basic authenticated share needed - SMB

This is a discussion on basic authenticated share needed - SMB ; Hi, I have a brand new install of Samba 3.0 on a Debian box. The client needs 2 shares which are accessible by all users without authentication. And one share which should only be available to a few users who ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: basic authenticated share needed

  1. basic authenticated share needed

    Hi,

    I have a brand new install of Samba 3.0 on a Debian box.

    The client needs 2 shares which are accessible by all users without
    authentication.

    And one share which should only be available to a few users who have been
    told a shared password.

    All users are using WinXP PC's.

    (Now I have set up Samba before to authenticate users using XP and win98
    PC's, download roaming profiles, run config.pol, etc etc. So I thought
    this new task would be easy!)

    So I thought a simple security = share should do it. Obviously the open
    shares are easily set up - I create the unix user, set the share to the
    same name, set 'force user' to the same name, and change read-only to 'no'
    and the shares work fine with the permissions being created correctly on
    the server.

    But how do I set up a share which the users need to supply a password for
    before they can access it?

    Tried the 'username' set to the unix username but the WinXP PC's seem to
    want to log on as the user Guest and the password of the unix user does not
    work.

    Maybe the answer should be to switch to security = user and hopefully the
    PC's will allow the user to select the username as well as the password
    when attempting to connect to the service?

    I would prefer to use security = share I think because it seems to me that
    it should be simpler and more elegant.

    Again, what I need is a file share which asks the users for a password
    before they are allowed to conect - and several users can access the same
    share with the same password.

    Thanks,

    Kevin



  2. Re: basic authenticated share needed

    kevin bailey wrote:

    > Hi,
    >
    > I have a brand new install of Samba 3.0 on a Debian box.
    >
    > The client needs 2 shares which are accessible by all users without
    > authentication.
    >
    > And one share which should only be available to a few users who have been
    > told a shared password.
    >
    > All users are using WinXP PC's.
    >
    > (Now I have set up Samba before to authenticate users using XP and win98
    > PC's, download roaming profiles, run config.pol, etc etc. So I thought
    > this new task would be easy!)
    >
    > So I thought a simple security = share should do it. Obviously the open
    > shares are easily set up - I create the unix user, set the share to the
    > same name, set 'force user' to the same name, and change read-only to 'no'
    > and the shares work fine with the permissions being created correctly on
    > the server.
    >
    > But how do I set up a share which the users need to supply a password for
    > before they can access it?
    >
    > Tried the 'username' set to the unix username but the WinXP PC's seem to
    > want to log on as the user Guest and the password of the unix user does
    > not work.
    >
    > Maybe the answer should be to switch to security = user and hopefully the
    > PC's will allow the user to select the username as well as the password
    > when attempting to connect to the service?
    >
    > I would prefer to use security = share I think because it seems to me that
    > it should be simpler and more elegant.
    >
    > Again, what I need is a file share which asks the users for a password
    > before they are allowed to conect - and several users can access the same
    > share with the same password.
    >
    > Thanks,
    >
    > Kevin



    Kind of found my own answer..

    Simply added the unix user to the smbpasswd file. This seems to mean that
    the share name gets used as the username and so the password works.

    I thought this would work against the unix passwd file but must have read
    the docs wrong!

    Its the accounts and test shares which now get work for the password
    supplied to both /etc/passwd and smbpasswd files - and the files are
    happily stored in the user's unix home dirs with the correct permissions.

    seawind25:~# cat /etc/samba/smb.conf
    # Samba config file created using SWAT
    # from 10.130.1.25 (10.130.1.25)
    # Date: 2006/10/04 00:34:19

    # Global parameters
    [global]
    workgroup = SEAWIND
    server string = %h server (Samba %v)
    security = SHARE
    obey pam restrictions = Yes
    passdb backend = tdbsam, guest
    passwd program = /usr/bin/passwd %u
    passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
    *Retype\snew\sUNIX\spassword:* %n\n .
    syslog = 0
    log file = /var/log/samba/log.%m
    max log size = 1000
    dns proxy = No
    panic action = /usr/share/samba/panic-action %d
    invalid users = root

    [homes]
    comment = Home Directories
    create mask = 0700
    directory mask = 0700
    browseable = No

    [printers]
    comment = All Printers
    path = /tmp
    create mask = 0700
    printable = Yes
    browseable = No

    [print$]
    comment = Printer Drivers
    path = /var/lib/samba/printers

    [accounts]
    path = /home/accounts
    force user = accounts
    read only = No
    nt acl support = No

    [public]
    path = /home/public
    force user = public
    read only = No
    guest ok = Yes
    nt acl support = No

    [backups]
    path = /srv/backups
    force user = backups
    read only = No
    guest ok = Yes
    nt acl support = No

    [test]
    path = /home/test
    valid users = test
    force user = test
    read only = No
    available = No



+ Reply to Thread