[Samba] Cant get authenticated readwrite and guest readonly configured properly

Jeff W jeff.w.bulk at gmail.com
Thu May 5 03:10:44 MDT 2011

Hi, I've spent the past 4 and a half hours trying to figure out how to
configure Samba the way I want, and I'm starting to wonder if what I
want to do is impossible. I've read the man page for smb.conf trying to
figure out what magic combination of options will work, and have scoured
as much Samba documentation as I can find looking for the right recipe,
but I'm having no luck. I'm hoping someone here can help enlighten me.

What I want is pretty simple, or so I thought.

Share 1 - media
read only as guest
read write if authenticated

Share 2 - porn
read write if authenticated
no guest access

In my tweaking of the settings it seems like I keep going back and forth
not able to find the right balance.  At one point I was able to read and
write, but wasn't able to get in without a password, and at other times
I've managed to configure it for guest access but it won't let me
authenticate successfully.

My present situation, is that I have guest access, but it will not
authenticate my username and password.
I have run smbpasswd for the samba user.

I'm running Samba Version 3.2.5 on Debian.

Here is my smb.conf file, with the comments stripped.
Any help is appreciated :)


   workgroup = WORKGROUP

   server string = Fileserver on %h

;   wins support = yes

;   wins server = w.x.y.z

   dns proxy = yes

;   name resolve order = lmhosts host wins bcast

;   interfaces = eth0

;   bind interfaces only = yes

   log file = /var/log/samba/log.%m

   max log size = 1000

   syslog only = no

   syslog = 1
   log level = 2

   panic action = /usr/share/samba/panic-action %d

   security = share

   encrypt passwords = true

   passdb backend = tdbsam

   obey pam restrictions = yes

   unix password sync = yes

   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .

   pam password change = yes

;   domain logons = yes
;   logon path = \\%N\profiles\%U

;   logon drive = H:

;   logon script = logon.cmd

; add user script = /usr/sbin/adduser --quiet --disabled-password
--gecos "" %u

; add machine script  = /usr/sbin/useradd -g machines -c "%u machine
account" -d /var/lib/samba -s /bin/false %u

; add group script = /usr/sbin/addgroup --force-badname %g

;   printing = bsd
;   printcap name = /etc/printcap

;   printing = cups
;   printcap name = cups

;   include = /home/samba/etc/smb.conf.%m

;   message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm %s' &

;   idmap uid = 10000-20000
;   idmap gid = 10000-20000
;   template shell = /bin/bash

;   winbind enum groups = yes
;   winbind enum users = yes

;   usershare max shares = 100

   comment = Movies and shows and stuffs
   path = /mnt2/media
   browseable = yes
   guest ok = yes
   read only = no
   users = chris

  comment= Does not contain pictures of puppies
  path = /mnt5/porn
  browseable = yes
  guest ok = no
  read only = no
  users = chris

More information about the samba mailing list