[Samba] problems with samba share

Bostjan Skufca bostjan at a2o.si
Mon Feb 8 03:43:31 MST 2010

I believe the OP wants a solution for his variation of config which
should work but it does not.

I can only share my experience with upgrade to version 3.4.5. It was a
test upgrade so I did not log every change I did on server. However I
was receiving the same error and I did the following:

1. Added 'username map = /etc/samba/private/smbpasswd' to smb.conf
/etc/samba/private/smbpasswd looks like this:


2. I re-ran the smbpasswd command for username I was testing with.
After that, smbclient was again able to connect to server.

Hope this helps,

On 8 February 2010 10:58, Michael Wood <esiotrot at gmail.com> wrote:
> On 8 February 2010 11:12, Alexandru Florescu <alex at acasa.ro> wrote:
>>>> I want to achieve the following setup:
>>>> - have a share that is read-only and accessible for guest users;
>>>> - have the same share be modified by an authenticated specific user.
>>>> This is running on debian lenny, samba 3.2.5.
>>>> My smb.conf is as follows:
>>>> [global]
>>>>   workgroup = WORKGROUP
>>>>   netbios name = cast
>>>>   remote announce =
>>>>   server string = %h server
>>>>   dns proxy = no
>>>>   interfaces = eth0
>>>>   hosts allow =
>>>>  username map = /etc/samba/usermap
>>>> security = share
>>>I don't think you want "security = share".
>> But I do want security = share.
> I am not sure that you can do what you are trying to do if you use
> "security = share".
> The smb.conf man page says various things about the possible options
> for the "security" parameter including:
>           If your PCs use usernames that are the same as their usernames on
>           the UNIX machine then you will want to use security = user. If you
>           mostly use usernames that don´t exist on the UNIX box then use
>           security = share.
> It also says that it is more difficult to set up a share that does not
> require a password if you use security = user, but says that if you do
> need that you should look into the "map to guest" parameter.
> In the "SECURITY = USER" section it says that in this mode users MUST
> first authenticate before accessing the share.  This seems to imply
> that guest shares would not be possible, but it goes on to say:
>           Note that the name of the resource being requested is not sent to
>           the server until after the server has successfully authenticated
>           the client. This is why guest shares don´t work in user level
>           security without allowing the server to automatically map unknown
>           users into the guest account. See the map to guest parameter for
>           details on doing this.
> in other words, it is possible, but you must use the "map to guest" parameter.
> So I think you need to do the following:
> security = user
> guest user = someuser # This should be a local user with read-only
> access to /var/workplace.
> map to guest = Bad User # I think this is probably the right one.  See
> the man page.
> Then in the [workplace] share, add:
> guest only = yes
> Note, I am NOT a Samba expert and I have not tried the above, but it
> seems, from reading the man page, that it should work.
> By the way, you have some redundancy in your config.  e.g. "guest ok"
> is the same as "public" so you don't need to specify both.  Also,
> "read only" is the opposite of "writable" so again you don't need
> both.
> Another thing:  "admin users" specifies a list of users who will
> effectively be "root" when accessing the share.  That seems dangerous
> to me, but also, the man page says:
>           This parameter will not work with the security = share in Samba
>           3.0. This is by design.
> I hope this helps.
> --
> Michael Wood <esiotrot at gmail.com>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list