Zane Minninger
2005-Jan-31 22:41 UTC
[Samba] Ver 3.0.4 Anonymous access, no Password required
I have searched the Docs, How-to's, and this news group/ Mailing list and still haven't found what I am looking for, at least not an answer. I am simply trying to allow access to public shares on my Linux PC (slackware 10). I have a directory setup but the only way to get in is to send a Username and Password. I am setting it up for WinXP and Win2K PC's to access. I have set up the nobody account, even gave it a password of nothing and enabled it. Still WinXP requests a userID and password. I do have a mildly, but not outrageous, custom setting. I have 2 nics and only want one of them to be accessed by windows request. I am not sure what account the WinXP tries to connect with by default. I can make a share on Windows and tell it to allow read access by anyone, so no one has to enter an ID or password. Is this possible in Samba and I passed some critical information to make this work? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ; /etc/smb.conf ; ; Make sure and restart the server after making changes to this file, ex: ; /etc/rc.d/init.d/smb stop ; /etc/rc.d/init.d/smb start [global] ; Uncomment this if you want a guest account workgroup = Trigun server string = Niles Server guest account = nobody log file = /var/log/samba/samba-log.%m lock directory = /var/lock/samba share modes = yes interfaces = X.X.X.225/29 ; 1 of 5 Statics, Subnet 255.255.255.248 encrypt passwords = yes smb passwd file = /etc/smbpasswd ; valid users = %s [Upload] comment = Upload Area path = /var/ftp/pub/uploaded read only = no public = yes writable = yes printable = no ;[homes] ; comment = Home Directories ; browseable = no ; read only = no ; create mode = 0750 [Pub] comment = Public Folder path = /var/ftp/pub public = yes writable = no printable = no write list = midnight ~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Any help would be appriciate, and sorry if seems I'm upset, frustrated is more like it. Every post I've seen has a couple of suggestions and then no "yes it worked, no it didn't". And there are only 3 or so I could find in the archive. --Zane P.S. On a side not, I would love to have the Homes sections un commented but if I use an ID with no password for the time being, it gives the home directory of the ID. I hope if there is a solution to the no password dialog box, that it will allow homes to be opened. If not, any suggestions? All suggestions are welcome, as well as any improvements to this config are welcome. I know so little, I'm amazed I got samba to work, last time and 1 week later I had nothing working.
Hi ! What is the setting for your security level ? From the look of your smb.conf, you have security=user, which means only users known to Samba (with smbpasswd -a) can even access the server, let alone write on its shares. Maybe you should switch to security=share, this might work. I wouldn?t apply this to the homes share, though. J?rg ----- Original Message ----- From: "Zane Minninger" <zminninger@gmail.com> To: <samba@lists.samba.org> Sent: Monday, January 31, 2005 11:41 PM Subject: [Samba] Ver 3.0.4 Anonymous access, no Password required>I have searched the Docs, How-to's, and this news group/ Mailing list > and still haven't found what I am looking for, at least not an answer. > > I am simply trying to allow access to public shares on my Linux PC > (slackware 10). I have a directory setup but the only way to get in > is to send a Username and Password. I am setting it up for WinXP and > Win2K PC's to access. I have set up the nobody account, even gave it > a password of nothing and enabled it. Still WinXP requests a userID > and password. > > I do have a mildly, but not outrageous, custom setting. I have 2 > nics and only want one of them to be accessed by windows request. I > am not sure what account the WinXP tries to connect with by default. > > I can make a share on Windows and tell it to allow read access by > anyone, so no one has to enter an ID or password. Is this possible in > Samba and I passed some critical information to make this work? > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > ; /etc/smb.conf > ; > ; Make sure and restart the server after making changes to this file, ex: > ; /etc/rc.d/init.d/smb stop > ; /etc/rc.d/init.d/smb start > > [global] > ; Uncomment this if you want a guest account > workgroup = Trigun > server string = Niles Server > guest account = nobody > log file = /var/log/samba/samba-log.%m > lock directory = /var/lock/samba > share modes = yes > interfaces = X.X.X.225/29 ; 1 of 5 Statics, Subnet 255.255.255.248 > encrypt passwords = yes > smb passwd file = /etc/smbpasswd > ; valid users = %s > > [Upload] > comment = Upload Area > path = /var/ftp/pub/uploaded > read only = no > public = yes > writable = yes > printable = no > > ;[homes] > ; comment = Home Directories > ; browseable = no > ; read only = no > ; create mode = 0750 > > [Pub] > comment = Public Folder > path = /var/ftp/pub > public = yes > writable = no > printable = no > write list = midnight > ~ > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > Any help would be appriciate, and sorry if seems I'm upset, frustrated > is more like it. Every post I've seen has a couple of suggestions and > then no "yes it worked, no it didn't". And there are only 3 or so I > could find in the archive. > > --Zane > > P.S. On a side not, I would love to have the Homes sections un > commented but if I use an ID with no password for the time being, it > gives the home directory of the ID. I hope if there is a solution to > the no password dialog box, that it will allow homes to be opened. If > not, any suggestions? All suggestions are welcome, as well as any > improvements to this config are welcome. I know so little, I'm amazed > I got samba to work, last time and 1 week later I had nothing working. > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba >
