smb.conf states "This user must exist in the passwd file, but does not
require a valid login"
What exactly does this mean? As I understand it, adding a user with
'smbpasswd -a nobody' automatically gives it a valid login.
My reasons for asking are;
I added myself to passdb.tdb with my passwd.
I added the 'nobody' user to passdb.tdb with no passwd.
I then logged in to an XP host which has a user account for me, but no
passwd.
I couldn't browse the workgroup, but could log on to the samba host
directly via UNC. E.g. \\<samba-host> with user:'nobody' - pass:
<empty>
Only problem with that is that a home dir appeared for 'nobody' which
happened to be the '/' (root) dir. NOT good!
Surely, it shouldn't do that?
So then I tried with 'guest account = guest'
Deleted the 'nobody' user from passdb.tdb
I created a /home/guest dir and added and enabled 'guest' to the
passdb.tdb.
This then lets me only log on to the [public] share. However, if I click
the 'Up' button on the XP host's file manager (Explorer), I can get
back
up to the root of the host directly (i.e. \\<samba-host> ) and suddenly
see both the [public] share and the guest home dir.
If there are 'guest ok = Yes' defined shares, then I would expect to
still be able to browse the workgroup and see available shares on the
samba host, albeit only those 'guest ok' defined shares. And I certainly
wouldn't expect to see any home dir for a limited user.
Using the following setup;
[global]
workgroup = HOME
server string domain master = Yes
interfaces = lo, eth1
bind interfaces only = Yes
os level = 95
security = user
passdb backend = tdbsam
guest account = guest
unix password sync = Yes
passwd program = /usr/bin/userpasswd %u
passwd chat = *password:* %n\n *password:* %n\n *successfully.*
restrict anonymous = 2
[homes]
valid users = %S
read only = No
browseable = No
[public]
comment = Public Shared
path = /home/shares/pub
read only = No
guest ok = Yes
--
------------------------------------------------------------------------
Kind Regards
Kyle
Kyle wrote:> smb.conf states "This user must exist in the passwd file, but does not > require a valid login" > What exactly does this mean? As I understand it, adding a user with > 'smbpasswd -a nobody' automatically gives it a valid login.What it means is that you need the user in your *nix accounts, but it doesn't need to have a valid password. Don't create a Samba account for the guest account. It's already called guest as far as Windows/Samba care. I think that's where you are going wrong. TB
Kyle wrote:> smb.conf states "This user must exist in the passwd file, but does not > require a valid login" What exactly does this mean?It means exactly what it says, the specified user must exist in the passwd file (as in the list of valid unix users), but does not require a valid login (as in a samba login).> As I understand it, adding a user with 'smbpasswd -a nobody' > automatically gives it a valid login.Correct, so don't do that.> I couldn't browse the workgroup, but could log on to the samba host > directly via UNC. E.g. \\<samba-host> with user:'nobody' - pass: <empty>This isn't how the guest account works. The guest account is the account used to access files when "map to guest" is triggered. e.g. I have an XP machine with the username "fred", I try to connect to a samba host which has "map to guest = bad user" and *does not have an account called fred* I will be granted access to guest shares and all of my reads and writes will be performed using the unix id "nobody".> Only problem with that is that a home dir appeared for 'nobody' which > happened to be the '/' (root) dir. NOT good!This is because you aren't connecting as a guest user, you are connecting as a normal user who happens to have the same UID as the guest user.> > So then I tried with 'guest account = guest' > Deleted the 'nobody' user from passdb.tdb > I created a /home/guest dir and added and enabled 'guest' to the > passdb.tdb. > > This then lets me only log on to the [public] share. However, if I > click the 'Up' button on the XP host's file manager (Explorer), I can > get back up to the root of the host directly (i.e. \\<samba-host> ) > and suddenly see both the [public] share and the guest home dir. > > If there are 'guest ok = Yes' defined shares, then I would expect to > still be able to browse the workgroup and see available shares on the > samba host, albeit only those 'guest ok' defined shares. And I > certainly wouldn't expect to see any home dir for a limited user.This is entirely expected behaviour. You aren't a "limited user" if you authenticate with valid credentials. *Michael Heydon - IT Administrator * michaelh@jaswin.com.au <mailto:michaelh@jaswin.com.au>
Oops, lets bring the list back in on this... Jeffrey Hathaway wrote:> You can totally fix this by setting up your home drive to DENY guest, and thereofr ya root see the "/" partition anymore. > > TRY this > > [homes] > comment = Home Directories > read only = No > browseable = No > invalid users = nobody > guest ok = no > > > Then in your smbusers, set this up. > > # Unix_name = SMB_name1 SMB_name2 ... > root = administrator admin > nobody = guest pcguest smbguest > and go ahead and setup the username nobody up in samba with no pass, and you should be all set.What benefits does this offer over the normal samba guest access? As far as I can see it is more complicated (you are creating accounts that aren't needed, generating a share for it, and then denying access to the share) and less user friendly (users have to login rather than letting "map to guest" sort things out). *Michael Heydon - IT Administrator * michaelh@jaswin.com.au <mailto:michaelh@jaswin.com.au>