Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Debian User (http://www.linux-archive.org/debian-user/)
-   -   samba query (http://www.linux-archive.org/debian-user/280253-samba-query.html)

Daniel Dalton 11-14-2009 02:26 AM

samba query
 
Hi,

How can I make samba only accept log ins, if the password supplied by
the client, matches that username on the server? eg. blank or wrong
passwords shouldn't be allowed access to the server, so how do I enable
this? It seems samba by default accepts blank passwords, and lets the
client mount the share, or even if the password is wrong.

Also, will this behaviour that I am asking about be compatible with win
xp? I'll add a user on the linux server, with the same user name as the
xp one, will the xp client be able to connect?

Thanks,
Dan.

David Parker 11-14-2009 02:50 AM

samba query
 
> Hi,
>
> How can I make samba only accept log ins, if the password
> supplied by
> the client, matches that username on the server? eg. blank or wrong
> passwords shouldn't be allowed access to the server, so how do I
> enablethis? It seems samba by default accepts blank passwords,
> and lets the
> client mount the share, or even if the password is wrong.
>
> Also, will this behaviour that I am asking about be compatible
> with win
> xp? I'll add a user on the linux server, with the same user name
> as the
> xp one, will the xp client be able to connect?
>
> Thanks,
> Dan.

This works fine for me.* You might simply be missing a line in your config file or something.

In your smb.conf:

*** # Guest account
*** guest account = smbguest

*** # Security mode
*** security = user

*** # Passwords
*** encrypt passwords = true
*** smb passwd file = /etc/samba/smbpasswd
* * unix password sync = Yes
* * passwd program = /usr/bin/passwd %u
* * passwd chat = *New*password* %n
*Retype*new*password* %n
*passwd:*all*authentication*tokens*updated*success fully*
*** pam password change = yes

* * # User authentication
* * username map = /etc/samba/smbusers
*** obey pam restrictions = yes

*** # Anonymous users mapped to guest user
*** map to guest = bad user

In your smbusers file, map Linux usernames to Windows usernames:

*** smbguest = "guest"
*** myuser = "My User"

So the Windows user "My User" would get mapped to the Linux user myuser.* You can specify passwords for the Samba users using smbpasswd:

*** smbpasswd -c /etc/samba/smb.conf myuser

And just replace /etc/samba with the path to your smb.conf file if it is different.

This works fine for me from Windows XP.* When I access a Samba share I get prompted for the password, and if I put in an incorrect password then I get re-prompted a few times and eventually locked out (technically I get mapped to the Samba guest user, but my guest user has no access).* If I put in the correct password then itall works fine.

Hope this helps.

*** - Dave

Daniel Dalton 11-14-2009 11:13 AM

samba query
 
On Fri, Nov 13, 2009 at 10:50:10PM -0500, David Parker wrote:
> This works fine for me.* You might simply be missing a line in your config
> file or something.
>
> In your smb.conf:

Thanks:) I'll give that a shot and see how it goes. On a home network
with wpa encryption, and a firewall that drops just about everything,
except out going, and receiving of data from a connection that was
established from behind the router, am I pretty safe to not worry about
password encryption? I do trust everyone currently on the network. Or is
it still a good idea. I'll enable it for another level of security, but
just wondering how necessary this is for a small home network?

Thanks,
Dan

"David A. Parker" 11-16-2009 08:10 PM

samba query
 
Daniel Dalton wrote:

On Fri, Nov 13, 2009 at 10:50:10PM -0500, David Parker wrote:

This works fine for me. You might simply be missing a line in your config
file or something.

In your smb.conf:


Thanks:) I'll give that a shot and see how it goes. On a home network
with wpa encryption, and a firewall that drops just about everything,
except out going, and receiving of data from a connection that was
established from behind the router, am I pretty safe to not worry about
password encryption? I do trust everyone currently on the network. Or is
it still a good idea. I'll enable it for another level of security, but
just wondering how necessary this is for a small home network?



The "encrypt passwords" option specifies whether or not Samba expects
plain-text or encrypted passwords to be transmitted from the client, and
it also affects how those passwords are stored in the smbpasswd file.
As I understand it, encrypted passwords are required in order for Samba
to work correctly with modern version of Windows (2000 and newer). This
option should be enabled unless you have some specific reason to disable it.


- Dave

--

Dave Parker
Utica College
Integrated Information Technology Services
(315) 792-3229
Registered Linux User #408177


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org


All times are GMT. The time now is 07:38 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.