Public shares w/ security = user

Charles Curley charles.h.curley at lmco.com
Wed Aug 12 17:20:46 GMT 1998


Configuration: RedHat 5.0 w/ Samba 1.9.18p8. My servers don't do domain
logins. I picked a workgroup called OCALA-CIM for it. I have clients
connecting from standalone desktops w/o domain logins to anyone and
others that connect from desktops that are fully logged into a NT
domain, which is called ACCT03 and these desktops seem to be mostly
setup to be in a workgroup called EMC.

My main samba server (hostname and netbios name is "mi") has been
working well for a while with share level security. Now I want to add a
second machine and have it use mi as its password server. Instant
problems.

Can shares be public on a server with user level security, i.e., no
login required whatsoever?

As soon as I enabled user security, users connected to public shares
started getting authentication windows up for the \\server\ipc$ before
even getting near the shares. I enabled user level security since this
is required for the machine to act as a password server, correct? I've
looked through the actives trying to find out how to fix but didn't find
an answer, at least I didn't realize I did.

I've been messing around with creating a wildcard user match in the
usermap and then putting that user in the smb password file w/o a
password (nobody:99:NO PASSWORDXXXX ...). Is this how you accomplish my
goal? This sort of works but doesn't "feel" right. Problem with this is
that it seems to cause the server to be unacceptable as a password
server by another samba since I get the following when trying to point
the new samba server at the old one with a "security = server" and
"password server = mi":

server_validate: password server MI allows users as non-guest with a bad
password.
server_validate: This is broken (and insecure) behaviour. Please do not
use this machine as the password server.

--
Charles Curley, Staff Engineer
Computer Integrated Manufacturing
Lockheed Martin Ocala Operations




More information about the samba mailing list