I'm setting up a Samba server on Ubuntu 9.04 Server Edition.
What I'm trying to do is have a share that is readable by everyone, and writable by a select few.
I am able to login from my computer using smbclient //server/security -U brad,
but I am unable to connect using [Places->Connect to Server...] with a username and password.
One thought I came up with is that I'm using lower case letters in the password.
This is a portion of the /etc/samba/smb.conf file that was generated by swat.
/etch/samba/smbd.conf
[global] preferred master = Yes domain master = Yes wins support = Yes security = SHARE usershare allow guests = Yes guest ok = Yes null passwords = Yes guest account = samba map to guest = Bad User unix password sync = Yes lanman auth = Yes client plaintext auth = Yes lanman auth = Yes client NTLMv2 auth = Yes client lanman auth = Yes client plaintext auth = Yes [Security] comment = Security and Antivirus software path = /share/security write list = brad inherit permissions = Yes inherit owner = Yes hide special files = Yes hide unreadable = Yes
/var/log/samba/log.192.168.0.5
# smbclient //server/security -U brad [2009/05/04 09:45:31, 1] smbd/service.c:make_connection_snum(1111) 192.168.0.5 (192.168.0.5) connect to service Security initially as user brad (uid=1000, gid=1000) (pid 3129) [2009/05/04 09:48:49, 1] smbd/service.c:close_cnum(1323) 192.168.0.5 (192.168.0.5) closed connection to service Security # smbclient //server/security -U brad [2009/05/04 09:48:53, 1] smbd/service.c:make_connection_snum(1111) 192.168.0.5 (192.168.0.5) connect to service Security initially as user brad (uid=1000, gid=1000) (pid 3177) [2009/05/04 09:48:58, 1] smbd/service.c:close_cnum(1323) 192.168.0.5 (192.168.0.5) closed connection to service Security # smbclient //server/security -U brad # giving null password at prompt [2009/05/04 09:49:45, 1] smbd/service.c:make_connection_snum(1111) 192.168.0.5 (192.168.0.5) connect to service Security initially as user samba (uid=1024, gid=1024) (pid 3189) [2009/05/04 09:49:51, 1] smbd/service.c:close_cnum(1323) 192.168.0.5 (192.168.0.5) closed connection to service Security # connect with [Places->Connect to Server...] # with username and password # # # connect with [Places->Connect to Server...] # without username [2009/05/04 09:50:29, 1] smbd/service.c:make_connection_snum(1111) 192.168.0.5 (192.168.0.5) connect to service Security initially as user samba (uid=1024, gid=1024) (pid 3310)
When I log in using smbclient //server/security -U brad, I can delete a file I put there by other means.
All files and folders are currently owned by the username samba, but I am willing to change the owner if it would help.
I would really prefer to keep it under share mode security.
This is what I ended up doing:
[Security]
comment = Security & Antivirus software
path = /share/security
readonly = Yes
[Security$]
comment = Security & Antivirus software +rw
path = /share/security
browsable = No
administrative share = Yes
-
The best way to debug this is check /var/log/messages or similar to see what auth errors Samba is generating. If you can post that this is going to be easier.
You can tail -f /var/log/messages and also check /var/log/samba/*
Post your results when you try to connect. You're most likely interested in smbd and nmbd errors, so you can grep for those.
From MartÃn Marconcini -
I think that you need to re-examine whether share-mode security is what you actually need for this problem. Share mode security means that a password is used to authenticate to a share, not a username/password combination.
If you want to allow multiple users (logging in as themselves) access to modify the files then you need to use user level security.
If you want to allow anybody that knows the magic password to see the share, then share mode security is right for you.
See the Samba Documentation for more information on share level security.
Brad Gilbert : I only want to make it so that the computer that is logging on will not have write access, without some interaction with the user.Brad Gilbert : ... and only for this share. Most, if not all, other shares will have r/w access enabled.MikeyB : It's unclear what is not working... If you connect to the share without authenticating can you read or write files to the share?From MikeyB
0 comments:
Post a Comment