share security passwords
Mac
dmccann at nibsc.ac.uk
Wed Nov 17 10:55:57 GMT 1999
Hi Brian (and all you avid Samba readers)
>> The most important thing that will make this work is running the whole
>> server in 'security = share' mode. This is awful for most purposes
>> (because the Win clients don't give a username to a server running in
>> 'share' mode, and so Samba has to guess which UNIX user you are.)
>
>hmm. this is close. i now have a share that is accessible via password for
>any user. unfortunately, it's accessible to anyuser who uses *any* password
>in the samba password file. can i stop this so it only will allow access if
>the *correct* password is given?
Indeed. If I may quote my own message back at you for a moment:-
> You can make it easier though by having exactly one entry in the 'valid
> users' list, (which is a special user you create just for this share)
You have to use the 'valid users' configuration statement in order to
restrict the user names that can connect to the share.
>here's the share section, and i am using security = share
>
>[galik]
> available = yes
> browseable = yes
> force user = galik
> guest ok = no
> path = /home/galik
> read only = yes
And here's my suggested modification to it:-
valid users = newgalik
and then you create the user 'newgalik' like this :-
newgalik::301:302:Special User for Samba Share:/home/galik:/bin/false
(Your 'passwd' file format my vary a bit from this, and you _must_ check
that the UID and GID numbers don't conflict with any exisiting users).
Then, as root do:-
passwd newgalik
and set it to what ever you want.
Mac
Assistant Systems Adminstrator @nibsc.ac.uk
dmccann at nibsc.ac.uk
Work: +44 1707 654753 x285 Everything else: +44 7956 237670 (anytime)
NOTE: New Mobile Phone Number (see <URL:http://www.numberchange.org/> for why)
More information about the samba
mailing list