[Samba] Can Samba “security = user” be used for guest share without a Windows login prompt?
Kenton Tofte
kentontofte at gmail.com
Thu Dec 9 22:08:02 MST 2010
Hello, I hope this is not a dumb question, but I just need some clarification.
I am trying to set up an Ubuntu Samba share for a lab with Windows
computers (Vista and XP). I have two shares that are supposed to
require authentication and one that is supposed to a public share with
no login. I understand from reading the smb.conf manual that "security
= user" makes Windows authenticate before accessing a share, whereas
"security = share" authenticates on a share-by-share basis. The latter
option sounds closest to what I am trying to achieve, but I have also
read that it is not a secure setting. So my question is, is "security
= share" really insecure (especially in a somewhat "safe"
environment), and if it is, is it possible to have a guest share under
"security = user" that does not make Windows ask for login
credentials?
Here's my smb.conf for reference :
[global]
workgroup = hsbclib
server string = %h server (Samba, Ubuntu)
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
map to guest = bad user
usershare allow guests = yes
security = user
guest ok = yes
guest account = publicuser
username map = /etc/samba/smbusers
[printers]
comment = All Printers
browseable = no
path = /var/spool/samba
printable = yes
create mask = 0700
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
[mabusclass]
path = /srv/smb/mabusclass
writeable = yes
valid users = magus, mabusclass
[yearbook]
path = /srv/smb/yearbook
writeable = yes
valid users = yearbook
[public]
comment = Free Public Storage
path = /srv/smb/public
writeable = yes
guest ok = yes
Many thanks in advance!
-Kenton
More information about the samba
mailing list