[Samba] User security and public shares

Lord Devi lorddevi at gmail.com
Sat Jul 17 22:49:12 MDT 2010


My name is Casey Quibell and I am new to the samba mailing list.

I am having some problems with a small samba configuration. Essentially I
have tried to create a configuration in which two shares exist ( [data], and
[apps] ) that require user authentication to access. While at the same time
there exists a share, [public] which I want to be browseable and connectable
by everyone with NO password. I have browseable = yes, public = yes, and
guest ok = yes, but still my configuration seems to require a login and
password for people to access or even SEE [public].

[data], and [apps] are functioning as intended. (User fileserver can read
and write to [data], and also read from [apps]. While user sambaadmin can
read and write from both just fine). But if I try to browse to the samba
server with no password or name, I can not see the [public] share, nor
access it. Both users, fileserver, and sambaadmin can access [public] just
fine if they are used as the login credentials, but this is hardly the kind
of Public or guest access I am trying to achieve.

If someone could point out what it is I am doing wrong in my smb.conf, it
would be greatly appreciated!

# Identity
  workgroup = Majestic
  netbios name = Backup-01
  server string = Primary Fileserver

# Security
  security = user
  encrypt passwords = true
  passdb backend = tdbsam
  username map = /etc/samba/smbusers
  unix password sync = yes
  passwd program = /usr/bin/passwd %u
  passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:*
%n\n *password\supdated\ssuccessfully* .
  pam password change = yes
  map to guest = nobody
  log file = /var/log/samba/%m.log
  create mask = 0644
  directory mask = 0755
  browseable = yes
  public = yes

# Roles
  domain master = yes
  local master = Yes
  preferred master = Yes
  os level = 35
  wins support = yes
  dns proxy = no

# Printing
  cups options = raw
  load printers = yes
  printing = cups
  printcap name = cups

  comment = Public Share - All Users
  path = /samba/public
  writeable = yes
  guest ok = yes
  public = yes
  browseable = yes
;  valid users = fileserver, nobody
;  force group = nobody
;  force user = nobody
  create mask = 0666
  directory mask = 0777

  comment = Data Share
  path = /samba/data
  writeable = yes
  guest ok = no
  browseable = no
  create mask = 0666
  directory mask = 0777
  valid users = fileserver
  force group = fileserver
  force user = fileserver

  comment = Applications Share
  path = /samba/apps
  writeable = no
  guest ok = no
  browseable = no
  create mask = 0755
  directory mask = 0755
  valid users = fileserver, sambaadmin
  write list = sambaadmin
  force group = sambaadmin
  force user = sambaadmin

More information about the samba mailing list