LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 08-05-2008, 11:43 AM   #1
carlmarshall
Member
 
Registered: Jan 2004
Location: North Yorkshire, UK
Distribution: Centos 5
Posts: 133

Rep: Reputation: 16
Samba guest share with valid user


Hi,

I have a Samba server which has guest shares and valid user shares and it's working just fine. However if a valid user changes their local password they can get no access to either the valid user areas or to the guest shares.

Does anyone know of a way of allowing such users to access the guest shares only until they correct their password rather than being locked out of everything?

Carl.
 
Old 08-06-2008, 05:49 AM   #2
flandou
LQ Newbie
 
Registered: Jul 2008
Distribution: Gentoo / Debian
Posts: 16

Rep: Reputation: 0
Hi,

Depending on your samba setup it is possible that users don't login with there local account, but with an samba account. The password of this account can be changed with smbpasswd.

If this is the case, you can write a simple wrapperscript to change both passwords at the same time.

greetz,

Henry
 
Old 08-06-2008, 06:41 AM   #3
carlmarshall
Member
 
Registered: Jan 2004
Location: North Yorkshire, UK
Distribution: Centos 5
Posts: 133

Original Poster
Rep: Reputation: 16
Cheers for that Henry,

Trouble is, they already have smbpasswd accounts as well as shell accounts which is done via a script when the account is created. If they didn't, then they would have no problem accessing the guest shares.

The problem is that most of the users have an smbpasswd account, but we need to give access to occasional users who sometimes have the same login name as regular users. e.g.:

Regular user John Smith has a shell account and an smbpasswd account using a username of "john" and a password of "secret1". He uses these to log onto his desktop system.

John Smith therefore has access to the restricted area and to the guest area as well as the shared printers.

Occasional use James Jones has no shell or smbpasswd account even though he logs on to his laptop with username "james" and a password of "secret2".

James Jones therefore cannot access the restricted areas, but he does have access to the shared areas and the shared printers.

Occasional user John Black has no shell account or smbpasswd account and logs onto his laptop with a username of "john" and a password of "secret3".

The problem is that John Black has no access to the restricted area or to the guest area, or to the shared printers. Everytime he tries to access the guest area or printers, he is asked for a username and password because Samba is expecting the username of "john" to be an smbpasswd account and not a guest account.

I'm trying to find out if there is a way of disabling the request for a password when these users access the guest areas or printers even though they share the same username (but not password).

Carl.
 
Old 08-06-2008, 06:55 AM   #4
flandou
LQ Newbie
 
Registered: Jul 2008
Distribution: Gentoo / Debian
Posts: 16

Rep: Reputation: 0
Hi Carl,

I see your problem is a more complicated then i thought. As far as I know it isn't possible to have two users with the same username be treated different by samba, maybe this can be done with pam (which I never used).

One thing i was just wondering about: Are you're guest shares really public or only visible to authenticated users and shared among them? I mean, is the third user 'John Black' only allowed access to the guest shares when he is authenticated as 'john' with password 'secret3'?

Henry
 
Old 08-06-2008, 07:49 AM   #5
carlmarshall
Member
 
Registered: Jan 2004
Location: North Yorkshire, UK
Distribution: Centos 5
Posts: 133

Original Poster
Rep: Reputation: 16
Hi Henry,

I don't think that using pam or any other authentication variant would change the situation as it's Samba which is determining if a user is a guest or not.

Re:

Quote:
Originally Posted by flandou View Post

One thing i was just wondering about: Are you're guest shares really public or only visible to authenticated users and shared among them? I mean, is the third user 'John Black' only allowed access to the guest shares when he is authenticated as 'john' with password 'secret3'?

Henry
Yes, the guest shares are just that and are public to anyone on the network. Someone with an unknown username (as far as smbpasswd or the shell are concerned) and any password (even blank) can access the public shares and the public printers.

If I delete the user John Smith (username "john" password "secret1"), then both John Smith and John Black (username "john" password "secret3") can access all the public shares and printers.

However when I reinstate user John Smith with the above details, he can access all areas but John Black can't access anywhere.

Carl.
 
Old 08-06-2008, 08:41 AM   #6
flandou
LQ Newbie
 
Registered: Jul 2008
Distribution: Gentoo / Debian
Posts: 16

Rep: Reputation: 0
Hi,

So if i got the question right now, it is an matter of creating the possibility to access public shares without logging in?

If that is the case; it can be done when having password-protected shares as well The following config should give an idea how to:

[global]
workgroup = WHATEVAH
encrypt passwords = yes
wins support = yes
log level = 1
max log size = 1000
read only = no
security = share

[homes]
browsable = no
map archive = yes
public = no

[test]
public = yes
browsable = yes
read only = yes
path = /something

The browsable directive should make sure that when someone enters \\hostname he or she sees the test share.
 
Old 08-07-2008, 03:42 AM   #7
carlmarshall
Member
 
Registered: Jan 2004
Location: North Yorkshire, UK
Distribution: Centos 5
Posts: 133

Original Poster
Rep: Reputation: 16
Henry,

Here's my smb.conf:

[global]
workgroup = WORKGROUP
server string = Linux Server
netbios name = WGSERVER
wins support = yes
map to guest = Bad User
log file = /var/log/samba/%m.log
max log size = 50
max xmit = 65535
deadtime = 3
stat cache = no
dns proxy = no
usershare allow guests = yes
read only = no
max connections = 30
delete readonly = yes
printing = cups
printcap = cups
cups options = raw
load printers = yes
printer admin = @admins
security = USER
guest only = yes
smb ports = 139
[printers]
comment = All Printers
path = /var/spool/samba
public = yes
guest ok = yes
printable = yes
browseable = no
writable = no
[print$]
comment = Printer Driver Download Area
path = /home/drivers
browseable = yes
guest ok = yes
read only = yes
write list = @admins
[private]
comment = private share for admins
path = /home/shares/private
guest ok = no
valid users = @admins
[public]
comment = accessible by all
path = /home/shares/public
browsable = yes
admin users = nobody
guest ok = yes

However this doesn't get me round the problem. John Black can see the server in Network Neighborhood but can't open it to get to browse the folders as it asks him for a username and password.

Carl.
 
Old 08-07-2008, 05:17 AM   #8
flandou
LQ Newbie
 
Registered: Jul 2008
Distribution: Gentoo / Debian
Posts: 16

Rep: Reputation: 0
Hi Carl,

Can you try to change 'security=user' to 'security=share'? Usersecurity forces an valid login, even for public shares. If you use security=share however the shares should becom visible. The password protected shares still require an password then

gr,

Henry
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
mount samba share as guest user twac Linux - Software 3 06-05-2007 01:55 PM
Cannot write to samba share with XP guest under VMware Workstation 6 (Feisty host) galileux Linux - Software 2 05-17-2007 04:22 PM
No real guest access to samba share possible cumbersome Linux - Software 1 06-23-2006 03:49 PM
Konqueror and Samba Guest User tvynr Linux - Software 0 04-07-2006 11:17 PM
Samba to share between host and guest in VMware cncrazu Linux - Software 0 06-11-2004 10:02 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 05:42 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration