[Samba] FW: desperate help needed - Samba and security = share

Andrew Bartlett abartlet at samba.org
Mon Jan 26 23:43:13 MST 2015

On Fri, 2015-01-23 at 14:08 +0000, Gary Stainburn wrote:
> I posted this on the Fedora users list this morning, where it was suggested I 
> post it here. I'm hoping someone will help me. I know that this is an old and 
> probably worn out topic but I need a quick workable solution before the old 
> server dies, which hopefully won't involve me redesigning everything and 
> having to update 120+ client PCs:
> Many years ago I built a server on Fedora 8 which became my core network 
> server running all the network servers (DNS etc) as well as a host of custom 
> services over inetd, However it's main purpose was to service Samba shares.
> That server is now failing so I've just spent a week building a new F20 server 
> and converting everything from F8 to F20 - amazing number of changes needed 
> but also an amazing number of things are still the same.
> Last of the things to move because the old server is still live and serving is 
> SAMBA.  This is where I need the help.
> All of my servers run the same type of setup and it's all based 
> around "security = share". Why is this so universally declared as bad??
> I know when I built some F16 servers it said that "security = share" was 
> depreciated but it still let me use it. Now with F20 it just refuses.
> The problem is that security = share did *exactly* what I wanted and now I 
> can't seem to achieve the same effect any other way.
> Very simply, I use the [homes] section and have about 10 users defined on the 
> server - service, parts, admin etc.
> Then for each user PC (approx 120 - 150) I then map a network drive to each 
> service that is required. Many only have one or two but some people such as 
> admin have access to sales, accounts, wages and admin.
> All very simple and faultless for 8 years.
> Now, when I try some of the examples found online, client PCs seem to be able 
> to connect to the first share ok but then whenever I try to connect a second 
> share it complains about having to log out of the first share first.
> Can anyone please help me here. If I can't get it working I'll have to scrap 
> my week's work and install F16 on this box.

You will need to define your 150 users on your server, give them Samba
passwords and give them access to those shares via standard unix groups
and group permissions on the share folders, or (less preferred) the
valid users entry in smb.conf.

I hope this helps,

Andrew Bartlett

Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list