I previously had an older version of Samba installed with the following smb.conf: ; Make sure and restart the server after making changes to this file, ex: ; /etc/rc.d/init.d/smb stop ; /etc/rc.d/init.d/smb start [global] ; Uncomment this if you want a guest account guest account = nobody log file = /var/log/samba-log.%m lock directory = /var/lock/samba share modes = yes workgroup = ACMELABS security = share [homes] comment = Home Directories browseable = no read only = no create mode = 0750 [public] comment = Temporary file space path = /public read only = no public = yes ; Make sure and restart the server after making changes to this file, ex: ; /etc/rc.d/init.d/smb stop ; /etc/rc.d/init.d/smb start [global] ; Uncomment this if you want a guest account guest account = nobody log file = /var/log/samba-log.%m lock directory = /var/lock/samba share modes = yes workgroup = ACMELABS security = share [homes] comment = Home Directories browseable = no read only = no create mode = 0750 [public] comment = Temporary file space path = /public read only = no public = yes Basically, I have a Linux box and I want /public to be accessible to the windows machines on the local network without any security, and I want home directories to be accessible with a username and password. Now with 2.0.5a, the windows machines prompt for a password for user "IPC$" when trying to browse the shares, and I can't list them on the Linux machine: server:/home/chrism# smbclient -L server added interface ip=192.168.1.1 bcast=192.168.1.255 nmask=255.255.255.0 Password: session setup failed: ERRSRV - ERRbadpw (Bad password - name/password pair in a) server:/home/chrism# (at the password prompt I simply pressed enter) So, what am I doing wrong? Thanks, Chris Martin
It says in docs/textdocs/NetBIOS.txt that static NetBIOS entries can be added to the wins database, yet I can find nothing that says exactly how this is done. can anyone help me? Also, if I were to set the option "wins proxy=yes", does this mean it will reply to broadcast queries for computers on other subnets that it knows about? Could this be used to provide access to other subnets for computers on my subnet that don't use wins but insist on braodcast queries?
> Date: Wed, 23 Feb 2000 17:34:22 -0600 > From: Graham Allan <allan@physics.umn.edu> > To: samba@samba.org > Subject: Re: Set Uid Failures > Message-ID: <20000223173422.J6056@lanark.spa.umn.edu> > Mime-Version: 1.0 > Content-Type: text/plain; charset=us-ascii > > We have a similar problem with 2.0.6 on Compaq Tru64 (previously > Digital) Unix 4.0F. This share is for NT roaming profiles and works > fine with 2.0.5a. > > [2000/02/23 00:59:51, 1] smbd/service.c:(535) > peevish (128.101.220.114) connect to service profiles as user allan > (uid=5000, > gid=5000) (pid 920) > [2000/02/23 00:59:51, 0] lib/util_sec.c:(52) > Failed to set uid privileges to (0,5000) now set to (5000,5000) > [2000/02/23 00:59:51, 0] lib/util.c:(2456) > PANIC: failed to set uid > > util_sec.c does appear much changed from 2.0.5a but I don't know the > cause of the problem. I have too many variables which have changed since > building 2.0.5a to be sure of anything (new OS version, patches, C > compiler...). I can only guess it is the call to unbecome_user() in > smbd/service.c which is failing. It is almost behaving as if we have a > trapdoor uid system (as I understand it), despite never being a problem > in previous Samba versions.After run "configure", change in file include/config.h line "define USE_SETREUID" to "define USE_SETEUID" This was documented at http://us1.samba.org/listproc/samba-technical/old/5082.html Question for Jeremy: Will it be fixed in 2.0.7 ??? Best regards Ludek Babor E-Mail: Babor@Glavunion.cz operation manager E-Mail: Ludek.Babor@cz.glaverbel.com Glaverbel Czech, a.s., Teplice Tel: +420-417-503085 (+420-602-388003) Sklarska 450 Fax: +420-417-508085 416 74 Teplice FIDO: 2:423/74.13 PGP key available from PGP key servers (http://www.pgp.net/pgpnet) I use MIME ISO-8859-2 friendly software.
Try this: In your smb.conf file create a share map point: [groups] comment = group specific shares path = /pchome/groups browseable = yes public = no writable = yes printable = no create mask = 660 force directory mode = 775 force create mode = 664 Create the underlying unix directory as in the following example whch sets up for the three groups programming (prog), technical support (tech), and systems admin (sysadm): # PCHOME=/pcfilesystem # mkdir $PCHOME/groups # chmod 755 $PCHOME/groups # for i in prog tech sysadm # do # mkdir $PCHOME/groups/$i # chgrp $i $PCHOME/groups/$i # chmod 770 $PCHOME/groups/$i # done Proper "deny unless specifically granted" permissions are provided using the above technique. The /pchome parent directory is setup chmod 555 or chmod 755 so that only (sysadm) can add, delete, or modify entries. This provides security against trojan horses and world writeable security issues. drwxr-xr-x root root /pchome Groups directory is setup in order for individuals to share files amongst members of their departments and workgroups. The permissions on the groups parent directory /pchome/groups is set chmod 755 / chown root:bin to provide security and control. Member directories of /pchome/groups are set chmod 770 / root:GID. Setting the group ownership (ex: chgrp sysadm /pchome/groups/sysadm) allows ONLY group members (controlled from NIS+, NIS or /etc/group) to access the contents of each groups directory. Only sysadm is allowed to create entries in the groups parent directory. Group members have full control of their group directories and can create whatever directory structure they want underneath the primary entry. drwxr-xr-x root bin /pchome/groups drwxrwx--- root prog /pchome/groups/prog drwxrwx--- root staff /pchome/groups/tech drwxrwx--- root sysadmin /pchome/groups/sysadm - Jim Mulholland (jem@peri.com) Periphonics, A Nortel Networks Company "Gary Neff" <gary@gneff.com> wrote:> Date: Tue, 29 Feb 2000 00:37:38 -0500 > From: "Gary Neff" <gary@gneff.com> > To: "Samba" <samba@samba.org> > Subject: permissions > Message-ID: <NDBBICIKKLABJPAGDCJMCEOCCJAA.gary@gneff.com> > MIME-Version: 1.0 > Content-Type: multipart/alternative; > boundary="----=_NextPart_000_0008_01BF824D.2E435300" > > This is a multi-part message in MIME format. > > ------=_NextPart_000_0008_01BF824D.2E435300 > Content-Type: text/plain; > charset="iso-8859-1" > Content-Transfer-Encoding: 7bit > > once again I have the same problem can anyone help , I have severalshare> folders that I want everyone to be able to read write and delete and Ihave> create mode set at 0750 in homes but thats not working, I can change > permissions on the fly but want the client to be able to add adocument and> then have another user modify it . I am looking for something toenable this> share in the directories only can anyone help , please reply direct asI am> in the middle of programming this machine. Thanks in advance. > Gary Neff > gary@gneff.com > http://www.gneff.com