[Samba] Standalone Server with Wins -- Password Not Required on Win/XP

Greg Sims greg at headingup.net
Wed Jan 16 14:52:34 GMT 2008 

Hi All,

 

We posted the following over the weekend and have not received any feedback
to help us move forward.  There seems to be much more activity during the
week so I thought I would re-post the original email.  Perhaps we're seeing
a defect in this level of the code - if this is the case, what action should
we take next.  Thanks!

 

I created a standalone server on CentOS 5.1 with samba at 25b on an x86_64
system. The shares defined below are available to the windows xp clients on
the 10.43.10.x/24 subnet.  Samba also provides win server support to this
subnet.

 

We are having problems with password protection associated with the shares.
The first access to the samba server requests a userid -- this likely allows
samba to understand which home share should be displayed.  At this point,
the client can access both the 'homes' share and the 'orr' share without
ever entering a password -- this is a security issue for us.

 

We need to figure out how to configure samba to enforce userid & password
protection prior to allowing access to a share. Below is a copy of the
smb.conf file that we are using for testing.

 

  [global]

     

     # workgroup and server identification

     workgroup = ORRRANCH

     server string =

     netbios name = ORR00

 

     interfaces = 10.43.10.0/24 lo

     bind interfaces only = yes

     hosts allow = 10.43.10. 127.0.0.

 

     # logs split per machine; max 50KB per log file, then rotate

     log file = /var/log/samba/%m.log

     max log size = 50

 

     # default user security, encrypted passwords and tdbsam

     security = user    

     encrypt passwords = yes

     passdb backend = tdbsam

 

     # allow samba to be the domain master browser if possible

     local master = yes

     os level = 33

     preferred master = yes

     domain master = yes

 

     # samba is a wins server for the system; use wins first

     wins support =yes

     name resolve order = wins hosts bcast

     

  [homes]

     comment = Home Directories

     browseable = no

     writable = yes

     valid users = %S

     path = /samba/home/%S

 

  [orr]

     comment = Orr Ranch Share

     path = /samba/orr

     valid users = greg catherine sarah brandon

     guest ok = no

     writable = yes

     printable = no

     create mask = 0765

 

 

Each of the 'valid users' have ids on the system and have used smbpasswd to
create samba passwords. Nsswitch.conf has been modified to add 'wins' to the
'hosts' line to assist with names resolution.

 

Any assistance would be appreciated!!  Thanks, Greg

More information about the samba mailing list