[Samba] Custom user shares
Ashley M. Kirchner
ashley at pcraft.com
Tue Apr 22 13:56:38 MDT 2014
Related question: when a user connects to their password protected share
(not by mapping the drive, but simply browsing to the server/share and
entering their credentials to connect to the share), how long till the
share "expires" so to speak. For example, I can connect to my share through
Windows Explorer, copy whatever I need copied, then close the window. If I
open explorer again a moment later, it still remembers the credentials and
gets me to the share without asking for credentials again. At what point
will that expire or will that only happen when the client computer gets
rebooted? Is there a way to control that, say if the connection is idling
for a certain amount of time, go ahead and close it and force a re-login?
On Tue, Apr 22, 2014 at 1:15 PM, Rowland Penny
<rowlandpenny at googlemail.com>wrote:
> On 22/04/14 19:59, Ashley M. Kirchner wrote:
>
>> *growl* This is what happens when I'm multi-tasking on both machines. That
>> was the wrong one, sorry about that. This is the correct one:
>>
>> [global]
>> workgroup = WORKGROUP
>> server string = Torino
>> netbios name = TORINO
>> netbios aliases = DIGILAB BACKUP
>>
>> interfaces = lo eth1 192.168.1.0/24
>>
>> # logs split per machine
>> log file = /var/log/samba/log.%m
>> # max 50KB per log file, then rotate
>> max log size = 50
>>
>> security = user
>> map to guest = Bad User
>>
>> local master = no
>> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>> wins support = no
>> dns proxy = no
>> load printers = no
>> disable spoolss = yes
>> printcap name = /dev/null
>>
>> smb ports = 139
>>
>> username map = /etc/samba/usermap.txt
>> include = /etc/samba/smb.include.%L
>>
>> Then for the passwordless share that everyone CAN connect to right now:
>>
>>> cat smb.include.digilab
>>>
>> [bda]
>> comment = BDA Files
>> browseable = yes
>> writable = yes
>> path = /home/digilab/BDA
>> guest ok = yes
>> public = yes
>> read only = no
>> force user = digilab
>> force group = digilab
>> create mask = 0777
>> directory mask = 0777
>> locking = no
>>
>> And for the one I'm trying to setup with password, which is giving me
>> access denied:
>>
>>> cat smb.include.backup
>>>
>> [kirash]
>> path = /mnt/backup/kirash
>> comment = Ashley M. Kirchner
>> writable = yes
>> valid users = kirash
>>
>> Both unix servers have a user login 'kirash'. On one server I can connect
>> to the samba share with a client just fine, on the older one I get access
>> denied.
>>
>
> You have no users in samba or unix so your password-less share works
> You have no users in samba or unix so your share that requires a valid
> user with a password doesn't work, or to put it another way:
>
> no users and password means that anybody can connect to your guest share,
> but you need samba/unix users with passwords to connect to the other share.
>
> Rowland
>
>
>
>
>> On Tue, Apr 22, 2014 at 12:50 PM, Rowland Penny <
>> rowlandpenny at googlemail.com
>>
>>> wrote:
>>> On 22/04/14 19:08, Ashley M. Kirchner wrote:
>>>
>>> Uh, excuse my ignorance, but what? What samba database? I didn't do
>>>> anything with any database on any of the servers, not the one that is
>>>> working fine nor this (older) one I'm trying to configure. If you're
>>>> referring specifically to the 'passdb backend' option, it's commented
>>>> out
>>>> on both servers.
>>>>
>>>> This is the complete smb.conf file on both.
