Samba login problem

sparkix · 04-11-2020, 08:26 AM

I have an Ubuntu server 16.04 running samba which other people log into with multiple pcs (windows and Mac). What I'm trying to do is have it log me in with the user lan-admin from my PCs but everyone else is treated as a guest and mapped to the user lan-users even if they don't enter a password (we all share the same group lan-data). Here is my config file:

Code:

[global]
unix extensions = no
follow symlinks = yes
wide links = yes
passdb backend = tdbsam
obey pam restrictions = yes
unix password sync = yes
pam password change = yes
map to guest = bad user


[Shared]
  server string = Data Repository
  comment = File Server
  path = /data/netshare
;  force user = lan-users
  force group = lan-data
  read only = no
  create mask = 0644
  directory mask = 0755
  guest only = no
  guest ok = yes
  guest account = lan-users
  unix extensions = no
  nt acl support = no
  follow symlinks = yes
  wide links = yes
  veto files = /.DS_Store/.TemporaryItems/.Trashes/._*/Thumbs.db/.com.apple.timemachine.supported/
  delete veto files = yes

What I want is for files the "lan-admin" account adds have the owner lan-admin:lan-data while everyone else would have the owner lan-users:lan-data. That way, files I add can't be modified but they can be read.

ferrari · 04-11-2020, 06:59 PM

Consider using

Code:

write list = lan-admin
read list = lan-users

A simple guide...
https://www.cyberciti.biz/tips/how-d...ba-shares.html

sparkix · 04-26-2020, 12:19 PM

It turns out part of the problem was that the system was not accepting the new settings even though I was restarting the samba server. It worked after a day. I don't know if it was the Linux server or the Windows clients not updating their credentials immediately.

Anyway, it is working now. I can add files and folders using the "lan-admin" account and anyone with the "lan-users" account cannot change them. However, "lan-users" are able to add their own files which I can promote to untouchable by changing their ownership to mine.

I still have to check that anyone logging in as guest assumes the "lan-users" credentials.

ferrari · 04-26-2020, 04:23 PM

Thanks for the update.

sparkix · 04-28-2020, 09:36 AM

It's working they way I intended now. Here are the settings:

smbusers

Code:

# Unix_name = SMB_name1 SMB_name2 ...
lan-admin = lan-admin admin
lan-users = lan-users guest

smb.conf

Code:

[global]
unix extensions = no
follow symlinks = yes
wide links = yes
guest account = lan-users
username map = /etc/samba/smbusers

[share profile]
  comment = File Server
  path = /data/netshare
;  force user = lan-users <-- this is commented out and used to make everyone that logs on the same user
  force group = lan-data
  read only = no
  create mask = 0644
  directory mask = 0755
  guest only = no
  guest ok = yes
  nt acl support = no
  follow symlinks = yes
  wide links = yes
  veto files = /.DS_Store/.TemporaryItems/.Trashes/._*/Thumbs.db/.com.apple.timemachine.supported/
  delete veto files = yes

Works great now. Checked everything with testparm command.

sparkix · 04-28-2020, 09:38 AM

Quote:

Originally Posted by ferrari

Consider using

Code:

write list = lan-admin
read list = lan-users

A simple guide...
https://www.cyberciti.biz/tips/how-d...ba-shares.html

The reason I didn't use these settings is because I do want the lan-users to be able to write to some folders (depending on the folder permission) but have other areas that are read-only to guests. But I want the lan-admin to have full access to everything.