[Samba] Standalone Server with Wins -- Password Not Required on Win/XP

Greg Sims greg at headingup.net
Sat Jan 12 21:49:45 GMT 2008 

Hi There,

I created a standalone server on CentOS 5.1 with samba at 25b on an x86_64
system. The shares defined below are available to the windows xp clients on
the 10.43.10.x/24 subnet.  Samba also provides win server support to this
subnet.

We are having problems we password protection associated with the shares.
The first access to the samba server requests a userid -- this likely allows
samba to understand which home share should be displayed.  At this point,
the client can access both the 'homes' share and the 'orr' share without
ever entering a password -- this is a security issue for us.

We need to figure out how to configure samba to enforce userid & password
protection prior to allowing access to a share. Below is a copy of the
smb.conf file that we are using for testing.

  [global]
	
	# workgroup and server identification
	workgroup = ORRRANCH
	server string =
	netbios name = ORR00

	interfaces = 10.43.10.0/24 lo
	bind interfaces only = yes
	hosts allow = 10.43.10. 127.0.0.

	# logs split per machine; max 50KB per log file, then rotate
	log file = /var/log/samba/%m.log
	max log size = 50

	# default user security, encrypted passwords and tdbsam
	security = user	
	encrypt passwords = yes
	passdb backend = tdbsam

	# allow samba to be the domain master browser if possible
	local master = yes
	os level = 33
	preferred master = yes
	domain master = yes

	# samba is a wins server for the system; use wins first
	wins support =yes
	name resolve order = wins hosts bcast
	
  [homes]
	comment = Home Directories
	browseable = no
	writable = yes
	valid users = %S
	path = /samba/home/%S

  [orr]
	comment = Orr Ranch Share
	path = /samba/orr
	valid users = greg catherine sarah brandon
	guest ok = no
	writable = yes
	printable = no
	create mask = 0765


Each of the 'valid users' have ids on the system and have used smbpasswd to
create samba passwords. Nsswitch.conf has been modified to add 'wins' to the
'hosts' line to assist with names resolution.

Any assistance would be appreciated!!  Thanks, Greg

More information about the samba mailing list