[Samba] Standalone Server User Import / Export

David Ayers ayers at fsfe.org
Fri Aug 9 06:38:40 UTC 2019


Am Donnerstag, den 08.08.2019, 20:01 +0100 schrieb Rowland penny via
samba:
> On 08/08/2019 19:10, David Ayers wrote:
> > > Can we see your smb.conf file ?
> > 
> > attached... slightly redacted.
> 
> Inline without all the commented lines and default settings:
> 
> [global]
>     workgroup = WORKGROUP
>     netbios name = REDACTED
>     server string = %h server
>     dns proxy = no
>     log file = /var/log/samba/log.%m
>     max log size = 1000
>     syslog = 0
>     panic action = /usr/share/samba/panic-action %d
>     server role = standalone server
>     obey pam restrictions = yes
>     unix password sync = yes
>     passwd program = /usr/bin/passwd %u
>     passwd chat = *Enter\snew\s*\spassword:* %n\n 
> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>     pam password change = yes
>     map to guest = bad user
>     usershare allow guests = yes
> 
> [homes]
>     comment = Home Directories
>     browseable = no
>     create mask = 0700
>     directory mask = 0700
>     valid users = %S
> 
> [printers]
>     comment = All Printers
>     browseable = no
>     path = /var/spool/samba
>     printable = yes
>     create mask = 0700
> 
> [print$]
>     comment = Printer Drivers
>     path = /var/lib/samba/printers
> 
> [resources]
>     comment = Redacted Resources
>     username = redacted
>     read only = No
>     create mask = 0664
>     directory mask = 0775
>     path = /usr/Redacted
> 
> [sicherung]
>     comment = Server Sicherung
>     username = redacted
>     path = /var/Redacted

I should have generated this with testparm?

> Only one comment, 'username' was removed at 4.5.0, you should use
> 'valid users' instead.

testparm would have told me that and would have filtered it from the
output... my bad.  I have now replaced 'username' with 'valid users'.
'valid user'
> Can you upgrade Samba in place ?

Not very keen on not being able rely on Debian (old)stable security
upgrades and the concerted package upgrades... but if need be, I guess.
 The upgrade to Buster isn't rely planned until early next year.

But what I could do, is copy the setup incl. the tdb files to a test VM
to try to reproduce it, upgrade that test VM in the hope to produce a
dump, that can then be imported back into new clean installation of the
older version.

Is that feasible?
I.e. would a clean dump of a later version be backward compatible to
4.5.16-Debian?

> You may have a problem, but it may already have been fixed in a
> later version

Understood.

Since I personally didn't have the passwords, was never able to test
the other systems access (and non access).  I also explicitly have
"guest ok = No" set.  So I got to wondering, if username had been
ignored all this time, why could the machines access the shares at all?
 But I guess, the reason is that a standalone server would still
require an authenticated user but any authenticated user would do,
correct?

Thank you!
David

-- 
David Ayers - Team Austria
Free Software Foundation Europe (FSFE) []          (http://www.fsfe.org)
Become a supporter of the FSFE!      [][][]      (https://fsfe.org/join)
Your donation powers our work!         ||       (http://fsfe.org/donate)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba/attachments/20190809/83542526/signature.sig>


More information about the samba mailing list