Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi
I have samba running on one of my servers at work. I have been requested to give 50 users access to one share on the server. Rather than creating individual samba accounts for the 50 users I was wondering if it was possible to create a generic samba login to this share so users can simultaniously access it?
Any help will be much much appreciated.
The only problem I see is you will not have control who will access your system. If the access to this machines is restrict, and the lan access is limited then that would be fine.
The problem is if you have broad access over several rooms without access control, then some one could access your shares by using that well known username/password without your knownledge and control.
I understand about the security side of things as the mapping to this share drive folder iam trying to create will be created on personal laptops so I will not really have controls of the users computers however they will only have read permission on the share folder itself on the server. Also the lan access is limited in the sense that users have to be on site to access to the server. As far as the data concerened that will be enough security. The only issue is I am not sure in how to go about creating a generic account in Samba to implment the above.
Any help will be much appreciated.
Create a generic unix account into the samba server and add the same account to the samba by issuing the command "smbpasswd -a generic_account_name".
Create the share that looks like this:
Code:
[GenericArea]
comment = Generic Area
path = /export/samba/commom
valid users = generic_account_name
force user = generic_account_name
force group = generic_group_account_name
read only = Yes
The valid users limits who can access the share. In your case it is only one user.
The force lines sets the user and group, just in case.
Would it make security too loose to just set up a public share with read-only access? That would make logons entirely unnecessary, and a user would be able to access the share just by knowing the server name or ip address.
I see what your saying Dmjmusser. The only issue is that that makes is possible for anyone on campus to have access to that data, which I would rather avoid if i can
marozsas, I tried the above suggested with the following lines added to smb.conf:
[genaccesstoipri]
comment = generic ipri access for postgrads
path = /home/share/ipri
valid users = useripri
force user = useripri
force group = genaccesstoipri
read only = Yes
I also created a unix account via the useradd command and the samba account via the command smbpasswd -a generic_account_name however didnt have any luck. I feel I have made an obvious mistake somewhere but being the idiot iam i cant seem to find it. Any idea?.....
Last edited by fedora_user; 02-22-2006 at 09:31 AM.
From the samba server, as a regular user, try to have access to the share by issuing the command "smbclient //localhost/genaccesstoipri -U useripri%password_for_this_user". If you succeed, you will get the "smb: \>" prompt. Try a "ls" command to list the share contents, "cd" to navigate, rename, put and get commands. This is more like ftp get/put commands. The put command will fail since is a read only share.
If this works, then you have access to the share by SMB protocol.
If not, please, be more specific about what's wrong. All information is important to helps us to figure out where is the problem.
By the way, the directory /home/share/ipri on server must be owned by useripri, group genaccesstoipri and it must have at least rwx permission to owner.
Ive realised that useripri and group genaccesstoipri cannot own ipri directory. There is already an owner of the directory /home/share/ipri and a group called ipri. I could add this account useripri to this group but this group in fact gives its users rwx rights to this directory, which is not what I want for the user useripri. The group iam referring to is:
[ipri]
comment = IPRI
path = /home/share/ipri
valid users = @ipri
writeable = yes
write list = jay librarian
Is there a way useripri can be part of this group but only have read options to the directory /home/share/ipri??
Sorry marozsas if iam not being clear enough...iam learning-lol
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.