For that you should stick with the 'security = user' option.
To setup a share accessible by <user1> and <user2> but only writable by <user1> you can have settings like this
Also remember that the Linux directory permissions take precedence over the Samba share permissions, so <user1> and <user2> would need to have access to the directory on which the share is mounted.

I plan on having the drive be ext4 (and encrypted, but that shouldn't affect the file system at all)... does it have to be an MS readable/writable format in order for my Windows machines to use it? EDIT: Quick Google search says no, please correct me if this is wrong.

That is what is suggested by AlienBOB's method, however I was under the impression that every time I access a share from a Windows computer a user/pass box would come up (and apparently Windows makes storing credentials difficult).

No - I have Windows machines that write quite happily to shares on ext4 and reiserfs formatted partitions.
You will need to provide credentials on initial connection. My experience is that Windows caches credentials and that it can be incredibly difficult to get Windows to forget cached credentials!

[QUOTE=spudgunner;4723891]Thanks for all the awesome replies, it looks like I know what I'll be doing when I get home from work tonight!

@slackass: Please don't be offended, but I'll be giving your method a try after I try what ponce posted, only for the fact that his is much less complex. Whether or not I get his working, I'll be trying yours next because your (AlienBOB's) method allows for the creation of user-specific shares down the road, and I'd like to keep that option open. I am going to be leaving out all of the printer-related stuff though. None of my machines have the same host name and there no domain/domain controller to speak of (though I could make one, but I'd rather use dd-wrt that's on my router than the server box). I'm assuming that you use your Samba setup with Windows 7 computers on the network and it's all good (although since security=user still, I imagine you would have dialog boxes popping up on the Windows machines)? One more question, don't the lines go in smb.conf and not in your script (did you make a mistake as to where you put ##end in your comment)? Thanks.

Your absolutely right! I did screw it up.
Thanks for pointing it out.

I guess it's time for me to start working on a
“New and Improved Shamelessly Copy and Pasted Samba Script”

no, it's right, ext3/4 will be ok, as they support POSIX ACLs (more on this).

EDIT: ah, missed this
sorry, if I'm not too curious, which is the point of encrypt it if anybody in your network can mount it?

In case someone decides to walk off with it.

Actually this isn't entirely true, at least not for professional versions of Windows. There is a Group Policy that manages cached passwords and machines on a domain almost always have the domain policy set to never cache credentials.

I always just create the same accounts on all the machines on the network. As long as user1/password1 exists on the windows machines and the Samba server you don't need to provide a password when connecting to the share.

Also, I wouldn't recommend formatting the disks in NTFS on the Samba server because that relies on the NTFS-Fuse drivers instead of the native linux filesystem. I do, however, format an external USB disk to NTFS as I use that for rsync backups and I want my USB backups readable by any PC.

Also, if you are using this SAMBA server to feed a media center (like XBMC) then I highly recommend setting the guest ok = yes setting on your Movies/TV share. If you do this then you don't need to create an account on the samba for the media center and everyone on the network has read access to your videos (without a password). Media centers should never have write access anyways (some of them like to delete watched videos)

1 members found this post helpful.

Just goes to show my lack of experience! Thanks for that as it is something for me to look into.

No problem I just checked my notes and here's what I've got:

Disable password caching:

Group Policy -> Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Local Policies -> Security Options:
Network access: Do not allow storage of credentials or .NET Passports for network authentication

Set to Enabled

This will disable the "remember my password" option from both Internet Explorer and File Shares.

This is the local policy. I can dig around for the domain policy if you'd like?

I never planned on using NTFS for my file server because I know it can cause problems sometimes and isn't native.

I don't plan on passing movies/TV shows through a media server (unless you count a PS3 as a media server). I'm actually looking to do this without creating any accounts for the purpose of Samba shares right now (although this will probably change in the future as I become more familiar with Samba). Ideally, I would like my wife's PS3 to be able to access the share for TV/movies, but (at least in my experience) the PS3 is a real pain to deal with and I hate it, so I won't count it as a loss if it can't read the Samba share.

You're right the PS3 (and X360) are absolutely awful as media players. If you absolutely have to stream to PStriple, then give a go with MediaTomb (http://slackbuilds.org/repository/13...dia/mediatomb/).

It's really such a shame that the XBMC was born from the original XBOX and Microsoft did such a pitiful job copying it. XBMC is an absolute masterpiece though, especially coupled with SickBeard PVR, CouchPotato, and Headphones.... but I digress..

Back to business, to open the server up read-only just take a vanilla Slackware installation (be sure to enable Samba server when the Slackware installer asks you what services to start or just chmod +x /etc/rc.d/rc.samba).

Then edit /etc/smb.conf and add a definition like this:

Ensure no obvious errors occurred:
In windows do: Start > Run > \\IpAddress

And you should see the share. You can't write to it yet. Once you get here, we can walk through creating samba users and mapping them to local Linux users. At this stage you'll also want to enable ACLs so all your users can read, write, and delete all the files (instead of constantly having to chmod or apply suid bits)

Man guys, all this awesome help and I haven't had time to actually do anything yet, it makes me feel bad. I'm going to do my best to get this thing working this weekend.

Just got the very basic server working with Ponce's config advice, thanks to all those who helped! I'm marking the thread as solved, but I'll probably be back looking on how to create a server that's a little more advanced (multiple shares based on users, etc). Thanks a ton guys!

I've written a short (four page) documentation about Samba. This is actually the configuration I use when installing a server for clients (not the machines, but the real people clients). It's taken quite some RTFM and experimenting, but right now it works perfectly. It's in French and it's written for Debian, but the smb.conf is distro-agnostic. I've attached it here, since it's in PDF format. Heavily inspired by AlienBOB and book authors Carla Schroder and Michael Kofler.

Enjoy.

Attached Files

Samba-HOWTO.pdf (116.7 KB, 9 views)

You can also manage stored passwords on windows by doing the following.

Open "run" and enter "control userpasswords2"
That'll bring up a window, hit the advanced tab and choose "Manage Passwords"

You'll be able to manage (edit|add|delete) the user/pass combo for each machine.