LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 05-26-2009, 02:40 AM   #1
crash_override_me
Member
 
Registered: Aug 2005
Location: India, New Delhi
Distribution: Debian Etch, Ubuntu
Posts: 342

Rep: Reputation: 30
Configuring samba for multiple users or for everyone on a LAN


Hi,

I am trying to configure samba for anyone of the scenarios in the subject.
here's what my smb.conf looks like:

Code:
workgroup = RnD

[Samba Share]
comment = Samba share on Ubuntu!
path = /srv/sharedfolder
available = yes
valid users = @sambashare
read only = no
browsable = yes
public = yes
writable = yes
guest ok = yes
create mask = 0775
directory mask = 0775
"sambashare" is a group with all allowed users.

The error while trying to connect to the share is:
smbd/service.c:make_connection_snum(1082) Can't become connected user!

Am i missing something?
 
Old 05-26-2009, 06:11 AM   #2
chitambira
Member
 
Registered: Oct 2008
Location: Fife
Distribution: RHEL, Centos
Posts: 373
Blog Entries: 1

Rep: Reputation: 51
need some more info
- is your samba server the DC?
- what domain type are u running (RnD)? (samba, AD)
- How do your users authenticate? (ldap, smbpasswd etc)
- where is the group sambashare created? (win group, or unix group, or ldap group etc)
- your smb.conf(G) (want to check security = ? )
- where are u trying to connect to the share from? (win, smbclient, etc)

[i know this is obvious and even stupid for me to ask, but just to make sure, Do you have any samba users created?? # smbpasswd -a user, or otherwise ]

Last edited by chitambira; 05-26-2009 at 06:30 AM.
 
Old 05-27-2009, 12:06 AM   #3
crash_override_me
Member
 
Registered: Aug 2005
Location: India, New Delhi
Distribution: Debian Etch, Ubuntu
Posts: 342

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by chitambira View Post
need some more info
- is your samba server the DC?
- what domain type are u running (RnD)? (samba, AD)
- How do your users authenticate? (ldap, smbpasswd etc)
- where is the group sambashare created? (win group, or unix group, or ldap group etc)
- your smb.conf(G) (want to check security = ? )
- where are u trying to connect to the share from? (win, smbclient, etc)

[i know this is obvious and even stupid for me to ask, but just to make sure, Do you have any samba users created?? # smbpasswd -a user, or otherwise ]
i think mine is a standalone server. the group "sambashare" is created on the server itself. The users authenticate using their unix passwords. i have assigned sambashare as a secondary grp to all such users.

right, smb.conf has security = user
the clients are also linux machines, so smbclients.
 
Old 05-27-2009, 12:22 AM   #4
billymayday
LQ Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
Did you great samba users? Samba maintains its own user database and does not use system users. If your unix users are in ldap or similar, you can use that to authenticate.
 
Old 05-28-2009, 12:19 AM   #5
crash_override_me
Member
 
Registered: Aug 2005
Location: India, New Delhi
Distribution: Debian Etch, Ubuntu
Posts: 342

Original Poster
Rep: Reputation: 30
i have created a samba user with smbpasswd. i followed 1 of the configurations for a standalone server with rw access to share for everyone, and it is working perfectly.

Is there a way i can restrict this access to my local lan only?
 
Old 05-28-2009, 12:27 AM   #6
billymayday
LQ Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
You can either use your firewall (you should keep external requests blocked anyway), but you can force samba to only listen on a certain interface by using the interfaces paramter AND bind interfaces only = yes
 
Old 05-28-2009, 06:04 AM   #7
chitambira
Member
 
Registered: Oct 2008
Location: Fife
Distribution: RHEL, Centos
Posts: 373
Blog Entries: 1

Rep: Reputation: 51
Quote:
i have created a samba user with smbpasswd. i followed 1 of the configurations for a standalone server with rw access to share for everyone, and it is working perfectly.
So you had not answered my previous question below!
Quote:
[i know this is obvious and even stupid for me to ask, but just to make sure, Do you have any samba users created?? # smbpasswd -a user, or otherwise ]
Quote:
Is there a way i can restrict this access to my local lan only?
You can restrict access to a share from within samba by
- username and password (create all samba users and they logon with their password, use valid users =)
- groups (use gruops to restrict access to a samba share, use valid users =)
- hosts (selectively allow particular machines to access ALL samba services/shares, use hosts allow = 192.168.1.0/255.255.255.0 in smb.conf(G) )
Else you can control access by other networking based technologies like network ACLs.
 
Old 05-29-2009, 01:10 AM   #8
crash_override_me
Member
 
Registered: Aug 2005
Location: India, New Delhi
Distribution: Debian Etch, Ubuntu
Posts: 342

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by chitambira View Post
So you had not answered my previous question below!



You can restrict access to a share from within samba by
- username and password (create all samba users and they logon with their password, use valid users =)
- groups (use gruops to restrict access to a samba share, use valid users =)
- hosts (selectively allow particular machines to access ALL samba services/shares, use hosts allow = 192.168.1.0/255.255.255.0 in smb.conf(G) )
Else you can control access by other networking based technologies like network ACLs.
In case of per user access, security = users, right?
I have a group called sambashare which i have assigned to desired users.
do i also need to change the group of the shared folder to this one?
 
Old 05-29-2009, 01:13 AM   #9
crash_override_me
Member
 
Registered: Aug 2005
Location: India, New Delhi
Distribution: Debian Etch, Ubuntu
Posts: 342

Original Poster
Rep: Reputation: 30
this is what $testparm shows me right now:
Code:
[global]
workgroup = RND
security = SHARE
usershare allow guests = Yes

[Samba Share]
comment = Samba share on Ubuntu!
path = /home/sahildave/sharedfolder
force user = sahildave
force group = sambashare
read only = No
guest ok = Yes
 
Old 05-29-2009, 04:18 AM   #10
chitambira
Member
 
Registered: Oct 2008
Location: Fife
Distribution: RHEL, Centos
Posts: 373
Blog Entries: 1

Rep: Reputation: 51
[Samba Share]
comment = Samba share on Ubuntu!
path = /home/sahildave/sharedfolder
valid users = sahildave, @sambashare
read only = No
guest ok = Yes
 
Old 05-29-2009, 07:15 AM   #11
crash_override_me
Member
 
Registered: Aug 2005
Location: India, New Delhi
Distribution: Debian Etch, Ubuntu
Posts: 342

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by chitambira View Post
[Samba Share]
comment = Samba share on Ubuntu!
path = /home/sahildave/sharedfolder
valid users = sahildave, @sambashare
read only = No
guest ok = Yes
What about the security = Share setting. Will it stay the same?
 
Old 05-29-2009, 07:57 AM   #12
chitambira
Member
 
Registered: Oct 2008
Location: Fife
Distribution: RHEL, Centos
Posts: 373
Blog Entries: 1

Rep: Reputation: 51
If your PCs use usernames that are the same as their usernames on the UNIX machine then you will want to use security = user, But if you have samba users, with no corresponding unix users (i.e if they are not doamin users) then you probably need security = share. it all depend on your overal infrastructure. Do you have a DC with users authenticating against a central domain? Are you synchronising your samba users to their unix accounts? In both answers are yes, then you probably need security = domain.
Try to read and understand this manual:
http://us3.samba.org/samba/docs/man/....html#SECURITY
 
Old 06-10-2009, 06:14 AM   #13
crash_override_me
Member
 
Registered: Aug 2005
Location: India, New Delhi
Distribution: Debian Etch, Ubuntu
Posts: 342

Original Poster
Rep: Reputation: 30
Exclamation Share Level Security

Hi,

I need share level security in samba. I need to share 2 folders, 1 with guest access and the other with only authenticated access?

Is this scenario possible?

Here's my current smb.conf

Code:
[global]
	workgroup = WINGARDIUM
	netbios name = HARRY
	security = SHARE
	map to guest = Bad User
	obey pam restrictions = Yes
	passdb backend = tdbsam
	pam password change = Yes
	passwd program = /usr/bin/passwd %u
	passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
	unix password sync = Yes
	syslog = 0
	log file = /var/log/samba/log.%m
	max log size = 1000
	usershare allow guests = Yes
	panic action = /usr/share/samba/panic-action %d

[printers]
	comment = All Printers
	path = /var/spool/samba
	create mask = 0700
	printable = Yes
	browseable = No

[print$]
	comment = Printer Drivers
	path = /var/lib/samba/printers

[generic_data]
	comment = generic data
	path = /srv/generic_data
	guest ok = Yes

[secure_data]
	comment = confidential data
	path = /home/sahildave/sharedfolder
	force user = sahildave
	force group = sahildave
	read only = No
	guest ok = Yes
Can someone help me on this?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Problem accessing Samba shares simultaneously by multiple users SKYNAT Linux - Newbie 2 01-29-2008 05:25 AM
Multiple Autologins; Multiple Users; Multiple Sessions mrclisdue Linux - Desktop 1 09-26-2007 05:50 AM
how do I configure samba share for all LAN users? keratos Mandriva 4 06-19-2007 02:15 PM
Thunderbird:- configuring multiple users micker Linux - Software 3 11-13-2006 03:50 PM
how to authenticate external users but bypass prompt on local LAN users? taiwf Linux - Security 5 07-13-2005 09:01 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 04:24 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration