share security passwords

[Mac]

Hi Brian (and all you avid Samba readers)


>> The most important thing that will make this work is running the whole
>> server in 'security = share' mode.  This is awful for most purposes
>> (because the Win clients don't give a username to a server running in
>> 'share' mode, and so Samba has to guess which UNIX user you are.)
>
>hmm.  this is close.  i now have a share that is accessible via password for
>any user.  unfortunately, it's accessible to anyuser who uses *any* password
>in the samba password file.  can i stop this so it only will allow access if
>the *correct* password is given?


Indeed.  If I may quote my own message back at you for a moment:-

 > You can make it easier though by having exactly one entry in the 'valid
 > users' list, (which is a special user you create just for this share)


You have to use the 'valid users' configuration statement in order to
restrict the user names that can connect to the share.

>here's the share section, and i am using security = share
>
>[galik]
> available = yes
> browseable = yes
> force user = galik
> guest ok = no
> path = /home/galik
> read only = yes


And here's my suggested modification to it:-

  valid users = newgalik


and then you create the user  'newgalik' like this :-

 newgalik::301:302:Special User for Samba Share:/home/galik:/bin/false

(Your 'passwd' file format my vary a bit from this, and you _must_ check
that the UID and GID numbers don't conflict with any exisiting users).


Then, as root do:-

  passwd newgalik

and set it to what ever you want.



                               Mac
          Assistant Systems Adminstrator @nibsc.ac.uk
                        dmccann at nibsc.ac.uk
   Work: +44 1707 654753 x285      Everything else: +44 7956 237670 (anytime)

NOTE: New Mobile Phone Number (see <URL:http://www.numberchange.org/> for why)