   #3
Dev00
LQ Newbie
 
Registered: Jul 2013
Posts: 5

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by Ser Olmy View Post
Do you want Samba to authenticate against Active Directory?
I will want to use AD authentication later, but not just yet. The purpose right now is to limit access to the Linux share to only users who have access to the Win2k3 server (SMB client). So, as long as they log in to the Windows server through their domain account or a local host account, they can transparently access the share (say, through drive X: ) without having to run scripts, perform mounts, request additional permissions etc.,

I'm willing to drop security = share in a heartbeat, if I can get the prerequisites for security = user to work. What setting can I enter in the smb.conf file and/or change in Windows, to ensure the credential used to mount the share should be the one used to negotiate the logged in user's access instead of their own ?

Last edited by Dev00; 07-06-2013 at 02:51 PM.
 
Old 07-06-2013, 03:07 PM   #4
Dev00
LQ Newbie
 
Registered: Jul 2013
Posts: 5

Original Poster
Rep: Reputation: Disabled
Moving this thread to Linux-Server, where it belongs. Here's the link if anyone would like to help answering the question:

http://www.linuxquestions.org/questi...08#post4985308
 
  


Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
RedHat Samba file ownership issues sharing with Windows users JayNic Linux - Newbie 3 12-04-2011 09:09 PM
Samba-Linux and Windows sharing cwhiteacre Linux - General 2 01-20-2011 10:32 PM
multiple users sharing same /home ? emamarro Linux - Newbie 8 02-18-2010 04:28 AM
Sharing date between two users, one Linux, One Windows enine General 9 12-03-2006 10:07 PM
windows\linux samba sharing mullog Linux - Networking 18 01-26-2005 10:37 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 11:02 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration