Linux - Server This forum is for the discussion of Linux Software used in a server related context. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
08-05-2008, 11:43 AM
|
#1
|
Member
Registered: Jan 2004
Location: North Yorkshire, UK
Distribution: Centos 5
Posts: 133
Rep:
|
Samba guest share with valid user
Hi,
I have a Samba server which has guest shares and valid user shares and it's working just fine. However if a valid user changes their local password they can get no access to either the valid user areas or to the guest shares.
Does anyone know of a way of allowing such users to access the guest shares only until they correct their password rather than being locked out of everything?
Carl.
|
|
|
08-06-2008, 05:49 AM
|
#2
|
LQ Newbie
Registered: Jul 2008
Distribution: Gentoo / Debian
Posts: 16
Rep:
|
Hi,
Depending on your samba setup it is possible that users don't login with there local account, but with an samba account. The password of this account can be changed with smbpasswd.
If this is the case, you can write a simple wrapperscript to change both passwords at the same time.
greetz,
Henry
|
|
|
08-06-2008, 06:41 AM
|
#3
|
Member
Registered: Jan 2004
Location: North Yorkshire, UK
Distribution: Centos 5
Posts: 133
Original Poster
Rep:
|
Cheers for that Henry,
Trouble is, they already have smbpasswd accounts as well as shell accounts which is done via a script when the account is created. If they didn't, then they would have no problem accessing the guest shares.
The problem is that most of the users have an smbpasswd account, but we need to give access to occasional users who sometimes have the same login name as regular users. e.g.:
Regular user John Smith has a shell account and an smbpasswd account using a username of "john" and a password of "secret1". He uses these to log onto his desktop system.
John Smith therefore has access to the restricted area and to the guest area as well as the shared printers.
Occasional use James Jones has no shell or smbpasswd account even though he logs on to his laptop with username "james" and a password of "secret2".
James Jones therefore cannot access the restricted areas, but he does have access to the shared areas and the shared printers.
Occasional user John Black has no shell account or smbpasswd account and logs onto his laptop with a username of "john" and a password of "secret3".
The problem is that John Black has no access to the restricted area or to the guest area, or to the shared printers. Everytime he tries to access the guest area or printers, he is asked for a username and password because Samba is expecting the username of "john" to be an smbpasswd account and not a guest account.
I'm trying to find out if there is a way of disabling the request for a password when these users access the guest areas or printers even though they share the same username (but not password).
Carl.
|
|
|
08-06-2008, 06:55 AM
|
#4
|
LQ Newbie
Registered: Jul 2008
Distribution: Gentoo / Debian
Posts: 16
Rep:
|
Hi Carl,
I see your problem is a more complicated then i thought. As far as I know it isn't possible to have two users with the same username be treated different by samba, maybe this can be done with pam (which I never used).
One thing i was just wondering about: Are you're guest shares really public or only visible to authenticated users and shared among them? I mean, is the third user 'John Black' only allowed access to the guest shares when he is authenticated as 'john' with password 'secret3'?
Henry
|
|
|
08-06-2008, 07:49 AM
|
#5
|
Member
Registered: Jan 2004
Location: North Yorkshire, UK
Distribution: Centos 5
Posts: 133
Original Poster
Rep:
|
Hi Henry,
I don't think that using pam or any other authentication variant would change the situation as it's Samba which is determining if a user is a guest or not.
Re:
Quote:
Originally Posted by flandou
One thing i was just wondering about: Are you're guest shares really public or only visible to authenticated users and shared among them? I mean, is the third user 'John Black' only allowed access to the guest shares when he is authenticated as 'john' with password 'secret3'?
Henry
|
Yes, the guest shares are just that and are public to anyone on the network. Someone with an unknown username (as far as smbpasswd or the shell are concerned) and any password (even blank) can access the public shares and the public printers.
If I delete the user John Smith (username "john" password "secret1"), then both John Smith and John Black (username "john" password "secret3") can access all the public shares and printers.
However when I reinstate user John Smith with the above details, he can access all areas but John Black can't access anywhere.
Carl.
|
|
|
08-06-2008, 08:41 AM
|
#6
|
LQ Newbie
Registered: Jul 2008
Distribution: Gentoo / Debian
Posts: 16
Rep:
|
Hi,
So if i got the question right now, it is an matter of creating the possibility to access public shares without logging in?
If that is the case; it can be done when having password-protected shares as well The following config should give an idea how to:
[global]
workgroup = WHATEVAH
encrypt passwords = yes
wins support = yes
log level = 1
max log size = 1000
read only = no
security = share
[homes]
browsable = no
map archive = yes
public = no
[test]
public = yes
browsable = yes
read only = yes
path = /something
The browsable directive should make sure that when someone enters \\hostname he or she sees the test share.
|
|
|
08-07-2008, 03:42 AM
|
#7
|
Member
Registered: Jan 2004
Location: North Yorkshire, UK
Distribution: Centos 5
Posts: 133
Original Poster
Rep:
|
Henry,
Here's my smb.conf:
[global]
workgroup = WORKGROUP
server string = Linux Server
netbios name = WGSERVER
wins support = yes
map to guest = Bad User
log file = /var/log/samba/%m.log
max log size = 50
max xmit = 65535
deadtime = 3
stat cache = no
dns proxy = no
usershare allow guests = yes
read only = no
max connections = 30
delete readonly = yes
printing = cups
printcap = cups
cups options = raw
load printers = yes
printer admin = @admins
security = USER
guest only = yes
smb ports = 139
[printers]
comment = All Printers
path = /var/spool/samba
public = yes
guest ok = yes
printable = yes
browseable = no
writable = no
[print$]
comment = Printer Driver Download Area
path = /home/drivers
browseable = yes
guest ok = yes
read only = yes
write list = @admins
[private]
comment = private share for admins
path = /home/shares/private
guest ok = no
valid users = @admins
[public]
comment = accessible by all
path = /home/shares/public
browsable = yes
admin users = nobody
guest ok = yes
However this doesn't get me round the problem. John Black can see the server in Network Neighborhood but can't open it to get to browse the folders as it asks him for a username and password.
Carl.
|
|
|
08-07-2008, 05:17 AM
|
#8
|
LQ Newbie
Registered: Jul 2008
Distribution: Gentoo / Debian
Posts: 16
Rep:
|
Hi Carl,
Can you try to change 'security=user' to 'security=share'? Usersecurity forces an valid login, even for public shares. If you use security=share however the shares should becom visible. The password protected shares still require an password then
gr,
Henry
|
|
|
All times are GMT -5. The time now is 05:42 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|