Greg Sims
2008-Jan-13 16:29 UTC
[Samba] Standalone Server with Wins -- Password Not Required onWin/XP
I tried adding "guest ok = no" in the [homes] section below and got the same results. On first access from a WinXP Client, the system requests a userid and password. If you provide a userid and password, the system will Not allow you to view the shares. The only way (that I've found) to get passed this is to provide the userid Only -- this allows access to a window that contains the shares. Clicking on one of the share icons provides access to the shares without ever entering a password. This is the security issue we need help fixing. I'm looking forward to some feedback on this. Thanks! Greg -----Original Message----- Hi There, I created a standalone server on CentOS 5.1 with samba at 25b on an x86_64 system. The shares defined below are available to the windows xp clients on the 10.43.10.x/24 subnet. Samba also provides win server support to this subnet. We are having problems with password protection associated with the shares. The first access to the samba server requests a userid -- this likely allows samba to understand which home share should be displayed. At this point, the client can access both the 'homes' share and the 'orr' share without ever entering a password -- this is a security issue for us. We need to figure out how to configure samba to enforce userid & password protection prior to allowing access to a share. Below is a copy of the smb.conf file that we are using for testing. [global] # workgroup and server identification workgroup = ORRRANCH server string netbios name = ORR00 interfaces = 10.43.10.0/24 lo bind interfaces only = yes hosts allow = 10.43.10. 127.0.0. # logs split per machine; max 50KB per log file, then rotate log file = /var/log/samba/%m.log max log size = 50 # default user security, encrypted passwords and tdbsam security = user encrypt passwords = yes passdb backend = tdbsam # allow samba to be the domain master browser if possible local master = yes os level = 33 preferred master = yes domain master = yes # samba is a wins server for the system; use wins first wins support =yes name resolve order = wins hosts bcast [homes] comment = Home Directories browseable = no writable = yes valid users = %S path = /samba/home/%S [orr] comment = Orr Ranch Share path = /samba/orr valid users = greg catherine sarah brandon guest ok = no writable = yes printable = no create mask = 0765 Each of the 'valid users' have ids on the system and have used smbpasswd to create samba passwords. Nsswitch.conf has been modified to add 'wins' to the 'hosts' line to assist with names resolution. Any assistance would be appreciated!! Thanks, Greg -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Michelle Dupuis
2008-Jan-13 16:37 UTC
[Samba] Standalone Server with Wins -- Password Not Required onWin/XP
Try access your linux samba box by IP from windows (\\1.2.3.4) instead of by name (\\servername). Same result?> -----Original Message----- > From: samba-bounces+support=ocg.ca@lists.samba.org > [mailto:samba-bounces+support=ocg.ca@lists.samba.org] On > Behalf Of Greg Sims > Sent: Sunday, January 13, 2008 11:23 AM > To: samba@lists.samba.org > Subject: [Samba] Standalone Server with Wins -- Password Not > Required onWin/XP > > I tried adding "guest ok = no" in the [homes] section below > and got the same results. > > On first access from a WinXP Client, the system requests a > userid and password. If you provide a userid and password, > the system will Not allow you to view the shares. The only > way (that I've found) to get passed this is to provide the > userid Only -- this allows access to a window that contains > the shares. Clicking on one of the share icons provides > access to the shares without ever entering a password. This > is the security issue we need help fixing. > > I'm looking forward to some feedback on this. Thanks! Greg > > -----Original Message----- > > Hi There, > > I created a standalone server on CentOS 5.1 with samba at 25b > on an x86_64 system. The shares defined below are available > to the windows xp clients on the 10.43.10.x/24 subnet. Samba > also provides win server support to this subnet. > > We are having problems with password protection associated > with the shares. > The first access to the samba server requests a userid -- > this likely allows samba to understand which home share > should be displayed. At this point, the client can access > both the 'homes' share and the 'orr' share without ever > entering a password -- this is a security issue for us. > > We need to figure out how to configure samba to enforce > userid & password protection prior to allowing access to a > share. Below is a copy of the smb.conf file that we are using > for testing. > > [global] > > # workgroup and server identification > workgroup = ORRRANCH > server string > netbios name = ORR00 > > interfaces = 10.43.10.0/24 lo > bind interfaces only = yes > hosts allow = 10.43.10. 127.0.0. > > # logs split per machine; max 50KB per log file, then rotate > log file = /var/log/samba/%m.log > max log size = 50 > > # default user security, encrypted passwords and tdbsam > security = user > encrypt passwords = yes > passdb backend = tdbsam > > # allow samba to be the domain master browser if possible > local master = yes > os level = 33 > preferred master = yes > domain master = yes > > # samba is a wins server for the system; use wins first > wins support =yes > name resolve order = wins hosts bcast > > [homes] > comment = Home Directories > browseable = no > writable = yes > valid users = %S > path = /samba/home/%S > > [orr] > comment = Orr Ranch Share > path = /samba/orr > valid users = greg catherine sarah brandon > guest ok = no > writable = yes > printable = no > create mask = 0765 > > > Each of the 'valid users' have ids on the system and have > used smbpasswd to create samba passwords. Nsswitch.conf has > been modified to add 'wins' to the 'hosts' line to assist > with names resolution. > > Any assistance would be appreciated!! Thanks, Greg > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba
Reasonably Related Threads
- Standalone Server with Wins -- Password Not Required on Win/XP
- FW: Standalone Server with Wins -- Password Not Required onWin/XP
- [LLD] Slow callstacks in gdb
- [LLVMdev] question about alignment of structures on the stack (arm 32)
- [LLVMdev] question about alignment of structures on the stack (arm 32)