Welcome to the most active Linux Forum on the web.
Go Back > Forums > Linux Forums > Linux - Software
User Name
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.


  Search this Thread
Old 01-08-2007, 08:37 PM   #1
Registered: Oct 2006
Location: Victoria, Australia
Distribution: Fedora 10
Posts: 127

Rep: Reputation: 16
Configuring Public and Secured Samba Shares

I have Samba running on an FC5 box, with a public share and several secured shares accessible from our WinXP clients. I've a couple of questions people might be able to help me with:

1. I'd like to enable access to the public share with no credentials being required (security = share in [global] section) *and* require credentials to access the secured shares (security = users). Can this somehow be done - ie, specify the security at the share level, rather than in the [global] section? I seem to be only able to have one *or* the other - either everything is accessible with no credentials, or everything requires credentials, depending upon the value of security in [global].

I've noted a suggested solution posted in thread 468244 (specify guest ok = yes, guest account = guest, guest only = no in [global] section), but I still have to supply security credentials for the public share after making these changes - that solution has not worked for me. Edit: the suggested solution was actually for parameters in the public share section - my typo. I had the parameters in the correct section.

2. With security = users in effect, I can only connect to one secured share at a time from a given WinXP client (although different shares are simultaneously accessible from different WinXP clients). Windows pops up "Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed..." If I have the credentials for several secured shares, why shouldn't I be able to connect to them all from the same WinXP session? Is this a Windows constraint, or a Samba constraint?

Thanks in advance,

Last edited by JonBL; 01-09-2007 at 11:08 PM.
Old 01-09-2007, 08:41 AM   #2
Registered: Sep 2003
Location: NW Arkansas
Distribution: Linux Redhat 9.0, Fedora Core 2,Debian 3.0, Win 2K, Win95, Win98, WinXp Pro
Posts: 344

Rep: Reputation: 31
Hi JonBL. I too have a FC5 box running samba. Before that it was FC2. Anyway, the way that I would handle your situation (if I understand correctly) is to establish the share that you want open access to and use the guest account for just that share. Not globally, just that share. As far as accessing multiple shares, I connect to four of them simultaneously all the time. I simply map the share from Windows as a networked drive and stay connected. If I reboot windows (LOLLLLLLL) it reconnects. If you didn't want to map it as a drive, it might be difficult for windows to run four (or whatever) number of explorer apps running simultaneously. The problem is with windows I'm saying, not samba. That is what linux is for: multiple simultaneous connections. That's it's speciality!
Old 01-09-2007, 09:34 PM   #3
Registered: Nov 2005
Location: Brisbane AU
Distribution: FC16
Posts: 51

Rep: Reputation: 17
Have a look at Buttugly's samba FC5 How to guide

The section on Sharing Network Directories sounds like what you are trying to do.
Old 01-10-2007, 12:37 AM   #4
Registered: Oct 2006
Location: Victoria, Australia
Distribution: Fedora 10
Posts: 127

Original Poster
Rep: Reputation: 16
Thanks Scooter for your reply. In my original post for solution proposed by thread 468244, I indicated the suggested parameters were in the [global] section - they are actually in the [public] section as a follow-up edit shows - my typo. But the proposed solution does not help me.

My smb.conf file is as follows:

netbios name = blakes-FC5
workgroup = BLAKES
; security = share
; encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
server string = FC5 Samba Server
hosts allow = 192.168.1. 127.

comment = Public read-only
path = /usr/samba/public
; writeable = no
guest ok = yes
guest account = guest
guest only = no

comment = Jon's home
create mask = 0700
valid users = jon
writeable = yes
path = /home/jon
browseable = yes

path = /home/chiarina
create mask = 0700
writeable = yes
browseable = yes
valid users = chiarina
comment = Chiarina's home

Passwords exist in the smbpasswd file for users jon and chiarina. security in the [global] section defaults to user (as I understand it).

Back on the WinXP client, I can navigate "My Network Places" -> "Entire Network" -> "Microsoft Windows Network" -> "Blakes", and see entry "Blakes-fc5", as expected. Click on that, and I get a "Connect to localhost.localdomain" login dialog, and I can log in with credentials for valid user jon (or chiarina). "Blakes-fc5" then expands to reveal shares "chiarina", "jon" and "public". When I then click on "jon" (or "chiarina") or "public", I can see the files in the share. When I click on the other secured share, another login dialog is displayed, but I then get the message I identified in my original post when I supply its username and password credentials.

I've mapped drive Z: to /home/jon after connecting with credentials for [jon], and drive Z: is now a networked drive as expected. I haven't mapped the public share, yet. When I reboot the WinXP client, drive Z: is still there, but when I click on it I get a "Connect to" login dialog for user jon. If I supply the correct password, I'm in.

Your response indicates you do not have to re-supply connect credentials for a mapped drive to a secured share after a reboot of your WinXP client, as I seem to have to. And as noted above, I still can't get to the public share until I supply a password for jon or chiarina.

I'm curious about how you defined your secured shares in a way that allows you to access all of them from one WinXP session, ie, how you avoided the "Connect to" dialog when you click on a drive mapped to a secured share. Would you be able to show us your smb.conf file?

And I've still got no idea about how to provide access to [public] without first supplying a password, other than setting security = share in the [global] section. If I do that, then there is no security on the [jon] or [chiarina] shares... Surely Samba can provide open access to some shares, and protected shares to others?

Old 01-10-2007, 05:05 AM   #5
Registered: Sep 2005
Location: New delhi
Distribution: RHEL 3.0/4.0
Posts: 777

Rep: Reputation: 31
There's no need to change your security mode to share in any case.

In you global meta-service, add
map to guest = bad user
& use this for your public meta -service
comment = Public read-only
path = /usr/samba/public
read only = no
guest ok = yes
Thats it, prior to this give the ownership of /usr/samba/public to nobody:nodody & you are done. You do not need to login to access this share. Any user from any box (as per your host allow) will be able to read write & cd into this & further directory & all the time will use the credentials of nobody:nobody.

Apart from the above code, you can have security = user in this smb.conf & make it work for authenticated access as well(in other meta-services).
Old 01-10-2007, 07:25 PM   #6
Registered: Oct 2006
Location: Victoria, Australia
Distribution: Fedora 10
Posts: 127

Original Poster
Rep: Reputation: 16
Thanks, Amit. Your suggestion has fixed the login dialog issue on the [public] share. On the WinXP client, I've mapped drive X: to [public], and drives Y: and Z: to [chiarina] and [jon] respectively. When I click on X:, I see the contents of /usr/samba/public without seeing a connection login dialog first. If I then click on Y: or Z:, I get a connection login dialog, but when I supply the correct credentials, I get a Windows error "Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed." What does this mean?

I have to reboot the WinXP client befor I can successfully restore the connection for either Y: or Z:
Old 03-28-2007, 03:43 AM   #7
LQ Newbie
Registered: Mar 2007
Posts: 1

Rep: Reputation: 0
dont map the drive manually

use a netlogon script with something like this in it (test it on a windows box);

net use T: \\linuxbox\users\public

that way you wont have to do it for each client machine



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Both Public and Restricted shares on one Samba server ? TACtech Linux - Software 10 07-28-2006 07:23 AM
Samba does not allow writing to public shares / browsing home directories disallowed Xolo Linux - Software 6 02-14-2005 04:22 PM
Configuring WPA-secured wireless network dori Slackware 1 10-07-2004 06:30 AM
Linux can mount samba shares but not windows shares bindsocket Linux - Software 1 12-01-2003 05:28 PM
Problems connecting to samba shares from w2k or XP systemafter configuring smb.conf f marvc Linux - Software 0 06-09-2003 07:12 AM > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 06:54 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration