-   Linux - Software (
-   -   samba network share access (

Goma_2 03-03-2005 08:29 AM

samba network share access
When a windows user clicks on a samba network share in windows explorer he will be prompted to type in alternate user and password credentials if his current user doesnt have access right for that share. How can i avoid this?

I dont a user to be able to log onto a samba share with any credentials different from the ones he used to start his windows session. Ive looked for parameters in smb.conf but there doesnt seem to be any.

In some cases, this can be a security risk.

Can anyone help, please?

Matir 03-03-2005 09:38 AM

There is no way (that I am aware of) to block this from the samba side. Perhaps, though I'm not sure, under windows there is a policy that can be set to only try the logged in info.

houdelou 03-03-2005 09:42 AM

-Create a linux account wich has the same name as the windows account. The account should have a blank password and you should put /dev/null as shell for the account.

-After, create a samba account with pdbedit wich also have a blank password.

-Create the network drive map on your windows machine.

Thats'it you should be able to log in with your windows account without supplying any password.

Goma_2 03-03-2005 10:26 AM

I've searched for group policies in windows but all i find for "windows explorer" as far as alternate credentials are concerned, has to do with not asking for credentials when installing new software locally or over a network share. There is nothing about validating a user logging onto a share.

Actually, i don't think windows xp in a domain asks for alternate credentials when a user clicks on a windows share, it only does so if its a samba share. Thats why i think it has to do with samba and thats why there are no windows group policies for this matter. Does it make sense?

Do u know of any specialized samba forums apart from the insufferable samba mailing lists where i can ask about this matter?


Darin 03-03-2005 10:54 AM

to get technical, when you double click a computer in network neighborhood, Windows makes a connection to the IPC$ share with no username to get the list of shares. This is a weird implimentation, and works in windows because unauthenticated users get treated differently under Linux.

I couldn't find a single good document on the web for how to get this working, but it is possible in Samba. Try man smb.conf or man smbclient and look for guest account information, as you will have to enable the guest account in samba and map it to a Linux user account, I use the ftp account.

Goma_2 03-04-2005 07:07 AM


thanks for your post, however, i fail to see what the guest account has to do with all this. For all my samba shares, the option "guest ok" is set to "NO".
Its not that i want users to access my shares without the need of a password. its that I dont want them to access a share if their windows user and passwd are rejected by the share/samba. furthermore, if this is the case, i dont want the popup window allowing for alternative credentials to appear.

imagine you, as windows user "darin" click on a samba share to which u have no access rights. a popup window allowing to to enter an alternate user and password appears. here u type Goma_2 and my passwd, click enter and u access the share.
what i want is to keep this window from appearing. no alternate credentials. if "darin" doesnt have access to a share thats the end of it.

any ideas?

Darin 03-06-2005 01:10 PM

Sorry, I misread your original question. Unfortunatly, I belive the prompt for a new user/pass is an implimentation of Windows, it's done by the client computer, not the [samba] server. It may be possible to work around this with settings in Samba though, I'm just not aware of how.

As a source of information, I find all the online guides on the Samba homepage to be the most useful. These would be everything in the "learn samba" section of links, although you may have to wade through a lot of other information to find anything of relevance.

All times are GMT -5. The time now is 09:28 AM.