[Samba] Standalone Server User Import / Export
David Ayers
ayers at fsfe.org
Fri Aug 9 06:38:40 UTC 2019
Am Donnerstag, den 08.08.2019, 20:01 +0100 schrieb Rowland penny via
samba:
> On 08/08/2019 19:10, David Ayers wrote:
> > > Can we see your smb.conf file ?
> >
> > attached... slightly redacted.
>
> Inline without all the commented lines and default settings:
>
> [global]
> workgroup = WORKGROUP
> netbios name = REDACTED
> server string = %h server
> dns proxy = no
> log file = /var/log/samba/log.%m
> max log size = 1000
> syslog = 0
> panic action = /usr/share/samba/panic-action %d
> server role = standalone server
> obey pam restrictions = yes
> unix password sync = yes
> passwd program = /usr/bin/passwd %u
> passwd chat = *Enter\snew\s*\spassword:* %n\n
> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
> pam password change = yes
> map to guest = bad user
> usershare allow guests = yes
>
> [homes]
> comment = Home Directories
> browseable = no
> create mask = 0700
> directory mask = 0700
> valid users = %S
>
> [printers]
> comment = All Printers
> browseable = no
> path = /var/spool/samba
> printable = yes
> create mask = 0700
>
> [print$]
> comment = Printer Drivers
> path = /var/lib/samba/printers
>
> [resources]
> comment = Redacted Resources
> username = redacted
> read only = No
> create mask = 0664
> directory mask = 0775
> path = /usr/Redacted
>
> [sicherung]
> comment = Server Sicherung
> username = redacted
> path = /var/Redacted
I should have generated this with testparm?
> Only one comment, 'username' was removed at 4.5.0, you should use
> 'valid users' instead.
testparm would have told me that and would have filtered it from the
output... my bad. I have now replaced 'username' with 'valid users'.
'valid user'
> Can you upgrade Samba in place ?
Not very keen on not being able rely on Debian (old)stable security
upgrades and the concerted package upgrades... but if need be, I guess.
The upgrade to Buster isn't rely planned until early next year.
But what I could do, is copy the setup incl. the tdb files to a test VM
to try to reproduce it, upgrade that test VM in the hope to produce a
dump, that can then be imported back into new clean installation of the
older version.
Is that feasible?
I.e. would a clean dump of a later version be backward compatible to
4.5.16-Debian?
> You may have a problem, but it may already have been fixed in a
> later version
Understood.
Since I personally didn't have the passwords, was never able to test
the other systems access (and non access). I also explicitly have
"guest ok = No" set. So I got to wondering, if username had been
ignored all this time, why could the machines access the shares at all?
But I guess, the reason is that a standalone server would still
require an authenticated user but any authenticated user would do,
correct?
Thank you!
David
--
David Ayers - Team Austria
Free Software Foundation Europe (FSFE) [] (http://www.fsfe.org)
Become a supporter of the FSFE! [][][] (https://fsfe.org/join)
Your donation powers our work! || (http://fsfe.org/donate)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba/attachments/20190809/83542526/signature.sig>
More information about the samba
mailing list