FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 11-14-2009, 02:26 AM
Daniel Dalton
 
Default samba query

Hi,

How can I make samba only accept log ins, if the password supplied by
the client, matches that username on the server? eg. blank or wrong
passwords shouldn't be allowed access to the server, so how do I enable
this? It seems samba by default accepts blank passwords, and lets the
client mount the share, or even if the password is wrong.

Also, will this behaviour that I am asking about be compatible with win
xp? I'll add a user on the linux server, with the same user name as the
xp one, will the xp client be able to connect?

Thanks,
Dan.
 
Old 11-14-2009, 02:50 AM
David Parker
 
Default samba query

> Hi,
>
> How can I make samba only accept log ins, if the password
> supplied by
> the client, matches that username on the server? eg. blank or wrong
> passwords shouldn't be allowed access to the server, so how do I
> enablethis? It seems samba by default accepts blank passwords,
> and lets the
> client mount the share, or even if the password is wrong.
>
> Also, will this behaviour that I am asking about be compatible
> with win
> xp? I'll add a user on the linux server, with the same user name
> as the
> xp one, will the xp client be able to connect?
>
> Thanks,
> Dan.

This works fine for me.* You might simply be missing a line in your config file or something.

In your smb.conf:

*** # Guest account
*** guest account = smbguest

*** # Security mode
*** security = user

*** # Passwords
*** encrypt passwords = true
*** smb passwd file = /etc/samba/smbpasswd
* * unix password sync = Yes
* * passwd program = /usr/bin/passwd %u
* * passwd chat = *New*password* %n
*Retype*new*password* %n
*passwd:*all*authentication*tokens*updated*success fully*
*** pam password change = yes

* * # User authentication
* * username map = /etc/samba/smbusers
*** obey pam restrictions = yes

*** # Anonymous users mapped to guest user
*** map to guest = bad user

In your smbusers file, map Linux usernames to Windows usernames:

*** smbguest = "guest"
*** myuser = "My User"

So the Windows user "My User" would get mapped to the Linux user myuser.* You can specify passwords for the Samba users using smbpasswd:

*** smbpasswd -c /etc/samba/smb.conf myuser

And just replace /etc/samba with the path to your smb.conf file if it is different.

This works fine for me from Windows XP.* When I access a Samba share I get prompted for the password, and if I put in an incorrect password then I get re-prompted a few times and eventually locked out (technically I get mapped to the Samba guest user, but my guest user has no access).* If I put in the correct password then itall works fine.

Hope this helps.

*** - Dave
 
Old 11-14-2009, 11:13 AM
Daniel Dalton
 
Default samba query

On Fri, Nov 13, 2009 at 10:50:10PM -0500, David Parker wrote:
> This works fine for me.* You might simply be missing a line in your config
> file or something.
>
> In your smb.conf:

Thanks I'll give that a shot and see how it goes. On a home network
with wpa encryption, and a firewall that drops just about everything,
except out going, and receiving of data from a connection that was
established from behind the router, am I pretty safe to not worry about
password encryption? I do trust everyone currently on the network. Or is
it still a good idea. I'll enable it for another level of security, but
just wondering how necessary this is for a small home network?

Thanks,
Dan
 
Old 11-16-2009, 08:10 PM
"David A. Parker"
 
Default samba query

Daniel Dalton wrote:

On Fri, Nov 13, 2009 at 10:50:10PM -0500, David Parker wrote:

This works fine for me. You might simply be missing a line in your config
file or something.

In your smb.conf:


Thanks I'll give that a shot and see how it goes. On a home network
with wpa encryption, and a firewall that drops just about everything,
except out going, and receiving of data from a connection that was
established from behind the router, am I pretty safe to not worry about
password encryption? I do trust everyone currently on the network. Or is
it still a good idea. I'll enable it for another level of security, but
just wondering how necessary this is for a small home network?



The "encrypt passwords" option specifies whether or not Samba expects
plain-text or encrypted passwords to be transmitted from the client, and
it also affects how those passwords are stored in the smbpasswd file.
As I understand it, encrypted passwords are required in order for Samba
to work correctly with modern version of Windows (2000 and newer). This
option should be enabled unless you have some specific reason to disable it.


- Dave

--

Dave Parker
Utica College
Integrated Information Technology Services
(315) 792-3229
Registered Linux User #408177


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 05:43 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org