[Samba] problems with samba share
Bostjan Skufca
bostjan at a2o.si
Mon Feb 8 03:43:31 MST 2010
I believe the OP wants a solution for his variation of config which
should work but it does not.
I can only share my experience with upgrade to version 3.4.5. It was a
test upgrade so I did not log every change I did on server. However I
was receiving the same error and I did the following:
1. Added 'username map = /etc/samba/private/smbpasswd' to smb.conf
/etc/samba/private/smbpasswd looks like this:
username:10001:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:3C480B57F58C3C0D7CD4893457944DEA:[U
]:LCT-4B6F029F:
2. I re-ran the smbpasswd command for username I was testing with.
After that, smbclient was again able to connect to server.
Hope this helps,
b.
On 8 February 2010 10:58, Michael Wood <esiotrot at gmail.com> wrote:
> On 8 February 2010 11:12, Alexandru Florescu <alex at acasa.ro> wrote:
>>
>>>> I want to achieve the following setup:
>>>>
>>>> - have a share that is read-only and accessible for guest users;
>>>>
>>>> - have the same share be modified by an authenticated specific user.
>>>>
>>>> This is running on debian lenny, samba 3.2.5.
>>>>
>>>> My smb.conf is as follows:
>>>>
>>>> [global]
>>>> workgroup = WORKGROUP
>>>> netbios name = cast
>>>> remote announce = 192.168.1.99/WORKGROUP
>>>> server string = %h server
>>>> dns proxy = no
>>>> interfaces = eth0
>>>> hosts allow = 192.168.1.0/24
>>>> username map = /etc/samba/usermap
>>>> security = share
>>
>>>I don't think you want "security = share".
>>
>> But I do want security = share.
>
> I am not sure that you can do what you are trying to do if you use
> "security = share".
>
> The smb.conf man page says various things about the possible options
> for the "security" parameter including:
>
> If your PCs use usernames that are the same as their usernames on
> the UNIX machine then you will want to use security = user. If you
> mostly use usernames that don´t exist on the UNIX box then use
> security = share.
>
> It also says that it is more difficult to set up a share that does not
> require a password if you use security = user, but says that if you do
> need that you should look into the "map to guest" parameter.
>
> In the "SECURITY = USER" section it says that in this mode users MUST
> first authenticate before accessing the share. This seems to imply
> that guest shares would not be possible, but it goes on to say:
>
> Note that the name of the resource being requested is not sent to
> the server until after the server has successfully authenticated
> the client. This is why guest shares don´t work in user level
> security without allowing the server to automatically map unknown
> users into the guest account. See the map to guest parameter for
> details on doing this.
>
> in other words, it is possible, but you must use the "map to guest" parameter.
>
> So I think you need to do the following:
>
> security = user
>
> guest user = someuser # This should be a local user with read-only
> access to /var/workplace.
>
> map to guest = Bad User # I think this is probably the right one. See
> the man page.
>
> Then in the [workplace] share, add:
>
> guest only = yes
>
> Note, I am NOT a Samba expert and I have not tried the above, but it
> seems, from reading the man page, that it should work.
>
> By the way, you have some redundancy in your config. e.g. "guest ok"
> is the same as "public" so you don't need to specify both. Also,
> "read only" is the opposite of "writable" so again you don't need
> both.
>
> Another thing: "admin users" specifies a list of users who will
> effectively be "root" when accessing the share. That seems dangerous
> to me, but also, the man page says:
>
> This parameter will not work with the security = share in Samba
> 3.0. This is by design.
>
> I hope this helps.
>
> --
> Michael Wood <esiotrot at gmail.com>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list