[Samba] security = SHARE

Craig White craigwhite at azapple.com
Wed Jul 7 20:54:26 MDT 2010 

On Thu, 2010-07-08 at 02:44 +0200, José Puente wrote:
> Hello,
> Please, i need help with security mode = share.
> i want to configure security = share and the parameter "username = user" 
> in a shared folder to avoid that everybody could access to it. f I have 
> understood correctly the manual, this configuration enables to access if 
> the password provided matches with the user`password. But when i try to 
> access returns this error:
>          smbclient //SERVER/Docs
>          Enter user's password:
>          Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.4.7]
>          Server not using user level security and no password supplied.
>          tree connect failed: NT_STATUS_WRONG_PASSWORD
> 
> I also tried:
>          smbclient -U user%passwd //SERVER/Docs
>          Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.4.7]
>          Server not using user level security and no password supplied.
>          tree connect failed: NT_STATUS_WRONG_PASSWORD
> 
>          smbclient -U user%passwd //SERVER/Docs -P
>          Failed to open /var/lib/samba/secrets.tdb
>          ERROR: Unable to open secrets database
> 
>          sudo smbclient -U user%passwd //SERVER/Docs -P
>          ERROR: Unable to fetch machine password for SERVER$@ in domain 
> WORKGROUP
> 
> If i change "passdb backend = smbpasswd" in GLOBAL options:
> 
>          smbclient -U user%passwd //SERVER/Docs -P -e -A 
> /etc/samba/smbpasswd
>          ERROR: Unable to open credentials file!
> 
>          sudo smbclient -U user%passwd //SERVER/Docs -P -e -A 
> /etc/samba/smbpasswd
>          ERROR: Unable to fetch machine password for SERVER$@ in domain 
> WORKGROUP
> 
> My system:
> Linux user-laptop 2.6.32-23-generic #37-Ubuntu SMP x86_64 GNU/Linux
> 
> My config:
> 
> testparm
> 
> Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.4.7]
> smb: \> quit
> user at user-laptop:~$ testparm
> Load smb config files from /etc/samba/smb.conf
> rlimit_max: rlimit_max (1024) below minimum Windows limit (16384)
> Processing section "[printers]"
> Processing section "[print$]"
> Processing section "[Docs]"
> Processing section "[printers]"
> Loaded services file OK.
> Server role: ROLE_STANDALONE
> Press enter to see a dump of your service definitions
> 
> [global]
>          netbios name = SERVER
>          server string = %h server (Samba, Ubuntu)
>          map to guest = Bad User
>          client lanman auth = Yes
>          security = SHARE
>          obey pam restrictions = Yes
>          pam password change = Yes
>          passwd program = /usr/bin/passwd %u
>          passwd chat = *Enter\snew\s*\spassword:* %n\n 
> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>          unix password sync = Yes
>          syslog = 0
>          log file = /var/log/samba/log.%m
>          max log size = 1000
>          dns proxy = No
>          usershare allow guests = Yes
>          panic action = /usr/share/samba/panic-action %d
> 
> [printers]
>          comment = All Printers
>          path = /var/spool/samba
>          create mask = 0700
>          printable = Yes
>          browseable = No
>          browsable = No
> 
> [print$]
>          comment = Printer Drivers
>          path = /var/lib/samba/printers
> 
> [Docs]
>          comment = Documents
>          path = /home/user/Documentos/Docs
>          read only = No
>          username = user
> 
> smbtree
> 
> WORKGROUP
>          \\SERVER         server (Samba, Ubuntu)
>                  \\SERVER\IPC$           IPC Service (server (Samba, 
> Ubuntu))
>                  \\SERVER\Docs           Documents
>                  \\SERVER\print$         Printer Drivers
> 
> sudo pdbedit -Lw
> nobody:65534:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U 
>           ]:LCT-00000000:
> user:1000:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:CC63D87C86C99FF2FB25B31C84CF584A:[U 
>           ]:LCT-4C23B25F:
> smbguest:1001:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U 
>           ]:LCT-00000000:
----
security = SHARE is like Windows 98 type share and there is no user
considered at all, only a password.

If you type 'testparm -sv' you will see all the settings and not those
specifically configured in smb.conf and the default is tdb which is
probably more than adequate for your purposes.

Does /var/lib/samba/secrets.tdb exist? What is the permissions?

If you set 'security = USER' and you seem to already have a samba user
called 'user' (from pdbedit output) and some password created, if you
have a posix user called 'user' and this 'user' has the ability to
access /home/user/Documentos/Docs it should probably work.

The Samba 'How-To' is extremely useful and you should refer to it. This
is a link to the various 'security modes'...

http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ServerType.html

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the samba mailing list