[Samba] problems with samba share
alex at acasa.ro
Mon Feb 8 04:00:47 MST 2010
Hi Michael, finally I have found the solution.
So I still have 'security = share' and I thought why it complained about
authentication failure. In smbpasswd, passwords are encrypted,
but in my general config I had 'encrypt passwords = no' and that's why it
didn't work. I changed it to yes.
So my [general] looks like this now:
workgroup = WORKGROUP
netbios name = cast
remote announce = 192.168.1.99/WORKGROUP
server string = %h server
dns proxy = no
interfaces = eth0
hosts allow = 192.168.1.0/24
realm = domain.local
bind interfaces only = yes
security = share
encrypt passwords = yes
passdb backend = smbpasswd
lanman auth = yes
client lanman auth = yes
load printers = no
printing = none
socket options = TCP_NODELAY IPTOS_LOWDELAY
I know about the redundant options in my config, I put them on purpose
because I thought samba didn't "see" them.
Anyway, I removed them.
Thanks for the suggestions.
>>>I don't think you want "security = share".
>> But I do want security = share.
>I am not sure that you can do what you are trying to do if you use
>"security = share".
>The smb.conf man page says various things about the possible options
>for the "security" parameter including:
> If your PCs use usernames that are the same as their usernames
> the UNIX machine then you will want to use security = user. If
> mostly use usernames that don´t exist on the UNIX box then use
> security = share.
>It also says that it is more difficult to set up a share that does not
>require a password if you use security = user, but says that if you do
>need that you should look into the "map to guest" parameter.
>In the "SECURITY = USER" section it says that in this mode users MUST
>first authenticate before accessing the share. This seems to imply
>that guest shares would not be possible, but it goes on to say:
> Note that the name of the resource being requested is not sent
> the server until after the server has successfully authenticated
> the client. This is why guest shares don´t work in user level
> security without allowing the server to automatically map
> users into the guest account. See the map to guest parameter for
> details on doing this.
in other words, it is possible, but you must use the "map to guest"
>So I think you need to do the following:
>security = user
>guest user = someuser # This should be a local user with read-only
>access to /var/workplace.
>map to guest = Bad User # I think this is probably the right one. See
>the man page.
>Then in the [workplace] share, add:
>guest only = yes
>Note, I am NOT a Samba expert and I have not tried the above, but it
>seems, from reading the man page, that it should work.
>By the way, you have some redundancy in your config. e.g. "guest ok"
>is the same as "public" so you don't need to specify both. Also,
>"read only" is the opposite of "writable" so again you don't need
>Another thing: "admin users" specifies a list of users who will
>effectively be "root" when accessing the share. That seems dangerous
>to me, but also, the man page says:
> This parameter will not work with the security = share in Samba
> 3.0. This is by design.
>I hope this helps.
>Michael Wood <esiotrot at gmail.com>
More information about the samba