LISTSERV - HP3000-L Archives

HP3000-L Archives

September 2003, Week 2

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L September 2003, Week 2

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: SAMBA/iX problems from a neophyte
From:	Lars Appel <[log in to unmask]>
Reply To:	Lars Appel <[log in to unmask]>
Date:	Sat, 13 Sep 2003 17:17:44 +0200
Content-Type:	text/plain
Parts/Attachments:	text/plain (63 lines)

>[qssprod]
>          comment = share for QSSPROD
>          path = /QSSPROD/PUB
>          username = MGR.QSSPROD
>          writeable = Yes
>          guest ok = Yes

John Clogg already hit the nail on the head with his reply. Your
share is "guest ok" and will thus use the "guest account" from the
[global] section to access the files. The "username" is irrelevant
here, it would be used to check the password against, if you had
"guest ok = no". In that case I would also add "only user = yes",
because SMBD would otherwise use several other attempts to guess
the user (e.g. share name, windows logon, netbios name of client,
potentially mapped via user.map) to try the password against. This
can be confusing, thus I prefer to override with "username=x.y"
and "only user = yes".

For file access problems after successful "map network drive", it
is typically useful to examine the output of smbstatus (the showjob
of samba ;-) and check on which (MPE) user's behalf the access to
the files is performed for the share at hand. You can then logon as
that very user and try the same file access from CI or Shell to get
an idea why SMBD might fail to do what you want. The CI or Shell
has typically much better error messages (and means to examine the
permissions) then the Windows PC presents.

Two share definition examples that I typically use (besides [homes]):

 [alpha]
   comment = guest ok / public means: no password needed
   path = /ACCOUNT/GROUP
   guest ok = yes
   write ok = no
 ; guest account = user.account
 ; browseable = no


 [bravo]
   comment = this share requires MPE password validation
   path = /ACCOUNT/GROUP
   guest ok = no
   write ok = yes
   user = user.account
   only user = yes

For [alpha] you typically don't want "write ok" and "browseable"
at the same time, because popular worms can then find and use the
shared directory to try replicating themselves. No harm for MPE,
but for the potentially infected/corrupted files and other users
visiting the same share.

I believe, you can override "guest account" at the share level;
thus my commented line in the [alpha] example. Depending on the
MPE filesystem level permissions in /ACCOUNT/GROUP, you might
need this for successful file access/modification/creation from
the client side.

Lars.

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2

RAVEN.UTC.EDU