StuPeas — Thu, 08 Feb 2007 00:14:21 +0000

Cheers Jeeves, i'll try that port as soon as i get the chance (By the way its not 2 win98 machines, its a dual boot linux/xp machine that cant see the shares on a win98 machine. It can however see the actual machine, just not any of the shared folders on it.

As for IIS, My course manual neglected to say that the option to set authentication was also avialable to individual folders inside root. I was under the impression that this option was only available for the whole site (Thats about 3hours of my life typing i'll never get back). No wonder the company is called Skill sTrain. Thanx matey.

JeevesBond — Wed, 07 Feb 2007 22:58:59 +0000

A bloke in #samba just tried this out for me on a Win98 machine of his. Apparently the problem is Win98 won't accept a connection on port 443, so you need to use port 139. So, open up a terminal and put in the following (changing the username etc.):

mount -t smbfs -p 139 -o username=jeeves //testpc/jeeves /tmp/jeeves'

He described the syntax for this as being:

mount -t {filesystem type (in our case smbfs)} -o {options (in our case...a username. A password can be added here too)} -p {port 139} //{the computer name}/{the share name} /The/Path/where/you/want/to/mount/the/win98/share'

Hopefully this makes sense. It was a guy called 'rtcg' I spoke to in IRC, if he's there when you need help you'll be in luck!

EDIT:
Apparently, rtcg is in ##Samba3+LDAP (note the extra '#'). Might be an idea to find him in there before trying #samba.

JeevesBond — Wed, 07 Feb 2007 21:48:45 +0000

StuPeas wrote: If basic authentication is enabled, then anyone who wants to view the other pages on the site has to have a password.

Really?! That seems a little odd. I would have thought that enabling Basic Authentication would mean: 'I want to enable the Basic Authentication method', not: 'I want to enable the Basic Authentication method and restrict access to the whole site'.

To my mind just enabling Basic Authentication shouldn't actually restrict anything, just tell IIS that when you restrict access (by right-clicking on the folder, going into properties etc.) it should use Basic Authentication to validate that user.

The only time access to the whole site would be restricted is if you set the permissions of the root folder to anything other than 'EVERYONE'.

To be honest though am taking stabs in the dark here as I don't have a Windows machine anymore and it's been a while since I used IIS!

In Apache you simply plonk a file in the folder you want to restrict named: .htaccess it would look something like:

AuthName "TWF secret research labs and penguin testing facility"
AuthType Basic
AuthUserFile /path/to/httpdocs/.htpasswd/passwordfile
Require valid-user

'
Had to include this, it seems to work exactly the way you want.
The only complicated bit is that you have to create a secret username/password file, it's seperate so you can put it somewhere nasty hackers can't access it.

This is also how I'd expect IIS to work. Just enabling Basic Authentication (or AuthType Basic in Apache) doesn't make it ask for a password. I could put that declaration in a .htaccess file in the root directory for instance, it wouldn't make the root directory password protected.

StuPeas wrote: Im using Mandriva 2007, and my problem is trying to make samba see my win98 shares

Ouch, I can remember having lots of trouble making Windows 98 see other Windows 98 machines. The networking on that OS is awful!

When I had problems (a long time ago) with two Win98 machines I remember having to give them static IP addresses, dynamic just didn't work.

Other than that, you could join the #samba channel on irc.freenode.net and ask them there. I checked and apparently Samba should work with Win98.

StuPeas — Wed, 07 Feb 2007 11:50:59 +0000

JeevesBond;214645 wrote:

No, you wouldn't be able to restrict access to the folder (I don't think). The type of security has to be setup before you can set passwords.

I dont think you would have to enable basic authentication. The PRIVATE file has been restricted anyway hasnt it ? If basic authentication is enabled, then anyone who wants to view the other pages on the site has to have a password. What would happen for the people ALLOWED to view the PRIVATE folder, would they have to authenticate themselves for the entire site first by sending a username and password, and then enter another username and password to view the PRIVATE folder?
oh, hang on..I think i see what you are saying. Because they have already authenticated for the entire site, then they are automaticaly entitled to view the PRIVATE folder.
Doesnt this seem like alot of trouble to go to (Enabling authentication for the entire site just to make sure ONE FOLDER is restricted)?

Surely there must be a way that the site can have anonymous access but then present a username and password box when someone tries to access the PRIVATE folder. That way, only the password information for the PRIVATE folder need be stored on the server machine (any other password=no access)

Im using Mandriva 2007, and my problem is trying to make samba see my win98 shares (it can see the machine, just not the shares, and it sees both my other winXP machine AND its shares, so no probs with XP)

Thanx
Stuart

JeevesBond — Tue, 06 Feb 2007 21:57:48 +0000

StuPeas wrote: Yes, Apache will be taught as well.

Oh, fair enough then. You may well need to use IIS at some point.

StuPeas wrote: My point is: Why would the course manual include the step to "enable basic authentication" as part of the procedure thats restrict access to the Private folder. Surely it doesnt matter whether ananymous access or basic authentication is enabled, access to the private folder would still be restricted, wouldnt it?

No, you wouldn't be able to restrict access to the folder (I don't think). The type of security has to be setup before you can set passwords.

StuPeas wrote: (Im trying to make the switch to Linux and its a bit of a learning curve)

What are you having trouble with? Also, what distro are you using? Probably the easiest is Ubuntu, then just grab a copy of EasyUbuntu to watch DVDs, view WMV files and all that other non-Free stuff.

If you're doing something complicated it can be difficult, the missus has switched with little problems. Although I'm always around to support her.

StuPeas — Tue, 06 Feb 2007 21:07:15 +0000

Yes, Apache will be taught as well. My point is: Why would the course manual include the step to "enable basic authentication" as part of the procedure thats restrict access to the Private folder. Surely it doesnt matter whether ananymous access or basic authentication is enabled, access to the private folder would still be restricted, wouldnt it?

Im trying to establish whether or not the people who wrote the course material actualy have a clue what the hell they are talking about, or wether i am totaly missing something.

Thanks for the responce, sorry i took so long to answer (Im trying to make the switch to Linux and its a bit of a learning curve).

JeevesBond — Tue, 06 Feb 2007 19:54:34 +0000

Why are they teaching you IIS?! That's going to be little practical use when most of the world uses Apache. Are they teaching you how to use Apache at all?

StuPeas wrote: I guess my first question must be: When a user enters their username and password, what information does IIS use to check this information against, and where is it stored on the server machine?

This would depend upon the type of authentication. If you've opted to have integrated authentication IIS will look to the local machines users and groups, there's also basic authentication. I don't know where IIS will look for that, it will probably store it in the registry or some configuration file. Do you need to know where IIS stores it?

StuPeas wrote: It is this last step that is confusing me. How is enabling basic authentication having any effect on the PRIVATE file? Isn't enabling basic authentication simply restricting access for the whole site? If "Anonymous Access" where chosen, the PRIVATE folder would still be restricted, wouldn't it?

I assume you need to switch on this 'Basic authentication' to be able to restrict access at all. I would also assume that this doesn't do anything unless you add a password to the whole site. Or maybe if you've got this 'Anonymous Access' set then yes, anyone can access the site and access to the Private folder will be restricted. This happens because a 'deny access' overrides/is more important than a 'grant access'.