[TCLUG] Samba config question

[Ben Lutgens]

On Tue, Jun 11, 2002 at 09:31:05AM -0500, jeffr at odeon.net wrote:
>
>Heya folks, I've got a couple of Samba questions.
>
>My goal is to make my samba server at home give authenticated users their
>home directory as a share and anyone else on the private lan access to the
>/share partition on my fileserver.
>
>I've got to support a mix of Win95, 98, Me, and 2000 clients (LAN parties
>are fun, most of us have migrated to Win2k for games, but a couple of
>people that attend are still running Win95).  From what I've read this
>means that I've got to support users sending both encrypted passwords and
>unencrypted passwords.  Thankfully, the only users that actually have a
>home directory that needs to be available as a share are using Win2k and
>as a result encrypted passwords.
>
>>From reading O'Reilly's Using Samba book, I was under the impression that
>the 'default service = share' line under [global] meant that anyone that
>failed to authenticate would default to the [share] section.  Ideally, the
>/share volume wouldn't require any authentication to connect to, and it
>would be visable via the Network Neighborhood in Windows.
>
>Currently, if a valid user tries to connect they get their home directory
>and they can mount the /share volume.  Anyone that tries to access the
>fileserver without authenticating or authenticating improperly (bad
>username/password) isn't getting anything.

You need to set a guest account. Something like nobody (needs to exist on
system) in globals and set map_to_guest option there as well

guest account = nobody
map to guest = bad user

http://www.samba.org/samba/docs/man/smb.conf.5.html#MAPTOGUES
http://www.samba.org/samba/docs/man/smb.conf.5.html#GUESTACCOUNT

for more info. Hope this helps! 

Personally i try to avoid stuff like this. I do not allow ANY
unauthenticated users access to anything ever! I have alot of "valid users
= @marketing" type stuff in my smb.conf.

Samba rocks.


>
>
>
>-------------- Begin included text --------------
>
># Samba config file * 6-10-02 * Jeff Robertson
>
>[global]
>  netbios name = NAGA
>  server string = Samba %v on (%L)
>  workgroup = WORKGROUP
>  security = user
>  encrypt passwords = yes
>  smb passwd file = /etc/samba/smbpasswd
>  default service = share
>  browseable = no
>
>  # Printing specific section - to be debugged later
>#  printing = BSD
>#  print command = /usr/bin/lpr -r -P&p %s
>#  printcap file = /etc/printcap
>#  min print space = 2000
>
>  # Browsing election options (makes the Samba server the local master browser)
>  os level = 34
>  local master = yes
>
>  # Recommended performance tuning options from O'Reilly Using Samba
>  socket options = TCP_NODELAY IPTOS_LOWDELAY
>  read raw = yes
>  write raw = yes
>  oplocks = yes
>  max xmit = 65535
>  keep alive = 60
>  dead time = 30
>  getwd cache = yes
>  lpq cache = 30
>
>[share]
>  path = /share
>  comment = "Global Share"
>  browseable = yes
>  guest ok = yes
>  guest only = yes
>  writeable = yes
>  veto files = /.journal/
>  delete veto files = no
>  follow symlinks = yes
>  wide links = no
>

-- 
Ben Lutgens				 | http://people.sistina.com/~blutgens/	
System Administrator	 | http://www.sistina.com/
Sistina Software Inc. | 

"I got a wife and kids too but you don't see me out here stealing Imperial
Droids now do ya?"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20020611/7971af45/attachment.pgp