Sharing a Samba mount from Linux across multiple Windows users.
Moving thread here from Linux-Networking.
I'm not sure if this topic falls under a Windows forum or Linux.
Here's what I'm trying to achieve:
- Expose a file path in Linux through Samba service.
- Mount the same path as a Windows Drive, say X:, on a Windows 2003 Server, as the NT System account, so that services running on windows can see it.
- Allow users who have accounts on the Windows 2k3 server also see the X: drive for read/write access
I have been able to achieve exactly the above when
a) the remote file system was another windows machine and SMB/NetBIOS was used to share/mount/access the drive
b) the remote file system was an NFS mount from a AIX/Unix share
When Linux is used as the file system host, the mount process itself works, and the resulting X: drive can be accessed by the user who mounted it. Of course, in this case the NT System is mounting it and can be accessed as well. However, when another user logs in, he/she can see the X: drive, but a password not correct error pops up when the drive is double-clicked.
The drive is mounted using the command:
net use X: \\server-name\shared-path <password> /user:<application-system-user> /persistent:YES
The smb.conf entry for security looks like this:
security = share
passdb backend = tdbsam
valid users = <application-system-user>
path = /shared-path/
writeable = yes
:
:
I know security = share is deprecated. When security = user is used instead, the error message complains of a user name and password.
Long term, I may use a domain controller and configure accordingly with the security = domain option. For now I will have to make it work with the share or user option.
The "workaround" is to add the username/password (of the user that logs in to the windows server to access X: drive) to smbpasswd. In addition the username should be added to the "valid users" entry in smb.conf, and to smbusers.
It looks like Windows 2003 authenticates the logged on user's credentials instead of what is already mapped within the pre-authenticated mount ! How do I force the share to utilize the <application-system-user> credential instead ? Especially since this works fine for the Windows/SMB and Unix/NFS share from the exact same Windows 2003 server (smb client).
The <application-system-user> is a valid Linux account as well as a samba account, with all the right read/write privileges. I've even changed group security policy within Windows 2k3 to use LM, NTLM or even NTLMv2 where possible to eliminate credential type negotiation errors. Made no difference. What am I missing here ?
Any assistance is appreciated.
Regards,
Dev
Last edited by Dev00; 07-07-2013 at 07:29 AM.
Reason: Clarification
|