Frank Helk
asked on
Windows 2019 server not asking for user/password when accessing a samba share
In a test field, I've set up a new machine with Win2k19 Server, running along with some older machines (Win2k8, Win2k16) and a Linux server (SLES 12SP2) with some samba shares. No domain, just a workgroup.
The common user account on the Windows machines is not implemented in the Linux samba configuration (intentionally ...).
On the older machines, when I try to initially access the Linux machine's samba shares with Windows Explorer (typing \\machinename into the address field and hit ENTER), I get asked for credentials, where I may enter user name and password. Then I see a list of shares in the explorer and may open 'em (the ones which the user has been granted sufficient rights to).
On the new Win2k19 machine the same attempt doesn't bring up the credentials dialog - it just nags me with an error message about unsufficient rights. Same when I try that at the commend line with
I could circumvent that by providing i.e. /user:egon on the NET USE command line, but I need it to work in the old style way ;-)
Any hint where to search for that option ?
The common user account on the Windows machines is not implemented in the Linux samba configuration (intentionally ...).
On the older machines, when I try to initially access the Linux machine's samba shares with Windows Explorer (typing \\machinename into the address field and hit ENTER), I get asked for credentials, where I may enter user name and password. Then I see a list of shares in the explorer and may open 'em (the ones which the user has been granted sufficient rights to).
On the new Win2k19 machine the same attempt doesn't bring up the credentials dialog - it just nags me with an error message about unsufficient rights. Same when I try that at the commend line with
NET USE \\machinename
Since doing that on the older machines still works, it seems to be some security setting on the Win2k19 machine that prevents me from logging on to remote machines with different credentials withnthat default wayI could circumvent that by providing i.e. /user:egon on the NET USE command line, but I need it to work in the old style way ;-)
Any hint where to search for that option ?
Please can you paste the output from:
...on the SUSE box?
Omit or change any sensitive info.
cat /etc/fstab
cat /etc/samba/smb.conf
...on the SUSE box?
Omit or change any sensitive info.
ASKER
@Mohammed Basheer
Changed that setting, even restarted explorer (any). Doesn't change anything on my problem. Thanks anyhow for sharing the idea.
@some one
Since the procedure works well from older Windows machines, I suspect the culprit to sit in the depths of Windows security crap ... but here are the infos (obscured where necessary):
/etc/fstab:
Changed that setting, even restarted explorer (any). Doesn't change anything on my problem. Thanks anyhow for sharing the idea.
@some one
Since the procedure works well from older Windows machines, I suspect the culprit to sit in the depths of Windows security crap ... but here are the infos (obscured where necessary):
/etc/fstab:
/dev/sda1 swap swap defaults 0 0
/dev/sda2 / ext3 acl,user_xattr 1 1
/dev/sda3 /data ext3 acl,user_xattr 1 2
ramfs /xxx/xxx/.xxxxx ramfs default 0 0
/etc/samba/smb.conf[global]
netbios name = XXX
server string = XXX XXX
workgroup = XXX
passdb backend = smbpasswd
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
map to guest = Bad User
logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U\.9xprofile
logon drive = P:
usershare allow guests = No
add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$
domain logons = No
domain master = No
security = user
wins support = No
lanman auth = Yes
wins server = 111.11.11.11,222.22.22.22
allow insecure wide links = yes
create mask = 777
directory mask = 777
force create mode = 777
force directory mode = 777
follow symlinks = Yes
dos filetime resolution = Yes
preserve case = yes
short preserve case = yes
log level = auth:5
## Share disabled by YaST
# [homes]
# comment = Home Directories
# valid users = %S, %D%w%S
# browseable = No
# read only = No
# inherit acls = Yes
[profiles]
comment = Network Profiles Service
path = %H
read only = No
store dos attributes = Yes
create mask = 0600
directory mask = 0700
## Share disabled by YaST
# [users]
# comment = All users
# path = /home
# read only = No
# inherit acls = Yes
# veto files = /aquota.user/groups/shares/
## Share disabled by YaST
# [groups]
# comment = All groups
# path = /home/groups
# read only = No
# inherit acls = Yes
## Share disabled by YaST
# [printers]
# comment = All Printers
# path = /var/tmp
# printable = Yes
# create mask = 0600
# browseable = No
## Share disabled by YaST
# [print$]
# comment = Printer Drivers
# path = /var/lib/samba/drivers
# write list = @ntadmin root
# force group = ntadmin
# create mask = 0664
# directory mask = 0775
## Share disabled by YaST
# [netlogon]
[share1]
comment = Home für User share1
inherit acls = Yes
path = /home/share1
read only = No
valid users = share1,root
follow symlinks = Yes
wide links = yes
[share2]
comment = /share2
inherit acls = Yes
path = /share2
read only = No
valid users = share1,root
wide links = yes
follow symlinks = Yes
wide links = yes
[data]
comment = Data Volume
inherit acls = Yes
path = /data
read only = No
valid users = share1,root
follow symlinks = Yes
wide links = yes
[systemlog_RO]
comment = /var/log
follow symlinks = Yes
inherit acls = Yes
path = /var/log
read only = Yes
valid users = root
wide links = Yes
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Try to toggle the below option. (File Explorer>View>Options>View. Under advanced settings, Uncheck use sharing wizard.