I previously had an older version of Samba installed with the following
smb.conf:
; Make sure and restart the server after making changes to this file, ex:
; /etc/rc.d/init.d/smb stop
; /etc/rc.d/init.d/smb start
[global]
; Uncomment this if you want a guest account
guest account = nobody
log file = /var/log/samba-log.%m
lock directory = /var/lock/samba
share modes = yes
workgroup = ACMELABS
security = share
[homes]
comment = Home Directories
browseable = no
read only = no
create mode = 0750
[public]
comment = Temporary file space
path = /public
read only = no
public = yes
; Make sure and restart the server after making changes to this file, ex:
; /etc/rc.d/init.d/smb stop
; /etc/rc.d/init.d/smb start
[global]
; Uncomment this if you want a guest account
guest account = nobody
log file = /var/log/samba-log.%m
lock directory = /var/lock/samba
share modes = yes
workgroup = ACMELABS
security = share
[homes]
comment = Home Directories
browseable = no
read only = no
create mode = 0750
[public]
comment = Temporary file space
path = /public
read only = no
public = yes
Basically, I have a Linux box and I want /public to be accessible to the
windows machines on the local network without any security, and I want home
directories to be accessible with a username and password. Now with 2.0.5a,
the windows machines prompt for a password for user "IPC$" when trying
to
browse the shares, and I can't list them on the Linux machine:
server:/home/chrism# smbclient -L server
added interface ip=192.168.1.1 bcast=192.168.1.255 nmask=255.255.255.0
Password:
session setup failed: ERRSRV - ERRbadpw (Bad password - name/password pair
in a)
server:/home/chrism#
(at the password prompt I simply pressed enter)
So, what am I doing wrong?
Thanks,
Chris Martin
It says in docs/textdocs/NetBIOS.txt that static NetBIOS entries can be added to the wins database, yet I can find nothing that says exactly how this is done. can anyone help me? Also, if I were to set the option "wins proxy=yes", does this mean it will reply to broadcast queries for computers on other subnets that it knows about? Could this be used to provide access to other subnets for computers on my subnet that don't use wins but insist on braodcast queries?
> Date: Wed, 23 Feb 2000 17:34:22 -0600 > From: Graham Allan <allan@physics.umn.edu> > To: samba@samba.org > Subject: Re: Set Uid Failures > Message-ID: <20000223173422.J6056@lanark.spa.umn.edu> > Mime-Version: 1.0 > Content-Type: text/plain; charset=us-ascii > > We have a similar problem with 2.0.6 on Compaq Tru64 (previously > Digital) Unix 4.0F. This share is for NT roaming profiles and works > fine with 2.0.5a. > > [2000/02/23 00:59:51, 1] smbd/service.c:(535) > peevish (128.101.220.114) connect to service profiles as user allan > (uid=5000, > gid=5000) (pid 920) > [2000/02/23 00:59:51, 0] lib/util_sec.c:(52) > Failed to set uid privileges to (0,5000) now set to (5000,5000) > [2000/02/23 00:59:51, 0] lib/util.c:(2456) > PANIC: failed to set uid > > util_sec.c does appear much changed from 2.0.5a but I don't know the > cause of the problem. I have too many variables which have changed since > building 2.0.5a to be sure of anything (new OS version, patches, C > compiler...). I can only guess it is the call to unbecome_user() in > smbd/service.c which is failing. It is almost behaving as if we have a > trapdoor uid system (as I understand it), despite never being a problem > in previous Samba versions.After run "configure", change in file include/config.h line "define USE_SETREUID" to "define USE_SETEUID" This was documented at http://us1.samba.org/listproc/samba-technical/old/5082.html Question for Jeremy: Will it be fixed in 2.0.7 ??? Best regards Ludek Babor E-Mail: Babor@Glavunion.cz operation manager E-Mail: Ludek.Babor@cz.glaverbel.com Glaverbel Czech, a.s., Teplice Tel: +420-417-503085 (+420-602-388003) Sklarska 450 Fax: +420-417-508085 416 74 Teplice FIDO: 2:423/74.13 PGP key available from PGP key servers (http://www.pgp.net/pgpnet) I use MIME ISO-8859-2 friendly software.
Try this:
In your smb.conf file create a share map point:
[groups]
comment = group specific shares
path = /pchome/groups
browseable = yes
public = no
writable = yes
printable = no
create mask = 660
force directory mode = 775
force create mode = 664
Create the underlying unix directory as in the following example whch
sets up for the three groups programming (prog), technical support
(tech), and systems admin (sysadm):
# PCHOME=/pcfilesystem
# mkdir $PCHOME/groups
# chmod 755 $PCHOME/groups
# for i in prog tech sysadm
# do
# mkdir $PCHOME/groups/$i
# chgrp $i $PCHOME/groups/$i
# chmod 770 $PCHOME/groups/$i
# done
Proper "deny unless specifically granted" permissions are provided
using
the above technique. The /pchome parent directory is setup chmod 555 or
chmod 755 so that only (sysadm) can add, delete, or modify entries. This
provides security against trojan horses and world writeable security
issues.
drwxr-xr-x root root /pchome
Groups directory is setup in order for individuals to share files
amongst members of their departments and workgroups. The permissions on
the groups parent directory
/pchome/groups is set chmod 755 / chown root:bin to provide security and
control. Member directories of /pchome/groups are set chmod 770 /
root:GID. Setting the group
ownership (ex: chgrp sysadm /pchome/groups/sysadm) allows ONLY group
members (controlled from NIS+, NIS or /etc/group) to access the contents
of each groups directory. Only sysadm is allowed to create entries in
the groups parent directory. Group members have full control of their
group directories and can create whatever directory structure they want
underneath the primary entry.
drwxr-xr-x root bin /pchome/groups
drwxrwx--- root prog /pchome/groups/prog
drwxrwx--- root staff /pchome/groups/tech
drwxrwx--- root sysadmin /pchome/groups/sysadm
- Jim Mulholland (jem@peri.com)
Periphonics, A Nortel Networks Company
"Gary Neff" <gary@gneff.com> wrote:
> Date: Tue, 29 Feb 2000 00:37:38 -0500
> From: "Gary Neff" <gary@gneff.com>
> To: "Samba" <samba@samba.org>
> Subject: permissions
> Message-ID: <NDBBICIKKLABJPAGDCJMCEOCCJAA.gary@gneff.com>
> MIME-Version: 1.0
> Content-Type: multipart/alternative;
> boundary="----=_NextPart_000_0008_01BF824D.2E435300"
>
> This is a multi-part message in MIME format.
>
> ------=_NextPart_000_0008_01BF824D.2E435300
> Content-Type: text/plain;
> charset="iso-8859-1"
> Content-Transfer-Encoding: 7bit
>
> once again I have the same problem can anyone help , I have several
share> folders that I want everyone to be able to read write and delete and I
have> create mode set at 0750 in homes but thats not working, I can change
> permissions on the fly but want the client to be able to add a
document and> then have another user modify it . I am looking for something to
enable this> share in the directories only can anyone help , please reply direct as
I am> in the middle of programming this machine. Thanks in advance.
> Gary Neff
> gary@gneff.com
> http://www.gneff.com