[Samba] Doesn't require a password

[Gémes Géza]

James Bear írta:

> Here is my problem:
>
> Previously, I was using Samba as a PDC and everybody logged in with 
> WXP and then they had roaming profiles and all was grand, except 
> sometimes my students had really big pictures and such being saved to 
> their "My Documents."  That's bad.  When it came time to log off, 
> other students sometimes had to wait 20 minutes.  A Bad thing.
>
> So, this year, I scrapped the roaming profiles and got some XP Home 
> Edition machines.  I simply shared files on the server using Samba. 
> It's fine.  All the machines have a mapped network drive to the homes 
> directory.  When they click it, they are prompted for a username and 
> password.  They gain access to the server.  They can do things exactly 
> as I want them to be able to do things.
>
> One little problem.  A student pointed out that if he didn't enter a 
> password, it worked just the same.  A user can enter any username and 
> as long as it is a user on the server, they have access to that file 
> without supplying a password or supplying a bogus password.  It's a 
> bad thing.
>
> Can anybody help?  Keep in mind that this is a modified smb.conf.  I 
> previously had it when I had the samba as a PDC and some of the 
> settings while seemingly illogical are carryovers.  Me not sharp 
> enough or have enough time to bother with trying to change them.  Here 
> is my smb.conf:
>
>> # Samba config file created using SWAT
>> # from 0.0.0.0 (0.0.0.0)
>> # Date: 2003/09/10 12:54:53
>>
>> # Global parameters
>> [global]
>>     netbios name = WALDO
>>     encrypt passwords = Yes
>>     update encrypted = Yes
>>     null passwords = Yes
>>     passwd program = /usr/bin/passwd %u
>>     passwd chat = *New*password* %n\n *Retype*new*password* %n\n 
>> *passwd:*all*authentication*tokens*updated*successfully*
>>     log file = /var/log/samba/%m.log
>>     max log size = 1000
>>     socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>>     add user script = /usr/sbin/useradd -d /dev/null -g 100 -s 
>> /bin/false -M %u
>>     domain logons = Yes
>>     os level = 255
>>     domain master = Yes
>>     wins support = Yes
>>     default service = homes
>>     path = /home
>>     guest account = root
>>     read only = No
>>     printing = lprng
>>     browseable = No
>>     locking = No
>>
>> [homes]
>>     comment = Home Directories
>>     guest account = %S
>>     valid users = %S
>>     browseable = Yes
>>
>> [printers]
>>     comment = All Printers
>>     path = /var/spool/samba
>>     printable = Yes
>>
>> [lab]
>>     path = /var/spool/samba
>>     printable = Yes
>>     printer name = lab
>>     oplocks = No
>
>
I think instead of guest account = root you should definitely use guest 
account = nobody
Or you will give root access to your every badly authenticated user :-(
Which looks strange to me is the fact that I haven't seen a map to guest 
statement in your smb.conf. You could also solve your problem, with map 
to guest = never.

Good Luck!

Geza Gemes