Here is my problem: Previously, I was using Samba as a PDC and everybody logged in with WXP and then they had roaming profiles and all was grand, except sometimes my students had really big pictures and such being saved to their "My Documents." That's bad. When it came time to log off, other students sometimes had to wait 20 minutes. A Bad thing. So, this year, I scrapped the roaming profiles and got some XP Home Edition machines. I simply shared files on the server using Samba. It's fine. All the machines have a mapped network drive to the homes directory. When they click it, they are prompted for a username and password. They gain access to the server. They can do things exactly as I want them to be able to do things. One little problem. A student pointed out that if he didn't enter a password, it worked just the same. A user can enter any username and as long as it is a user on the server, they have access to that file without supplying a password or supplying a bogus password. It's a bad thing. Can anybody help? Keep in mind that this is a modified smb.conf. I previously had it when I had the samba as a PDC and some of the settings while seemingly illogical are carryovers. Me not sharp enough or have enough time to bother with trying to change them. Here is my smb.conf:> # Samba config file created using SWAT > # from 0.0.0.0 (0.0.0.0) > # Date: 2003/09/10 12:54:53 > > # Global parameters > [global] > netbios name = WALDO > encrypt passwords = Yes > update encrypted = Yes > null passwords = Yes > passwd program = /usr/bin/passwd %u > passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* > log file = /var/log/samba/%m.log > max log size = 1000 > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u > domain logons = Yes > os level = 255 > domain master = Yes > wins support = Yes > default service = homes > path = /home > guest account = root > read only = No > printing = lprng > browseable = No > locking = No > > [homes] > comment = Home Directories > guest account = %S > valid users = %S > browseable = Yes > > [printers] > comment = All Printers > path = /var/spool/samba > printable = Yes > > [lab] > path = /var/spool/samba > printable = Yes > printer name = lab > oplocks = No-- James Bear montpelier.k12.nd.us God is good...all the time.
Hi, James, you wrote: JB> One little problem. A student pointed out that if he didn't enter a JB> password, it worked just the same. A user can enter any username and as JB> long as it is a user on the server, they have access to that file JB> without supplying a password or supplying a bogus password. It's a bad JB> thing.>> null passwords = YesJust guessing (and looking up the option in the docs): Remove that line ... best regards .... Stefan G. Weichinger mailto:monitor@oops.co.at
James Bear ?rta:> Here is my problem: > > Previously, I was using Samba as a PDC and everybody logged in with > WXP and then they had roaming profiles and all was grand, except > sometimes my students had really big pictures and such being saved to > their "My Documents." That's bad. When it came time to log off, > other students sometimes had to wait 20 minutes. A Bad thing. > > So, this year, I scrapped the roaming profiles and got some XP Home > Edition machines. I simply shared files on the server using Samba. > It's fine. All the machines have a mapped network drive to the homes > directory. When they click it, they are prompted for a username and > password. They gain access to the server. They can do things exactly > as I want them to be able to do things. > > One little problem. A student pointed out that if he didn't enter a > password, it worked just the same. A user can enter any username and > as long as it is a user on the server, they have access to that file > without supplying a password or supplying a bogus password. It's a > bad thing. > > Can anybody help? Keep in mind that this is a modified smb.conf. I > previously had it when I had the samba as a PDC and some of the > settings while seemingly illogical are carryovers. Me not sharp > enough or have enough time to bother with trying to change them. Here > is my smb.conf: > >> # Samba config file created using SWAT >> # from 0.0.0.0 (0.0.0.0) >> # Date: 2003/09/10 12:54:53 >> >> # Global parameters >> [global] >> netbios name = WALDO >> encrypt passwords = Yes >> update encrypted = Yes >> null passwords = Yes >> passwd program = /usr/bin/passwd %u >> passwd chat = *New*password* %n\n *Retype*new*password* %n\n >> *passwd:*all*authentication*tokens*updated*successfully* >> log file = /var/log/samba/%m.log >> max log size = 1000 >> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 >> add user script = /usr/sbin/useradd -d /dev/null -g 100 -s >> /bin/false -M %u >> domain logons = Yes >> os level = 255 >> domain master = Yes >> wins support = Yes >> default service = homes >> path = /home >> guest account = root >> read only = No >> printing = lprng >> browseable = No >> locking = No >> >> [homes] >> comment = Home Directories >> guest account = %S >> valid users = %S >> browseable = Yes >> >> [printers] >> comment = All Printers >> path = /var/spool/samba >> printable = Yes >> >> [lab] >> path = /var/spool/samba >> printable = Yes >> printer name = lab >> oplocks = No > >I think instead of guest account = root you should definitely use guest account = nobody Or you will give root access to your every badly authenticated user :-( Which looks strange to me is the fact that I haven't seen a map to guest statement in your smb.conf. You could also solve your problem, with map to guest = never. Good Luck! Geza Gemes