[Samba] Standalone Server User Import / Export
Rowland penny
rpenny at samba.org
Fri Aug 9 07:45:27 UTC 2019
On 09/08/2019 07:38, David Ayers via samba wrote:
> Am Donnerstag, den 08.08.2019, 20:01 +0100 schrieb Rowland penny via
> samba:
>> On 08/08/2019 19:10, David Ayers wrote:
>>>> Can we see your smb.conf file ?
>>> attached... slightly redacted.
>> Inline without all the commented lines and default settings:
>>
>> [global]
>> workgroup = WORKGROUP
>> netbios name = REDACTED
>> server string = %h server
>> dns proxy = no
>> log file = /var/log/samba/log.%m
>> max log size = 1000
>> syslog = 0
>> panic action = /usr/share/samba/panic-action %d
>> server role = standalone server
>> obey pam restrictions = yes
>> unix password sync = yes
>> passwd program = /usr/bin/passwd %u
>> passwd chat = *Enter\snew\s*\spassword:* %n\n
>> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>> pam password change = yes
>> map to guest = bad user
>> usershare allow guests = yes
>>
>> [homes]
>> comment = Home Directories
>> browseable = no
>> create mask = 0700
>> directory mask = 0700
>> valid users = %S
>>
>> [printers]
>> comment = All Printers
>> browseable = no
>> path = /var/spool/samba
>> printable = yes
>> create mask = 0700
>>
>> [print$]
>> comment = Printer Drivers
>> path = /var/lib/samba/printers
>>
>> [resources]
>> comment = Redacted Resources
>> username = redacted
>> read only = No
>> create mask = 0664
>> directory mask = 0775
>> path = /usr/Redacted
>>
>> [sicherung]
>> comment = Server Sicherung
>> username = redacted
>> path = /var/Redacted
> I should have generated this with testparm?
>
>> Only one comment, 'username' was removed at 4.5.0, you should use
>> 'valid users' instead.
> testparm would have told me that and would have filtered it from the
> output... my bad. I have now replaced 'username' with 'valid users'.
> 'valid user'
>> Can you upgrade Samba in place ?
> Not very keen on not being able rely on Debian (old)stable security
> upgrades and the concerted package upgrades... but if need be, I guess.
> The upgrade to Buster isn't rely planned until early next year.
>
> But what I could do, is copy the setup incl. the tdb files to a test VM
> to try to reproduce it, upgrade that test VM in the hope to produce a
> dump, that can then be imported back into new clean installation of the
> older version.
>
> Is that feasible?
> I.e. would a clean dump of a later version be backward compatible to
> 4.5.16-Debian?
Yes and Yes
>
>> You may have a problem, but it may already have been fixed in a
>> later version
> Understood.
>
> Since I personally didn't have the passwords, was never able to test
> the other systems access (and non access). I also explicitly have
> "guest ok = No" set. So I got to wondering, if username had been
> ignored all this time, why could the machines access the shares at all?
> But I guess, the reason is that a standalone server would still
> require an authenticated user but any authenticated user would do,
> correct?
The 'username' parameter would have been ignored, so any authenticated
user would be allowed access.
Rowland
More information about the samba
mailing list