[Samba] security = SHARE
Craig White
craigwhite at azapple.com
Wed Jul 7 20:54:26 MDT 2010
On Thu, 2010-07-08 at 02:44 +0200, José Puente wrote:
> Hello,
> Please, i need help with security mode = share.
> i want to configure security = share and the parameter "username = user"
> in a shared folder to avoid that everybody could access to it. f I have
> understood correctly the manual, this configuration enables to access if
> the password provided matches with the user`password. But when i try to
> access returns this error:
> smbclient //SERVER/Docs
> Enter user's password:
> Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.4.7]
> Server not using user level security and no password supplied.
> tree connect failed: NT_STATUS_WRONG_PASSWORD
>
> I also tried:
> smbclient -U user%passwd //SERVER/Docs
> Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.4.7]
> Server not using user level security and no password supplied.
> tree connect failed: NT_STATUS_WRONG_PASSWORD
>
> smbclient -U user%passwd //SERVER/Docs -P
> Failed to open /var/lib/samba/secrets.tdb
> ERROR: Unable to open secrets database
>
> sudo smbclient -U user%passwd //SERVER/Docs -P
> ERROR: Unable to fetch machine password for SERVER$@ in domain
> WORKGROUP
>
> If i change "passdb backend = smbpasswd" in GLOBAL options:
>
> smbclient -U user%passwd //SERVER/Docs -P -e -A
> /etc/samba/smbpasswd
> ERROR: Unable to open credentials file!
>
> sudo smbclient -U user%passwd //SERVER/Docs -P -e -A
> /etc/samba/smbpasswd
> ERROR: Unable to fetch machine password for SERVER$@ in domain
> WORKGROUP
>
> My system:
> Linux user-laptop 2.6.32-23-generic #37-Ubuntu SMP x86_64 GNU/Linux
>
> My config:
>
> testparm
>
> Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.4.7]
> smb: \> quit
> user at user-laptop:~$ testparm
> Load smb config files from /etc/samba/smb.conf
> rlimit_max: rlimit_max (1024) below minimum Windows limit (16384)
> Processing section "[printers]"
> Processing section "[print$]"
> Processing section "[Docs]"
> Processing section "[printers]"
> Loaded services file OK.
> Server role: ROLE_STANDALONE
> Press enter to see a dump of your service definitions
>
> [global]
> netbios name = SERVER
> server string = %h server (Samba, Ubuntu)
> map to guest = Bad User
> client lanman auth = Yes
> security = SHARE
> obey pam restrictions = Yes
> pam password change = Yes
> passwd program = /usr/bin/passwd %u
> passwd chat = *Enter\snew\s*\spassword:* %n\n
> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
> unix password sync = Yes
> syslog = 0
> log file = /var/log/samba/log.%m
> max log size = 1000
> dns proxy = No
> usershare allow guests = Yes
> panic action = /usr/share/samba/panic-action %d
>
> [printers]
> comment = All Printers
> path = /var/spool/samba
> create mask = 0700
> printable = Yes
> browseable = No
> browsable = No
>
> [print$]
> comment = Printer Drivers
> path = /var/lib/samba/printers
>
> [Docs]
> comment = Documents
> path = /home/user/Documentos/Docs
> read only = No
> username = user
>
> smbtree
>
> WORKGROUP
> \\SERVER server (Samba, Ubuntu)
> \\SERVER\IPC$ IPC Service (server (Samba,
> Ubuntu))
> \\SERVER\Docs Documents
> \\SERVER\print$ Printer Drivers
>
> sudo pdbedit -Lw
> nobody:65534:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U
> ]:LCT-00000000:
> user:1000:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:CC63D87C86C99FF2FB25B31C84CF584A:[U
> ]:LCT-4C23B25F:
> smbguest:1001:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U
> ]:LCT-00000000:
----
security = SHARE is like Windows 98 type share and there is no user
considered at all, only a password.
If you type 'testparm -sv' you will see all the settings and not those
specifically configured in smb.conf and the default is tdb which is
probably more than adequate for your purposes.
Does /var/lib/samba/secrets.tdb exist? What is the permissions?
If you set 'security = USER' and you seem to already have a samba user
called 'user' (from pdbedit output) and some password created, if you
have a posix user called 'user' and this 'user' has the ability to
access /home/user/Documentos/Docs it should probably work.
The Samba 'How-To' is extremely useful and you should refer to it. This
is a link to the various 'security modes'...
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ServerType.html
Craig
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the samba
mailing list