Article ID: 256322
Article Last Modified on 2/12/2007
APPLIES TO
- Microsoft Internet Information Services 5.0
- Microsoft Internet Information Server 4.0
This article was previously published under Q256322
We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:
SYMPTOMS
When you try to specify a Samba network share for an IIS virtual directory root or Web site root, the Microsoft Management Console (MMC) generates an "Access is Denied" error message, and the new virtual directory or site has a stop sign icon next to it. However, if you use the NET command, you can map a drive letter to the Samba network share with no problems.
When there is no network connection open, IIS cannot list the files, and the "Access is Denied" error message occurs even though the user has root access to the share and its contents.
When a network connection is open, IIS can then list the contents of the share, but a user cannot browse to the default file. (A stop sign icon still appears next to the virtual directory.)
If you map a drive letter to the share, and IIS is configured to search for the mapping, a user can successfully browse to that site. (A stop sign icon still appears next to the virtual directory.)
CAUSE
This problem occurs when Samba is not configured to encrypt passwords that are sent across the network.
WORKAROUND
Important These steps may increase your security risk. These steps may also make the computer or the network more vulnerable to attack by malicious users or by malicious software such as viruses. We recommend the process that this article describes to enable programs to operate as they are designed to or to implement specific program capabilities. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this process in your particular environment. If you decide to implement this process, take any appropriate additional steps to help protect the system. We recommend that you use this process only if you really require this process.
Warning This method involves a security risk because the user who created the mapping must remain logged on to the local console. Therefore, the only security is by locking the computer.
To work around this problem, do the following:
- Map a drive letter to \\
servername\iisroot using "root" and "password." - In the Samba virtual directory, change the home directory from Share on Another Computer to Local Directory, and then specify the drive letter that you mapped in step 1.
- Restart the Web site, and then test it by browsing.
MORE INFORMATION
Further support for the UNIX/Samba configuration can be obtained from Samba.
The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.
Additional query words: Samba Unix
Keywords: kbpending kbprb KB256322
