[SOLVED] Samba shares - 1 with no password, 1 with a password, help me set it up
Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Samba shares - 1 with no password, 1 with a password, help me set it up
Hello, I know this has been done a million times as I have read a ton of examples online on how to do this, but I just can't get my configuration working for the life of me.
I want to have two samba shares. One that is world writeable, no password required and free for everyone. The second would require a password, or better yet, automatically get me in when i am logged in my other linux box as the correct user with the same password.
Here is my current smb.conf file:
Code:
[global]
workgroup = workgroup
server string = %h server
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
usershare allow guests = yes
security = share
guest ok = yes
guest account = xmrkite
; encrypt passwords = yes
; smb passwd file = /etc/samba/smbpasswd
#======================= Share Definitions =======================
[Shares]
comment = Server Shares
path = /media/store/shares
writeable = yes
guest ok = yes
[Store]
comment = Server Store
path = /media/store/admin
; guest ok = no
valid users = xmrkite
writeable = yes
[printers]
comment = All Printers
; browseable = yes
path = /var/spool/samba
printable = yes
guest ok = yes
; read only = yes
create mask = 0700
Before you invest too much time in setting up a Samba server using the "share" security mode, you should know that this mode is deprecated and support for it has been removed from all recent versions of Samba.
"security = share" relies on functionality that hasn't existed in any Windows product for quite some time. The last version to support share passwords was Windows ME, released some 13 years ago. Also, it requires the client to support ancient and insecure authentication protocols, so even if you use a Samba version supporting "security = share", you should not expect this to work with recent Windows clients like Windows 7 or Windows 8.
[Shares]
comment = Server Shares
path = /media/store/shares
writeable = yes
guest ok = yes
; browseable = yes
[Store]
comment = Server Store
path = /media/store/admin
; guest ok = no
valid users = xmrkite
writeable = yes
[printers]
comment = All Printers
; browseable = yes
path = /var/spool/samba
printable = yes
guest ok = yes
; read only = yes
create mask = 0700
Now it asks for a user and password when I try to browse to the server. You can't even see any shares unless you put in the password. When I do the xmrkite user/pass, it lets me in but won't go into the "server store" share. What in the world did I do wrong?
-Thanks
The "map to guest" parameter is wrong. I'm a bit surprised Samba even started.
"map to guest" takes one of the following parameters: never (no guest access), bad user (non-existent users get mapped to the guest account), bad password (logging in with a bad password results in guest access), or bad uid (not valid in "security = user" scenarios).
You need "map to guest = bad user". The name of the guest account is specified with the "guest account" parameter.
When you connect to a Samba share, Windows will attempt to access the share using the credentials of the logged-in user. Samba will verify the credentials and, provided they match a locally defined user and password, use those credentials to access the shared directory.
For this to succeed, the following must be true:
- the name of the locally logged-in Windows user must match a user account on the Linux system running Samba
- the password hash for that user must be stored using a Windows-compatible hash algorithm (see man smbpasswd)
- the user account must have the necessary permissions to access the share and the underlying directory
(You may want to consider creating a domain, as it solves all password-related problems and adds a lot of useful functionality.)
I understand, but I do a lot of windows virus removals and other repairs. I need to have a share that doesn't ask for a password. Right now, that works with my above-posted smb.conf file.
The samba share that needs to be password protected is only going to be accessed by my linux computers. I use the same user and pass on those linux computers and that user is already created on the samba server with the same password. So technically I've already done that. I'd like to avoid a domain if possible as I really don't need any of the functionality.
The folders for the share that is password protected are owned by the same user trying to connect. Is this just not possible without a domain? I was hoping that linux would pass the credentials when trying to access the share just like a windows setup would.
The folders for the share that is password protected are owned by the same user trying to connect. Is this just not possible without a domain? I was hoping that linux would pass the credentials when trying to access the share just like a windows setup would.
It is possible, but you need to add a Windows-compatible password hash with the smbpasswd command.
SMB authentication and Linux user authentication use different hash algorithms. Even though a user with the same username and password is defined on both the Linux client and the Samba server, SMB authentication will not work unless the Samba server has access to a Windows-compatible hash of the password. Samba has its own database for these hashes, and you add/modify entries with the smbpasswd command.
Ok, so how do I do that then? I used the command smbpasswd -a xmrkite and typed in the password. Still getting the same issue. Even when I open up the network share from the same computer that is doing the sharing.
And you've added xmrkite (or a group where xmrkite is a member) as a valid user on the share, and also set the appropriate permissions on the underlying file system?
yes, he is the owner of the folders being shared and is the main lubuntu installed user with sudo permissions on the computer doing the sharing and on the kubuntu computer trying to access it.
[Shares]
comment = Server Shares
path = /media/store/shares
writeable = yes
guest ok = yes
[Store]
comment = Server Store
path = /media/store/admin
guest ok = no
valid users = xmrkite
admin users = xmrkite
writeable = yes
[printers]
comment = All Printers
browseable = yes
path = /var/spool/samba
printable = yes
guest ok = yes
read only = yes
create mask = 0700
And the key was the smbusers file too which now reads:
xmrkite = xmrkite
store = store
nobody = guest
Now, in windows, if I have a user and pass that match xmrkite's on the samba server, no password is required when accessing the share. Dolphin in linux still asks a password but it works and I can select remember password, so that's not an issue. If you log into windows with a different user than xmrkite, then you will get a user/pass popup should you try to open that share. The other share just let's you in. This is exactly what I want!! Also, my printers are shared with all users, no password required.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.