security and guest account
Ionel GARDAIS
igardais at yahoo.fr
Sun Jan 27 03:07:05 GMT 2002
Hi there,
I have a question about samba security and the guest
account validation.
Here is my configuration : Samba 2.2.2 (from binary),
RH 7.1 kernel 2.4.2. Clients are NTWS 4 sp 6.
smb.conf shows these lines for guest :
<snip>
guest account = nobody
map to guest = Bad User
</snip>
When running Samba, "smbstatus" shows threads owned by
nobody and connected to ressource IPC$.
Users from NT can connect to the server with their
user/pass, creating thread owned by them.
I have local guest account on NT worksations.
Logging using this account on NT, allow users to
connect to a fully shared folder but under the nobody
account.
In order to disable the connection to the samba server
using the nobody account, I've set "Guest account" to
"Bad User" too.
But a problem appears : as soon as I've modified this
line, NT clients couldn't connect to their account
even using a valid username/password combination.
On the other hand, no threads owned by nobody and
connected to IPC$ showed in "smbstatus".
Changing back "guest account" to nobody puts the
server available for clients connections.
Unfortunatly, nobody-owned threads are back in the
smbstatus ressource listing.
How to forbid "nobody" access in order not to see
"nobody connects from computer XXXX [time]" in the
logs (so users MUST use their username/pass to
connect) ?
Do I have to add "guest ok = no" to each share ?
For personnal information, can someone tell me why do
a nobody-owned thread connected to IPC$ must be
running for clients to connect to server ?
Thanks for your help,
ionel
___________________________________________________________
Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français !
Yahoo! Mail : http://fr.mail.yahoo.fr
More information about the samba
mailing list