I am a bit surprised by the behaviour of Samba user permissions (security user) - although in fact it produces exactly what I want! Can I confirm it is correct, and ask one question? I have one class of shares (private) which I want only specified users to access. And another class which I want everyone to be able to access (public) but with a common password protection for some element of security from visitors on the lan with laptops etc. The private shares work fine, as expected with Samba users matching Windows users. What surprised me was that by omitting any authorised users for the public shares it allows (as I wanted it, but not as I expected it) anyone on the lan to access the public shares by entering a single authorised user name and password (I set up a general user and password in Samba for this purpose). I did not set up guest accounts. I had thought that user security needed to match the users actual user name and password in windows. So I was surprised by this behaviour. My question therefore is: is this a valid way to achieve what I want? And as a follow up, is there a way to require revalidation (this option does not seem to be accepted). Thanks Denys -- View this message in context: http://www.nabble.com/User-permissions---nil-authorised-users-tp19248582p19248582.html Sent from the Samba - General mailing list archive at Nabble.com.
Hi, On Wed, Sep 3, 2008 at 4:37 PM, dfirth <denys.firth@gmail.com> wrote:> > I had thought that user security needed to match the users actual user name > and password in windows. So I was surprised by this behaviour.This is not correct. security = user only means that users authenticate themselves by providing a username/password that matches a username/password in the *Samba* user database. By default, Windows uses the currently logged in user to authenticate against samba, that's why you can seamlessly connect to samba shares if the windows user/password happens to match a user/password combination in Samba's user database. However, you can just as well specify any other username/password to connect with, independent of the currently logged in Windows user. HTH, Richard