Error occurs when you configure IIS to use a Samba network share as its root
This article was previously published under Q256322
We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 7.0 running on Microsoft Windows Server 2008. IIS 7.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:
When you try to specify a Samba network share for an IIS virtual directory root or Web site root, the Microsoft Management Console (MMC) generates an "Access is Denied" error message, and the new virtual directory or site has a stop sign icon next to it. However, if you use the NET command, you can map a drive letter to the Samba network share with no problems.
When there is no network connection open, IIS cannot list the files, and the "Access is Denied" error message occurs even though the user has root access to the share and its contents.
When a network connection is open, IIS can then list the contents of the share, but a user cannot browse to the default file. (A stop sign icon still appears next to the virtual directory.)
If you map a drive letter to the share, and IIS is configured to search for the mapping, a user can successfully browse to that site. (A stop sign icon still appears next to the virtual directory.)
This problem occurs when Samba is not configured to encrypt passwords that are sent across the network.
Important These steps may increase your security risk. These steps may also make the computer or the network more vulnerable to attack by malicious users or by malicious software such as viruses. We recommend the process that this article describes to enable programs to operate as they are designed to or to implement specific program capabilities. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this process in your particular environment. If you decide to implement this process, take any appropriate additional steps to help protect the system. We recommend that you use this process only if you really require this process.
Warning This method involves a security risk because the user who created the mapping must remain logged on to the local console. Therefore, the only security is by locking the computer.
To work around this problem, do the following:
- Map a drive letter to \\servername\iisroot using "root" and "password."
- In the Samba virtual directory, change the home directory from Share on Another Computer to Local Directory, and then specify the drive letter that you mapped in step 1.
- Restart the Web site, and then test it by browsing.
Further support for the UNIX/Samba configuration can be obtained from Samba.
The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.
Article ID: 256322 - Last Review: 07/07/2008 17:39:42 - Revision: 6.1
Microsoft Internet Information Services 5.0, Microsoft Internet Information Server 4.0
- kbpending kbprb KB256322