Users can map shares without password in domain-security mode
Christian.Seip at t-online.de
Wed Sep 20 17:36:18 GMT 2000
"Nelson, John P." schrieb:
> >1. Samba authenticates the users against the PDC, so as far as I have
> >unterstood the concept, there sohould only be a linux user necessary and
> >an user in the smbpasswd.
> That should be how it works. It IS working for us!
As I said, it works only if I add the user to the smbpasswd.
> You don't explicitly say that you are using security=domain in the smb.conf
> file. Doing "smbpasswd -j DOM -r PDC" by itself is not enough to get domain
> style authentication. But perhaps you just didn't state it explicitly.
In a different posting, I included an excerpt of my smb.conf. I do use
> >But without an entry in the smbpasswd I can't map any share.
> I can't explain that. I would expect that if you need to add an entry to
> smbpasswd, that the smbpasswd "password" entry would be used, rather than
> the one from the domain server. Have you tried setting the two passwords
> (smbpasswd and domain controller) differently, and see which one actually
Nope, I didn't. But I'll try this one.
> works? I'm guessing that you aren't actually getting domain authentication
> at all.
Now as you say that: It feels like samba only asks the PDC for a valid username and
ignores the password. I'll have to explore this a bit.
> Yeah, but you still want to use filesystem permissions, don't you? At
> least, I would.
I don't think we need them here because this fileserver will serve the user-homes and
nothing else. But "not using them" and "not be able to use them" is a different
thing. You're right, I should reserve the rights to use the permissions.
> I would really recommend fixing this, and use real unix filesystem
> permissions. By the way, setting create and directory mask to 777 is not
> sufficient: you also need to "force" these modes. Why? If a user with one
> userid sets a file to readonly (444), and then connect via the other server
> with a different userid, the second userid will be unable to "unset"
> readonly permissions since he is not the owner of the file.
Ok and accepted.
> >Now my question: Why can other
> >users map my home-share (defined by the [homes]-section in smb.conf)
> >being asked for a password?
> Because that's the way it's supposed to work. Security=server is a
> variation on security=user - which means that users only have to authenicate
> ONCE (when first connecting) rather than having to verify their identity for
> each individual share. Once connected to a server with a network identity,
> a user is allowed to access any share on that server that he has permssions
> to access.
Hmmm, I have to think about this. NT seems to use a mixture between server- and
user-level. If I connect to a share with a valid username and password for this
share, the connection will be created without asking for a password. If my username
or my password is not valid, NT asks me for a valid username/password-combination.
That's not share- or user-level security (I don't know exactly which one) because
security=share/user always asks for a password.
> You seem to think that the [homes] section provides some extra level of
> security, but it doesn't: it simply provides a shorthand method of
I think a user should only be able to connect to another user's home with the other
user's password. But Samba doesn't ask me at all for a password.
> specifying a share for each unix username. There are no special access
> permissions implied by doing this: if you need to restrict access, you can
> do it with unix permissions, or using something like "valid users = %S" in
I tried "valid users = %u" but I meant "valid users = %S".
> the [homes] section, which would only permit users to connect to a share
> name that matches their username.
That's a last option. I'll do this if anything else I try doesn't work out.
> But you will NEVER get the behavior of having samba prompt the user for a
> password when connecting to someone else's share, at least not with
> security=user or it's variations (security=server or security=domain).
But that's what I've always experienced. I connect to your share with my username.
That doesn't work because I don't know your password. If I connect to your share with
your username, I'm usually asked for a password. That's the way it works with
NT-server and that's what I've seen to work with our samba-server here. The only
difference I know between our working samba-server and my cluster is that my cluster
uses the [homes]-section for the user-shares and our other server has all the
user-shares created by hand. It shouldn't make a difference as far as I have
understood this stuff.
I guess I have an error in my view of this but I can't find it.
Thanks for helping, guys.
I'll tell you the results of my next steps.
More information about the samba