Gary Stainburn
2015-Jan-23 14:08 UTC
[Samba] FW: desperate help needed - Samba and security = share
I posted this on the Fedora users list this morning, where it was suggested I post it here. I'm hoping someone will help me. I know that this is an old and probably worn out topic but I need a quick workable solution before the old server dies, which hopefully won't involve me redesigning everything and having to update 120+ client PCs: Many years ago I built a server on Fedora 8 which became my core network server running all the network servers (DNS etc) as well as a host of custom services over inetd, However it's main purpose was to service Samba shares. That server is now failing so I've just spent a week building a new F20 server and converting everything from F8 to F20 - amazing number of changes needed but also an amazing number of things are still the same. Last of the things to move because the old server is still live and serving is SAMBA. This is where I need the help. All of my servers run the same type of setup and it's all based around "security = share". Why is this so universally declared as bad?? I know when I built some F16 servers it said that "security = share" was depreciated but it still let me use it. Now with F20 it just refuses. The problem is that security = share did *exactly* what I wanted and now I can't seem to achieve the same effect any other way. Very simply, I use the [homes] section and have about 10 users defined on the server - service, parts, admin etc. Then for each user PC (approx 120 - 150) I then map a network drive to each service that is required. Many only have one or two but some people such as admin have access to sales, accounts, wages and admin. All very simple and faultless for 8 years. Now, when I try some of the examples found online, client PCs seem to be able to connect to the first share ok but then whenever I try to connect a second share it complains about having to log out of the first share first. Can anyone please help me here. If I can't get it working I'll have to scrap my week's work and install F16 on this box. Fingers crossed
Rowland Penny
2015-Jan-25 10:01 UTC
[Samba] FW: desperate help needed - Samba and security = share
On 23/01/15 14:08, Gary Stainburn wrote:> I posted this on the Fedora users list this morning, where it was suggested I > post it here. I'm hoping someone will help me. I know that this is an old and > probably worn out topic but I need a quick workable solution before the old > server dies, which hopefully won't involve me redesigning everything and > having to update 120+ client PCs: > > Many years ago I built a server on Fedora 8 which became my core network > server running all the network servers (DNS etc) as well as a host of custom > services over inetd, However it's main purpose was to service Samba shares. > > That server is now failing so I've just spent a week building a new F20 server > and converting everything from F8 to F20 - amazing number of changes needed > but also an amazing number of things are still the same. > > Last of the things to move because the old server is still live and serving is > SAMBA. This is where I need the help. > > All of my servers run the same type of setup and it's all based > around "security = share". Why is this so universally declared as bad?? > > I know when I built some F16 servers it said that "security = share" was > depreciated but it still let me use it. Now with F20 it just refuses. > > The problem is that security = share did *exactly* what I wanted and now I > can't seem to achieve the same effect any other way. > > Very simply, I use the [homes] section and have about 10 users defined on the > server - service, parts, admin etc. > > Then for each user PC (approx 120 - 150) I then map a network drive to each > service that is required. Many only have one or two but some people such as > admin have access to sales, accounts, wages and admin. > > All very simple and faultless for 8 years. > > Now, when I try some of the examples found online, client PCs seem to be able > to connect to the first share ok but then whenever I try to connect a second > share it complains about having to log out of the first share first. > > Can anyone please help me here. If I can't get it working I'll have to scrap > my week's work and install F16 on this box. > > Fingers crossedThis was dropped from samba with version 4, there was a discussion on the technical list, see here: https://lists.samba.org/archive/samba-technical/2012-February/081832.html Rowland
Andrew Bartlett
2015-Jan-27 06:43 UTC
[Samba] FW: desperate help needed - Samba and security = share
On Fri, 2015-01-23 at 14:08 +0000, Gary Stainburn wrote:> I posted this on the Fedora users list this morning, where it was suggested I > post it here. I'm hoping someone will help me. I know that this is an old and > probably worn out topic but I need a quick workable solution before the old > server dies, which hopefully won't involve me redesigning everything and > having to update 120+ client PCs: > > Many years ago I built a server on Fedora 8 which became my core network > server running all the network servers (DNS etc) as well as a host of custom > services over inetd, However it's main purpose was to service Samba shares. > > That server is now failing so I've just spent a week building a new F20 server > and converting everything from F8 to F20 - amazing number of changes needed > but also an amazing number of things are still the same. > > Last of the things to move because the old server is still live and serving is > SAMBA. This is where I need the help. > > All of my servers run the same type of setup and it's all based > around "security = share". Why is this so universally declared as bad?? > > I know when I built some F16 servers it said that "security = share" was > depreciated but it still let me use it. Now with F20 it just refuses. > > The problem is that security = share did *exactly* what I wanted and now I > can't seem to achieve the same effect any other way. > > Very simply, I use the [homes] section and have about 10 users defined on the > server - service, parts, admin etc. > > Then for each user PC (approx 120 - 150) I then map a network drive to each > service that is required. Many only have one or two but some people such as > admin have access to sales, accounts, wages and admin. > > All very simple and faultless for 8 years. > > Now, when I try some of the examples found online, client PCs seem to be able > to connect to the first share ok but then whenever I try to connect a second > share it complains about having to log out of the first share first. > > Can anyone please help me here. If I can't get it working I'll have to scrap > my week's work and install F16 on this box.You will need to define your 150 users on your server, give them Samba passwords and give them access to those shares via standard unix groups and group permissions on the share folders, or (less preferred) the valid users entry in smb.conf. I hope this helps, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
Gary Stainburn
2015-Jan-27 09:37 UTC
[Samba] FW: desperate help needed - Samba and security = share
On Tuesday 27 January 2015 06:43:13 Andrew Bartlett wrote:> You will need to define your 150 users on your server, give them Samba > passwords and give them access to those shares via standard unix groups > and group permissions on the share folders, or (less preferred) the > valid users entry in smb.conf. > > I hope this helps, > > Andrew BartlettHi Andrew, That is exactly what I don't want to have to do. The work required initially plus the ongoing maintenance because of the turnover in staff here make that unworkable. I have installed CentOS and now have a version of Samba that still supports security = share I now have my fingers crossed that I can get it working because last time I used CentOS I couldn't get Samba to work properly either which is why I stayed with Fedora.