Gerald (Jerry) Carter
2005-Feb-01 12:10 UTC
[Samba] Ver 3.0.4 Anonymous access, no Password required
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 remote wrote: | Hi ! | | What is the setting for your security level ? From | the look of your smb.conf, you have security=user, which means | only users known to Samba (with smbpasswd -a) can even access | the server, let alone write on its shares. Maybe you should | switch to security=share, this might work. I | wouldn?t apply this to the homes share, though. My standing recommendation for guest access is security = user map to guest = bad user It avoids the confusion associated with security = share. cheers, jerry ====================================================================Alleviating the pain of Windows(tm) ------- http://www.samba.org GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc "I never saved anything for the swim back." Ethan Hawk in Gattaca -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB/3GvIR7qMdg1EfYRAhlkAJ4q/H25xjeuRjIHbNdY9NxRPbprdACfXaDN vEuummQIVfsuW1VSB8TLLBw=RrCR -----END PGP SIGNATURE-----
Zane Minninger
2005-Feb-08 00:12 UTC
[Samba] Ver 3.0.4 Anonymous access, no Password required
On Wed, 2 Feb 2005 11:52:18 -0700, John H Terpstra <jht@samba.org> wrote:> Zane, > > In your original post you asserted that the documentation is deficient. > In what way are you offering to rectify the deficiency? >I have found, that my original question, was from lack of understaning security. It was to get users to view the public directories on my Samba box without a password. I believe remote fixed that by telling me I should have Security = share in the global. That part, I did find in the documentation, particularly the Samba-guide.pdf, which I hadn't seen or found before you mentioned it. This caused my other desired function, to fail. (Samba based permissions to give a user write access, and allow others only read)> In the open source world there are many deficiencies - its just a fact of > life. The rule with open source is that because you have the source you can > fix the deficiency. That is something of an unwritten responsibility - when > you find a problem you fix it so that the next person does not have to go > through the same pain you did.I know, and I would be glad to help in any way possible. I love finding solutions and posting them in an effort to help other resolve their problems. I unfortunantly I haven't gotten into installing/usering the C++ compiler yet, although I think my 2 years of programing would be highly inadequite to even attemt to fix a problem (unless Very minor or small), I wouldn't be able to repair the source code.> > So please help sort out the deficiencies. There are two official Samba > documents: The Samba-HOWTO-Collection and the Samba-Guide. > I welcome your documentation updates in any form you can provide them. > You have my total attention and my commitment to fix the gaping holes. > > On Wednesday 02 February 2005 04:01, Zane Minninger wrote: > > Ok, I have read that PDF, and is doesn't look like it goes into what I > > want, but there is SO much info there, I'll be taking it to bed a for > > a few nights. Here is the basics that I have been able to > > understand--- > > > > I would like to have no username/password box appear when users on > > Win2000 and WinXP browse to \\server\ I would also like certain > > folders (\\server\pub\) to not require a username/password and only > > have Read access. > > Windows opens a secure channel to a server. It authenticates only the first > time that secure channel is opened. Subsequent connections from the client > use only already established credentials. You therefore can not do what you > want. In Windows NT4/200x/XPP an authentication failure may result in a > pop-up asking for new credentials but you should not depend on that for > access control as in many situations the client will not permit you access > anyhow.I agree, and concur. If you use the same loging session on the client box, the credientials are cached. I have been re-logging in each time after a successful attaching to the share, which does clear the credentials. The original though was if I needed to have write access to a folder, before making any connection to it, I could map a drive with crendentials and have the full access I needed. If I didn't, I just browse and could only read the data.> > > > The next step is the trick. > > > > Is there a way where in Windows I can Map a network drive and choose a > > different Username/password to connect to the \\server\pub share to > > give me permissions to add/delete. > > You just need to set your permissions and privileges in UNIX/Linux to work > correctly, or create additional shares for the same directory share point.That was the other way I was going to look into it. I do have the correct rights on the Unix system. The default / generic user has read to all folders in data (he has no rights but security is 775 for all files / folders in the shared directory. That should allow him read and execute, and it does if security = Share is turned on.