Gary Stainburn
2015-Jan-27 09:37 UTC
[Samba] FW: desperate help needed - Samba and security = share
On Tuesday 27 January 2015 06:43:13 Andrew Bartlett wrote:> You will need to define your 150 users on your server, give them Samba > passwords and give them access to those shares via standard unix groups > and group permissions on the share folders, or (less preferred) the > valid users entry in smb.conf. > > I hope this helps, > > Andrew BartlettHi Andrew, That is exactly what I don't want to have to do. The work required initially plus the ongoing maintenance because of the turnover in staff here make that unworkable. I have installed CentOS and now have a version of Samba that still supports security = share I now have my fingers crossed that I can get it working because last time I used CentOS I couldn't get Samba to work properly either which is why I stayed with Fedora.
TAKAHASHI Motonobu
2015-Jan-27 16:43 UTC
[Samba] FW: desperate help needed - Samba and security = share
From: Gary Stainburn <gary.stainburn at ringways.co.uk> Subject: Re: [Samba] FW: desperate help needed - Samba and security = share Date: Tue, 27 Jan 2015 09:37:35 +0000> All of my servers run the same type of setup and it's all based > around "security = share". Why is this so universally declared as bad?? > > I know when I built some F16 servers it said that "security = share" was > depreciated but it still let me use it. Now with F20 it just refuses."security = share" is based on Windows 9x architecture and cannot support modern protocols such as SMB2 or later and security features. This is why it became depreciated and was removed. --- TAKAHASHI Motonobu <monyo at monyo.com> / @damemonyo facebook.com/takahashi.motonobu
Gaiseric Vandal
2015-Jan-27 16:45 UTC
[Samba] FW: desperate help needed - Samba and security = share
On 01/27/15 04:37, Gary Stainburn wrote:> On Tuesday 27 January 2015 06:43:13 Andrew Bartlett wrote: >> You will need to define your 150 users on your server, give them Samba >> passwords and give them access to those shares via standard unix groups >> and group permissions on the share folders, or (less preferred) the >> valid users entry in smb.conf. >> >> I hope this helps, >> >> Andrew Bartlett > Hi Andrew, > > That is exactly what I don't want to have to do. > > The work required initially plus the ongoing maintenance because of the > turnover in staff here make that unworkable. > > I have installed CentOS and now have a version of Samba that still supports > security = share > > I now have my fingers crossed that I can get it working because last time I > used CentOS I couldn't get Samba to work properly either which is why I > stayed with Fedora.So how are the users logging into the computers now? At some point it may just be worth the pain to switch to a domain model?
Ryan Bair
2015-Jan-27 16:49 UTC
[Samba] FW: desperate help needed - Samba and security = share
Eventually you'll have to bite the bullet and modernize your configuration. I'd say you have until 2020 when CentOS 6 goes past EOL but past experience has shown that there can be compatibility issues with old Samba versions and newer Windows clients/software. Disabling/removing and adding members is rather easy. samba-tool user disable olduser samba-tool user add newuser Passw0rd samba-tool group addmembers sales newuser Create a basic group policy options for mapping drives, shortcuts, printers, etc. and it should be touch free on the client side. On Tue, Jan 27, 2015 at 4:37 AM, Gary Stainburn < gary.stainburn at ringways.co.uk> wrote:> On Tuesday 27 January 2015 06:43:13 Andrew Bartlett wrote: > > You will need to define your 150 users on your server, give them Samba > > passwords and give them access to those shares via standard unix groups > > and group permissions on the share folders, or (less preferred) the > > valid users entry in smb.conf. > > > > I hope this helps, > > > > Andrew Bartlett > > Hi Andrew, > > That is exactly what I don't want to have to do. > > The work required initially plus the ongoing maintenance because of the > turnover in staff here make that unworkable. > > I have installed CentOS and now have a version of Samba that still supports > security = share > > I now have my fingers crossed that I can get it working because last time I > used CentOS I couldn't get Samba to work properly either which is why I > stayed with Fedora. > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Ricky Nance
2015-Jan-27 16:59 UTC
[Samba] FW: desperate help needed - Samba and security = share
