LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-21-2014, 04:00 PM   #1
gagou7
LQ Newbie
 
Registered: Sep 2009
Distribution: Ubuntu 9.04 / Debian 5.0 / Backtrack 3
Posts: 27

Rep: Reputation: 0
Make the Samba root share public


Hi all,

I have a Debian server with Samba running on it. I would like to access it throught another computer (Windows 7).

My Samba config is very simple:

smb.conf
Code:
[global]
include = /etc/samba/dhcp.conf

workgroup = WORKGROUP
server string = %h server
dns proxy = no
interfaces = 192.168.1.0/24
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE

log file = /var/log/samba/log.%m
log level = 3
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d

security = user
encrypt passwords = true
passdb backend = smbpasswd
obey pam restrictions = no
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes

map to guest = bad user
guest account = nobody
invalid users = root

usershare max shares = 0
use sendfile = yes
deadtime = 15

[Local]
comment = Media Share
path = /var/www/local
browseable = yes
guest ok = yes
create mask = 0744
inherit owner = yes
hide dot files = yes
writeable = yes
veto files = /lost+found/

[LocalW]
comment = Media Share
path = /var/www/local
browseable = yes
guest ok = no
create mask = 0744
inherit owner = yes
hide dot files = yes
writeable = yes
veto files = /lost+found/

[Public]
comment = Public Share
path = /var/tmp/Common
browseable = yes
writeable = yes
guest ok = yes
create mask = 0744

When I'm on the windows 7 computer and I try to access an other Windows 7 computer that appears in "Network", I can see the shared folders. If I try to access some of them, it ask me for an user/password (depending how the sharing is made).

My goal is to have the same behavior on my Samba server as between two windows 7 computers !

So what?

Now, with the config above, the Samba server appears as expected in the "Network" list of my Windows 7 computer. If I try to access the Samba server, it ask directly for an user/password. I don't want to enter a password at this level, so I enter something wrong and I can access the list of shared folders. Then, I want to browse into "LocalW". Double-click on "LocalW" and another login pop-up appears. So now, I enter the right username/password that exist on my Samba server (both in Linux and smbpasswd). The result is that the access is denied, even with the good username/password...

The access to "Local" and "Public" are working fine. No "second" credentials are asked and the folder is browseable. I would like to remove the first user/password request (because "Local" and "Public" shared folders are used by guest user) as everyone could have a transparent access to these shared folders.

It work only if I enter a valid username/password in the first pop-up. It seems that the whole authentication is based on the first credentails I submit. The second login pop-up is quiet useless...

Questions

I know the solution: "security = share"

But since this feature has been removed in Samba4, how could we obtain the same behavior with "security = user" ?

Last edited by gagou7; 05-24-2014 at 11:49 AM.
 
Old 05-21-2014, 08:20 PM   #2
allend
Senior Member
 
Registered: Oct 2003
Location: Melbourne
Distribution: Slackware-current
Posts: 4,433

Rep: Reputation: 1353Reputation: 1353Reputation: 1353Reputation: 1353Reputation: 1353Reputation: 1353Reputation: 1353Reputation: 1353Reputation: 1353Reputation: 1353
You need to specify the users that are allowed to log onto the share.
Code:
[LocalW]
comment = Media Share
path = /var/www/local
browseable = yes
guest ok = no
create mask = 0744
inherit owner = yes
hide dot files = yes
writeable = yes
veto files = /lost+found/
valid users = <your list of valid user names>
 
1 members found this post helpful.
Old 05-24-2014, 04:22 AM   #3
gagou7
LQ Newbie
 
Registered: Sep 2009
Distribution: Ubuntu 9.04 / Debian 5.0 / Backtrack 3
Posts: 27

Original Poster
Rep: Reputation: 0
Hi, thanks for your answer !

Unfortunately, even with "valid users = <myuser>", it keeps asking for credentials when I try to browse the available shared folders. And if, at first, I enter a wrong username/password, it keeps refusing my valid credentails when accessing LocalW...

Another idea?

Last edited by gagou7; 05-24-2014 at 04:23 AM.
 
Old 05-24-2014, 05:33 AM   #4
allend
Senior Member
 
Registered: Oct 2003
Location: Melbourne
Distribution: Slackware-current
Posts: 4,433

Rep: Reputation: 1353Reputation: 1353Reputation: 1353Reputation: 1353Reputation: 1353Reputation: 1353Reputation: 1353Reputation: 1353Reputation: 1353Reputation: 1353
Quote:
passdb backend = smbpasswd
Perhaps you should be using
Code:
passdb backend = tdbsam
instead of the old smbpasswd.

As root, check the contents of /etc/samba/private/ and see if the file names end in .tdb
If so, check credentials with 'pdbedit -L' run as root.
 
Old 05-24-2014, 11:48 AM   #5
gagou7
LQ Newbie
 
Registered: Sep 2009
Distribution: Ubuntu 9.04 / Debian 5.0 / Backtrack 3
Posts: 27

Original Poster
Rep: Reputation: 0
I finally found the answer on the mailinglist of samba.

When you try to reach a share on the network with Windows, at first, it transparently send the credentials of the local account currently logged in. It means that the Samba server will receive a first attempt to log in from the Windows computer. Normally, thanks to "map to guest = bad user", the acess will not be denied but accepted as a guest user instead. If the connection is still rejected, the login pop-up shows up !

What's happen if you submit a valid username with a wrong password?

In this case, because of the "map to guest = bad user", the login is rejected ! And here's the real problem ! At home, I have different computers (dual boot on each PC/laptop) as many different accounts on them but always with the same username (different password for each account).

So, in my case, to have the right behavior, I must change "map to guest = bad user" by "map to guest = bad password". Like this, the hidden first attempt to connect will fail like before but instead of being rejected (because of the valid username, wrong password), I am going to be mapped as a guest user. The donwside of this approach is mentioned in the manpage of smb.conf:

"any user incorrectly typing their password will be silently logged on as "guest" - and will not know the reason they cannot access files they think they should - there will have been no message given to them that they got their password wrong"
http://www.samba.org/samba/docs/man/...mb.conf.5.html


But forasmuch as it's for a personnal use, I will not manage thousand of account ;-)

Anyway, thank you for your help !

Regards,
gagou7

Last edited by gagou7; 05-24-2014 at 11:53 AM.
 
Old 05-24-2014, 01:05 PM   #6
allend
Senior Member
 
Registered: Oct 2003
Location: Melbourne
Distribution: Slackware-current
Posts: 4,433

Rep: Reputation: 1353Reputation: 1353Reputation: 1353Reputation: 1353Reputation: 1353Reputation: 1353Reputation: 1353Reputation: 1353Reputation: 1353Reputation: 1353
Thanks for reporting back with your solution as it may help someone else.

It is your setup and your responsibility to handle user names and passwords as you choose.

Have fun:-)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Samba with public and private share anindyameister Linux - Software 1 05-23-2013 11:33 AM
Samba public share FNC Linux - Software 9 11-14-2005 08:54 PM
Network public samba share Imaboyo Linux - Newbie 0 08-14-2004 03:14 PM
public share in samba brasuca Linux - Software 2 05-10-2004 10:07 AM
Public Samba share mdpowell Linux - Software 1 03-13-2002 11:41 AM


All times are GMT -5. The time now is 03:57 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration