[Samba] Doesn't require a password
Gémes Géza
geza at kzsdabas.sulinet.hu
Wed Sep 10 19:39:57 GMT 2003
James Bear írta:
> Here is my problem:
>
> Previously, I was using Samba as a PDC and everybody logged in with
> WXP and then they had roaming profiles and all was grand, except
> sometimes my students had really big pictures and such being saved to
> their "My Documents." That's bad. When it came time to log off,
> other students sometimes had to wait 20 minutes. A Bad thing.
>
> So, this year, I scrapped the roaming profiles and got some XP Home
> Edition machines. I simply shared files on the server using Samba.
> It's fine. All the machines have a mapped network drive to the homes
> directory. When they click it, they are prompted for a username and
> password. They gain access to the server. They can do things exactly
> as I want them to be able to do things.
>
> One little problem. A student pointed out that if he didn't enter a
> password, it worked just the same. A user can enter any username and
> as long as it is a user on the server, they have access to that file
> without supplying a password or supplying a bogus password. It's a
> bad thing.
>
> Can anybody help? Keep in mind that this is a modified smb.conf. I
> previously had it when I had the samba as a PDC and some of the
> settings while seemingly illogical are carryovers. Me not sharp
> enough or have enough time to bother with trying to change them. Here
> is my smb.conf:
>
>> # Samba config file created using SWAT
>> # from 0.0.0.0 (0.0.0.0)
>> # Date: 2003/09/10 12:54:53
>>
>> # Global parameters
>> [global]
>> netbios name = WALDO
>> encrypt passwords = Yes
>> update encrypted = Yes
>> null passwords = Yes
>> passwd program = /usr/bin/passwd %u
>> passwd chat = *New*password* %n\n *Retype*new*password* %n\n
>> *passwd:*all*authentication*tokens*updated*successfully*
>> log file = /var/log/samba/%m.log
>> max log size = 1000
>> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>> add user script = /usr/sbin/useradd -d /dev/null -g 100 -s
>> /bin/false -M %u
>> domain logons = Yes
>> os level = 255
>> domain master = Yes
>> wins support = Yes
>> default service = homes
>> path = /home
>> guest account = root
>> read only = No
>> printing = lprng
>> browseable = No
>> locking = No
>>
>> [homes]
>> comment = Home Directories
>> guest account = %S
>> valid users = %S
>> browseable = Yes
>>
>> [printers]
>> comment = All Printers
>> path = /var/spool/samba
>> printable = Yes
>>
>> [lab]
>> path = /var/spool/samba
>> printable = Yes
>> printer name = lab
>> oplocks = No
>
>
I think instead of guest account = root you should definitely use guest
account = nobody
Or you will give root access to your every badly authenticated user :-(
Which looks strange to me is the fact that I haven't seen a map to guest
statement in your smb.conf. You could also solve your problem, with map
to guest = never.
Good Luck!
Geza Gemes
More information about the samba
mailing list