can't find service

Armand Welsh armand at welshhome.org
Thu Jan 11 19:12:30 GMT 2001 

*This message was transferred with a trial version of CommuniGate(tm) Pro*
shouldn't the map to guest = Bad Password, be changed to map to guest = Bad
User?  Otherwise, any invalid login, even for known users will be considered
guests.  this can really screw with you if you simply mistyped your
password....

set 'guest account = nobody' or other user with restricted access, so that
you can manage sercurity on the file system, OR use the 'force user =
username' option and 'force group = groupname' option to access the file
system as the specified user and group (this second option, I usually use,
to control user/group ownership in my public directories making public
directories truely public).

<smb.conf man page>
guest only (S)

If this parameter is ´yes´ for a service, then only
guest connections to  the  service  are  permitted.
This parameter will have no affect if "guest ok" or
"public" is not set for the service.
</smb.conf man page>

This tell me that, if you use 'public = yes' or 'guest ok = yes' (synonymous
commands) then non-authenticated users can access the share.  Therefore, the
line 'guest only = yes' and the description from the man file, leaves me to
deduce that only guest users are valid.  non-guest users are not allowed
access.  This behavior is optional, as you don't need this paramater.  It
would be equivalent to assigning an nt share as "Everyone <change>, domain
users <no access>"

----how I would adddress this----
# chmod 0777 /usr/local/samba/public_folder

edit /etc/smb.conf to look like this:
[global]
    workgroup = MY_DOMAIN
    security = domain
    password server = *
    server string = Samba SMB file server
    map to guest = Bad User
    encrypt passwords = yes
    smb passwd file = /etc/smbpasswd
[public_folder]
   path = /usr/local/samba/public_folder
   guest ok = yes
   force user = ftp
   force group = ftp
   writable = yes
   browsable = yes
   printable = no
   create mask = 777
   directory mask = 777


>
> # FYI: samba log /var/log/smblogs
> #
>
> debug level = 1
>
> # Global parameters
> [global]
>         workgroup = *nameofNTdomain*
>         security = domain
>         password server = *nameofmypasswordserver*
>         server string = FreeBSD Samba 2.0.5
>         map to guest = Bad Password
>
>         encrypt passwords = yes
>         smb passwd file = /etc/smbpasswd
>         log file = /var/log/smblogs
>         log level = 2
> ;  Max log size in KB
>         max log size = 5000
> [public_folder]
>    path = /usr/local/samba/public_folder
>    public = yes
>    only guest = yes
>    writable = yes
>    printable = no
>    create mask = 777
>    directory mask = 777

More information about the samba-ntdom mailing list