samba@lists.samba.org
[Top] [All Lists]

Re: [Samba] problems with samba share

Subject: Re: [Samba] problems with samba share
From: Bostjan Skufca
Date: Mon, 8 Feb 2010 11:43:31 +0100
I believe the OP wants a solution for his variation of config which
should work but it does not.

I can only share my experience with upgrade to version 3.4.5. It was a
test upgrade so I did not log every change I did on server. However I
was receiving the same error and I did the following:

1. Added 'username map = /etc/samba/private/smbpasswd' to smb.conf
/etc/samba/private/smbpasswd looks like this:

username:10001:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:3C480B57F58C3C0D7CD4893457944DEA:[U
         ]:LCT-4B6F029F:

2. I re-ran the smbpasswd command for username I was testing with.
After that, smbclient was again able to connect to server.

Hope this helps,
b.


On 8 February 2010 10:58, Michael Wood <esiotrot@xxxxxxxxx> wrote:
> On 8 February 2010 11:12, Alexandru Florescu <alex@xxxxxxxx> wrote:
>>
>>>> I want to achieve the following setup:
>>>>
>>>> - have a share that is read-only and accessible for guest users;
>>>>
>>>> - have the same share be modified by an authenticated specific user.
>>>>
>>>> This is running on debian lenny, samba 3.2.5.
>>>>
>>>> My smb.conf is as follows:
>>>>
>>>> [global]
>>>>   workgroup = WORKGROUP
>>>>   netbios name = cast
>>>>   remote announce = 192.168.1.99/WORKGROUP
>>>>   server string = %h server
>>>>   dns proxy = no
>>>>   interfaces = eth0
>>>>   hosts allow = 192.168.1.0/24
>>>>  username map = /etc/samba/usermap
>>>> security = share
>>
>>>I don't think you want "security = share".
>>
>> But I do want security = share.
>
> I am not sure that you can do what you are trying to do if you use
> "security = share".
>
> The smb.conf man page says various things about the possible options
> for the "security" parameter including:
>
>           If your PCs use usernames that are the same as their usernames on
>           the UNIX machine then you will want to use security = user. If you
>           mostly use usernames that don´t exist on the UNIX box then use
>           security = share.
>
> It also says that it is more difficult to set up a share that does not
> require a password if you use security = user, but says that if you do
> need that you should look into the "map to guest" parameter.
>
> In the "SECURITY = USER" section it says that in this mode users MUST
> first authenticate before accessing the share.  This seems to imply
> that guest shares would not be possible, but it goes on to say:
>
>           Note that the name of the resource being requested is not sent to
>           the server until after the server has successfully authenticated
>           the client. This is why guest shares don´t work in user level
>           security without allowing the server to automatically map unknown
>           users into the guest account. See the map to guest parameter for
>           details on doing this.
>
> in other words, it is possible, but you must use the "map to guest" parameter.
>
> So I think you need to do the following:
>
> security = user
>
> guest user = someuser # This should be a local user with read-only
> access to /var/workplace.
>
> map to guest = Bad User # I think this is probably the right one.  See
> the man page.
>
> Then in the [workplace] share, add:
>
> guest only = yes
>
> Note, I am NOT a Samba expert and I have not tried the above, but it
> seems, from reading the man page, that it should work.
>
> By the way, you have some redundancy in your config.  e.g. "guest ok"
> is the same as "public" so you don't need to specify both.  Also,
> "read only" is the opposite of "writable" so again you don't need
> both.
>
> Another thing:  "admin users" specifies a list of users who will
> effectively be "root" when accessing the share.  That seems dangerous
> to me, but also, the man page says:
>
>           This parameter will not work with the security = share in Samba
>           3.0. This is by design.
>
> I hope this helps.
>
> --
> Michael Wood <esiotrot@xxxxxxxxx>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

<Prev in Thread] Current Thread [Next in Thread>