[Samba] Standalone Server User Import / Export

Rowland penny rpenny at samba.org
Fri Aug 9 07:45:27 UTC 2019 

On 09/08/2019 07:38, David Ayers via samba wrote:
> Am Donnerstag, den 08.08.2019, 20:01 +0100 schrieb Rowland penny via
> samba:
>> On 08/08/2019 19:10, David Ayers wrote:
>>>> Can we see your smb.conf file ?
>>> attached... slightly redacted.
>> Inline without all the commented lines and default settings:
>>
>> [global]
>>      workgroup = WORKGROUP
>>      netbios name = REDACTED
>>      server string = %h server
>>      dns proxy = no
>>      log file = /var/log/samba/log.%m
>>      max log size = 1000
>>      syslog = 0
>>      panic action = /usr/share/samba/panic-action %d
>>      server role = standalone server
>>      obey pam restrictions = yes
>>      unix password sync = yes
>>      passwd program = /usr/bin/passwd %u
>>      passwd chat = *Enter\snew\s*\spassword:* %n\n
>> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>>      pam password change = yes
>>      map to guest = bad user
>>      usershare allow guests = yes
>>
>> [homes]
>>      comment = Home Directories
>>      browseable = no
>>      create mask = 0700
>>      directory mask = 0700
>>      valid users = %S
>>
>> [printers]
>>      comment = All Printers
>>      browseable = no
>>      path = /var/spool/samba
>>      printable = yes
>>      create mask = 0700
>>
>> [print$]
>>      comment = Printer Drivers
>>      path = /var/lib/samba/printers
>>
>> [resources]
>>      comment = Redacted Resources
>>      username = redacted
>>      read only = No
>>      create mask = 0664
>>      directory mask = 0775
>>      path = /usr/Redacted
>>
>> [sicherung]
>>      comment = Server Sicherung
>>      username = redacted
>>      path = /var/Redacted
> I should have generated this with testparm?
>
>> Only one comment, 'username' was removed at 4.5.0, you should use
>> 'valid users' instead.
> testparm would have told me that and would have filtered it from the
> output... my bad.  I have now replaced 'username' with 'valid users'.
> 'valid user'
>> Can you upgrade Samba in place ?
> Not very keen on not being able rely on Debian (old)stable security
> upgrades and the concerted package upgrades... but if need be, I guess.
>   The upgrade to Buster isn't rely planned until early next year.
>
> But what I could do, is copy the setup incl. the tdb files to a test VM
> to try to reproduce it, upgrade that test VM in the hope to produce a
> dump, that can then be imported back into new clean installation of the
> older version.
>
> Is that feasible?
> I.e. would a clean dump of a later version be backward compatible to
> 4.5.16-Debian?
Yes and Yes
>
>> You may have a problem, but it may already have been fixed in a
>> later version
> Understood.
>
> Since I personally didn't have the passwords, was never able to test
> the other systems access (and non access).  I also explicitly have
> "guest ok = No" set.  So I got to wondering, if username had been
> ignored all this time, why could the machines access the shares at all?
>   But I guess, the reason is that a standalone server would still
> require an authenticated user but any authenticated user would do,
> correct?

The 'username' parameter would have been ignored, so any authenticated 
user would be allowed access.

Rowland

More information about the samba mailing list