>>>>
>>>> [global]
>>>> workgroup = WORKGROUP
>>>> server string = BRASCO
>>>> netbios name = BRASCO
>>>> interfaces = lo eth0 192.168.1.0/24
>>>>
>>>> # logs split per machine
>>>> log file = /var/log/samba/log.%m
>>>> # max 50KB per log file, then rotate
>>>> max log size = 50
>>>>
>>>> security = user
>>>>
>>>> local master = no
>>>>
>>>> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>>>>
>>>> wins support = no
>>>> dns proxy = no
>>>> load printers = no
>>>> disable spoolss = yes
>>>> printcap name = /dev/null
>>>>
>>>> smb ports = 139
>>>> username map = /etc/samba/usermap.txt
>>>>
>>>> [kirash]
>>>> path = /opt/backup/kirash
>>>> comment = Ashley M. Kirchner
>>>> writable = yes
>>>> valid users = kirash
>>>>
>>>>
>>>> On Tue, Apr 22, 2014 at 11:56 AM, Marc Muehlfeld <mmuehlfeld at samba.org
>>>>
>>>>> wrote:
>>>>>
>>>> Hello Ashley,
>>>>
>>>>> Am 22.04.2014 19:45, schrieb Ashley M. Kirchner:
>>>>>
>>>>> We have an old internal server running samba version 3.2.15 which
>>>>> can't
>>>>>
>>>>>> be
>>>>>> upgraded for different reasons. It's been running several passwordless
>>>>>> shares with no problem. Now I'm trying to configure passworded user
>>>>>> shares
>>>>>> and not having much luck. I'm wondering if someone can help me
>>>>>> diagnose
>>>>>> this:
>>>>>>
>>>>>> In smb.conf I have
>>>>>>
>>>>>> security = user
>>>>>> map to guest = Bad user
>>>>>> ...
>>>>>> username map = /etc/samba/usermap.txt
>>>>>>
>>>>>> The public shares are setup as follows:
>>>>>> [bda]
>>>>>> comment = BDA Files
>>>>>> browseable = yes
>>>>>> writable = yes
>>>>>> path = /opt/bda
>>>>>> guest ok = yes
>>>>>> public = yes
>>>>>> read only = no
>>>>>> force user = nobody
>>>>>> force group = nobody
>>>>>> create mask = 0777
>>>>>> directory mask = 0777
>>>>>> locking = no
>>>>>>
>>>>>> *This all works.*
>>>>>>
>>>>>>
>>>>>> Now for the user shares, I have this:
>>>>>> [kirash]
>>>>>> path = /opt/backup/kirash
>>>>>> comment = Ashley M. Kirchner
>>>>>> writable = yes
>>>>>> valid users = kirash
>>>>>>
>>>>>> The unix user 'kirash' exists.
>>>>>> usermap.txt has a line in it that maps the user as follows:
>>>>>> kirash = AshleyMKirchner
>>>>>>
>>>>>> But when I try to access that share from my client I get access
>>>>>> denied.
>>>>>>
>>>>>> Interestingly enough, I have a second samba server with a more recent
>>>>>> version, 3.6.9 to be exact, with the same exact samba configuration
>>>>>> and
>>>>>> that DOES WORK. I can access the share, it asks for the user
>>>>>> credentials
>>>>>> (as set on that unix server) and I'm able to log in and access that
>>>>>> share
>>>>>> just fine.
>>>>>>
>>>>>> So what am I missing on the older server that's causing it to deny
>>>>>> access?
>>>>>>
>>>>>> Note: our network does NOT use any kind of directory or other server
>>>>>> log
>>>>>> ins. Each client is on their own.
>>>>>>
>>>>>>
>>>>>> You said the user is existing in unix. But is it also existing in the
>>>>> samba database? As you haven't posted the complete smb.conf, I guess
>>>>> you
>>>>> use tdb. Then have a look at 'smbpasswd' (-e / -a). If Samba uses a
>>>>> different backend, please provide some more details.
>>>>>
>>>>>
>>>>> Regards,
>>>>> Marc
>>>>>
>>>>>
>>>>>
>>>>> You seem to have lost this line:
>>>>>
>>>>
>>> map to guest = Bad user
>>>
>>> it was in your first post, this is in man smb.conf:
>>>
>>> · Bad User - Means user logins with an invalid password are
>>> rejected, unless the username does not exist, in which
>>> case
>>> it
>>> is treated as a guest login and mapped into the guest
>>> account.
>>>
>>> So, as you don't have any samba users (and provided you don't have any
>>> unix users on the machine that is running samba) all users should be able
>>> to connect.
>>>
>>> But then you have the share, where the only valid user is kirash, try
>>> removing this and then adding 'guest ok = yes'
>>>
>>> This should work, unless you have missed telling us something.
>>>
>>> Rowland
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions: https://lists.samba.org/mailman/options/samba
>>>
>>>
>>>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list