On Tue, Jan 27, 2015 at 10:43 AM, TAKAHASHI Motonobu <monyo at monyo.com> wrote:> From: Gary Stainburn <gary.stainburn at ringways.co.uk> > Subject: Re: [Samba] FW: desperate help needed - Samba and security = share > Date: Tue, 27 Jan 2015 09:37:35 +0000 > > > All of my servers run the same type of setup and it's all based > > around "security = share". Why is this so universally declared as bad?? > > > > I know when I built some F16 servers it said that "security = share" was > > depreciated but it still let me use it. Now with F20 it just refuses. > > "security = share" is based on Windows 9x architecture and cannot support > modern protocols such as SMB2 or later and security features. This is why > it became depreciated and was removed. > > --- > TAKAHASHI Motonobu <monyo at monyo.com> / @damemonyo > facebook.com/takahashi.motonobu > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >Gary, take a look at https://wiki.samba.org/index.php/Public_Samba_Server and see if it will fit your needs. Ryan, samba-tool only works if you are running samba as an AD DC, if he is just wanting simple sharing, he will need to use the older binaries (smbpasswd, pdbedit, etc.) Good luck, Ricky
Gary Stainburn
2015-Jan-27 17:08 UTC
[Samba] FW: desperate help needed - Samba and security = share
On Tuesday 27 January 2015 16:45:51 Gaiseric Vandal wrote:> So how are the users logging into the computers now? At some point it > may just be worth the pain to switch to a domain model?We are still using workgroups and local users. The local user is (usually) user1. Every time the staff member changes I simply change the display name locally on the Windows client. Each PC connects to shares served by the old server using simple mapped network drives set up using the Windows GUI. On a very small number of client PC's (3 or 4) I have connection problems and I get round this by having a BAT file with the required "net use" commands. Gary
L.P.H. van Belle
2015-Jan-28 08:24 UTC
[Samba] FW: desperate help needed - Samba and security = share
If you need a quick fix for a share setup.. This is what i use at home, so you can make your users happy again. and now you can have te time to setup a nice samba4 AD DC ;-) #======================= Global Settings ====================== [global] workgroup = PRIVATE server string = %h server dns proxy = yes ; name resolve order = lmhosts host wins bcast #### Networking #### # interfaces = 127.0.0.0/8 eth0 # bind interfaces only = yes #### Debugging/Accounting #### log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d ####### Authentication ####### ## stand alone everything open. security = user guest ok = yes map to guest = bad password #### encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\ n *password\supdated\ssuccessfully* . pam password change = yes ########## Printing ########## #---- disable printing completely load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes #======================= Share Definitions ====================== [homes] comment = Home Directorie browseable = no read only = yes create mask = 0770 directory mask = 0770 valid users = %S [downloads] path = /media/diverse/downloads read only = No # acl_xattr:ignore system acl = yes guest ok = yes # force user = xbmc Greetz, Louis>-----Oorspronkelijk bericht----- >Van: gary.stainburn at ringways.co.uk >[mailto:samba-bounces at lists.samba.org] Namens Gary Stainburn >Verzonden: dinsdag 27 januari 2015 18:08 >Aan: samba at lists.samba.org >Onderwerp: Re: [Samba] FW: desperate help needed - Samba and >security = share > >On Tuesday 27 January 2015 16:45:51 Gaiseric Vandal wrote: >> So how are the users logging into the computers now? At >some point it >> may just be worth the pain to switch to a domain model? > >We are still using workgroups and local users. The local user >is (usually) >user1. Every time the staff member changes I simply change the >display name >locally on the Windows client. > >Each PC connects to shares served by the old server using >simple mapped >network drives set up using the Windows GUI. On a very small >number of >client PC's (3 or 4) I have connection problems and I get >round this by >having a BAT file with the required "net use" commands. > >Gary >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba > >
Reasonably Related Threads
- FW: desperate help needed - Samba and security = share
- FW: desperate help needed - Samba and security = share
- FW: desperate help needed - Samba and security = share
- faI2ban detecting and banning but nothing happens
- Detecting empty office doc containing virus macro