[Samba] Behavior of deprecated share security with user security

Jobin, Gaël gael.jobin at switzerlandmail.ch
Sat May 24 03:43:48 MDT 2014


 

Hi everyone, 

I have a question since the security type "share" has been removed. How
a guest user can access/see the shared folders of a computer without
being prompted for its credentials with "security=user"? 

What I mean is... 

When I'm on a windows 7 computer and try to access an other Windows 7
computer that appears in "Network", I can see the shared folders. If I
try to access some of them, it asks me for an user/password or not
(depending how the sharing is made).

 Now, with the config below, the Samba server appears as expected in the
"Network" list of my Windows 7 computer. If I try to access the Samba
server, it ask directly for an user/password. I don't want to enter a
password at this level, so I enter something wrong (like "anonymous" or
anything else) and I can see the shared folders available on my Samba
server. Then, I want to browse into "LocalW". Double-click on "LocalW"
and another login pop-up appears. So now, I enter the right
username/password that exist on my Samba server (both in Linux and
smbpasswd). The result is that the access is denied, even with the good
username/password... 

The access to "Local" and "Public" share are working fine. No "second"
credentials are asked and the folders are readable (and writable for
"Public") as expected. 

To sum up, I would like to remove the first user/password request.
First, because at this level (just a view on available shared folders )
I consider that everyone have the right to see/browse this list. Second,
because "Local" and "Public" shared folders are used by guest users and
I want a transparent access to these shared folders (no authentication).
(This "sharing behavior" works fine with "security=share" option.) 

Thank you very much for your help. 

Gaël 

PS: Sorry for my poor english... 

SMB.CONF 

> [global]
> include = /etc/samba/dhcp.conf
> 
> workgroup = WORKGROUP
> server string = %h server
> dns proxy = no
> interfaces = 192.168.1.0/24
> socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE
> 
> log file = /var/log/samba/log.%m
> log level = 3
> max log size = 1000
> syslog = 0
> panic action = /usr/share/samba/panic-action %d
> 
> security = user
> encrypt passwords = true
> passdb backend = smbpasswd
> obey pam restrictions = no
> unix password sync = yes
> passwd program = /usr/bin/passwd %u
> passwd chat = *Entersnews*spassword:* %nn *Retypesnews*spassword:* %nn *passwordsupdatedssuccessfully* .
> pam password change = yes
> 
> map to guest = bad user
> guest account = nobody
> invalid users = root
> 
> usershare max shares = 0
> use sendfile = yes
> deadtime = 15
> 
> [Local]
> comment = Media Share
> path = /var/www/local
> browseable = yes
> guest ok = yes
> create mask = 0744
> inherit owner = yes
> hide dot files = yes
> writeable = no
> veto files = /lost+found/
> 
> [LocalW]
> comment = Media Share
> path = /var/www/local
> browseable = yes
> guest ok = no
> create mask = 0744
> inherit owner = yes
> hide dot files = yes
> writeable = yes
> veto files = /lost+found/
> 
> [Public]
> comment = Public Share
> path = /var/tmp/Common
> browseable = yes
> writeable = yes
> guest ok = yes
> create mask = 0744

 


More information about the samba mailing list