> > > > OR > > > > Is there a way I can setup one share to not prompt for a > > Username/password and set another folder to prompt for a > > Username/Password. > > Show me how you would do this in Windows - Samba works that same way that > Windows does.In windows, I have tested this just now, My 2003 domain server (The pc is not attached, never has been, and there is no user accounts on it, app testing box only) I created a share, data. I gave permissions to the share of User1 and everyone. Everyone only has read. User1 has full control. I further went into the file system properties, stipped out all of MS's permissions and set User1 full control of all files and everyone read, read & execute, and List folder contents. I created 2 direcory below that. One private, one public. I kept the same permissions on public, giving user1 full and everyone read, read&execute, and list folder contents. I took out the everyone access to the private share and gave user1 full access. So, in a Linux based system, it would should look like this (correct me if I'm wrong) DATA (755) (I'm setting group access to 5 for now) | |------Public (755) | |------Private (700) So, with this configuration on the Win2003 server, again, my Personal PC is not part of the domain nor am I useing the same user name as the user on the box, I can log onto my WinXP pc, browse to \\server\data and it shows me the folders public and private. I can not copy a file here. I browse to public, I can not copy a file here either. I can not browse to private. Error, no access/permission. I log off my WinXP pc, and re login. I then map a network drive to z:\ \\server\data specifing a user of user1 and his password. When I browse my z:\ I can copy a file there (data directory), I can browse to public and copy a file there, I can browse to Private and copy a file there. The original test, where I didn't map a drive, and I just browsed to \\server\data gave me the access I needed, and just as importantly, did not ask me for a username / password. Again, this was my orignal desire. I don't like using windows, it doesn't house my large data structure, and I don't like having to re-load the OS every couple of years, trying to presuve the permissions, ETC so I want to use linux for this.> > ----------- > > From what I have seen, security = share will ignore all user login > > information. So, if I set the access to Share, Everyone can see > > everything. Period. Essentially I can't control a particular user > > access to any share. > > You need to read and digest the documentation better. Share mode security uses > only a password. That password can be "no password" or a password for read > access or for "full control" access. Read the documentation - that > information is in the Samba-HOWTO-Collection.I'll look samba's site as well as the how-to sites again for that, I never saw a place for that, although I'm not sure if that will help, I'm more than willing to learn.> > > > If I set the Security = User, it requires a username and password for > > each connection, even to \\server\. It won't let anyone connect and > > just view the certain shares. > > > > So, in senario terms, Bob can browse \\server\share1 from his PC and > > can see everything in the folder with read writes but not > > create/delete/modify rights. He adds a drive mapping for > > \\server\share1 and sets it to Z:, choosing to specify a username and > > password. He can now access \\server\share1 via Z:\ and has the > > pemission to create/delete/modify the files/folders. > > > > OR > > > > Senario 2, Bob browses to \\server\share1 where he can read all files, > > but doesn't have create/delete/modify rights, but he then browses to > > \\server\share2 which is the same directory as share1, but he is > > promped for a username and password, which he puts in and has full > > access to the folder. > > > > I hope this helps. I understand if I get replys of "It doesn't work > > that way, you can't do it, ETC" It would just be nice for anonymous > > read access, and then I can login and modfiy the files. > > How would you do all this with a Windows NT4/200x/XP server backend? > Samba does it the same way!I posted above a little more information about how I can attain the results I want on a Windows 2003 server. If need be, I'll put in my Win2000 server HD and test on the OS as well, although I think it will be the same.> - John T.Thank you for all your help John, as you probably notice I'm relativly new to Linux as a whole ane even more so to samba. Any help would be greatfull. If you would like, I have PC Anywhere setup on both my PC and Win2003 server if you want to see what I'm talking about with my example. And thank you for your patience.
Maybe Matching Threads
- upg. CentOS 7.5 to 7.6: unable to mount smb shares - samba NT domain member using ldap
- cannot get a list of Win2000/NT shares using SMBCLIENT -L with anonymous login
- custom permission for single user deep in tree where he has no access
- SMB winbind NT PDC
- How to hide shares for users that have no rights