0
0
Обновил дебиан с etch на lenny и получил вот такие грабли:
$ smbclient -U spinal //192.168.0.200/spinal
Password:
Domain=[NET28] OS=[Unix] Server=[Samba 3.2.5]
Server not using user level security and no password supplied.
tree connect failed: NT_STATUS_WRONG_PASSWORD
Из-под винды нормально заходит через проводник \192.168.0.200spinal
с вводом пароля.
testparm:
[global]
workgroup = NET28
server string = %h
interfaces = 192.168.0.200, 192.168.234.200
bind interfaces only = Yes
security = SHARE
map to guest = Bad User
obey pam restrictions = Yes
passdb backend = tdbsam
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Entersnews*spassword:* %nn *Retypesnews*spassword:* %nn *passwordsupdatedssuccessfully* .
unix password sync = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
os level = 65
preferred master = Yes
domain master = Yes
dns proxy = No
wins support = Yes
panic action = /usr/share/samba/panic-action %d
invalid users = root
[homes]
comment = Home Directories
valid users = %S
read only = No
create mask = 0644
browseable = No
Ребят,поясните пожалуйста!нигде нормальной инфы по этому не могу найти!есть Debain, на нем стоит связка Samba+SWAT,под security=user все работает отлично, а вот под security=share работать отказывается, точнее когда ставлю guest ok=yes, то еще как-то заходит,если убрать это- нет прав,в самбе не зарубал ничего,юзаю acl.Объясните по-нормальному в чем разница между этими режимами?а то нигде нормального описания не встречал.и кстати,какую все-таки использует в качестве гостя учетку, я например стоящего по-умолчания nobody в smbpasswd вообще не довавлял и все равно входит под гостем!поясните плиз,очень нуждаюсь в помощи)!заранее спасибо!
- Forum
- The Ubuntu Forum Community
- Ubuntu Specialised Support
- Ubuntu Servers, Cloud and Juju
- Server Platforms
- [SOLVED] (Samba) Warning: security=share is deprecated
-
(Samba) Warning: security=share is deprecated
Hi guys. I’m almost done with my new file server. One of the functions it provides is a share for Clonezilla via Samba that both Linux and Windows machines need to access, as I image all my desktops and laptops to this share.
I noticed when running «testparm» that it tells me that security=share is deprecated. So, I removed security=share from smb.conf, and my share for Clonezilla no longer functions, so I had to add it back.
My question is, how do I address security=share being deprecated but still retain the exact same functionality? My /images share needs to be accessible to all, regardless of the username, and should never ask for password. Here are the config files:
smb.conf:
Code:
[global] server string = File Server workgroup = LITTLEBIGPLANET security = share name resolve order = bcast hosts wins client lanman auth=Yes wins support = yes include = /etc/samba/smbshared.conf
smbshared.conf:
Code:
[Images] path = /home/iris/HDD Images force user = iris read only = No guest ok = Yes
-
Re: (Samba) Warning: security=share is deprecated
The current equivalent for your purposes of «security = share» are the following 2 lines:
Code:
security = user map to guest = Bad User
The remote user name will be compared to the one found in the samba password database and if it doesn’t find a match it will be tagged a «Bad User» and mapped to the guest account.
The guest account by default is nobody:
Code:
testparm -sv /dev/null | grep "guest account"
There are some peculiar and very rare bugs however that show up from time to time that can be worked around by using «security = share». The developers insist they will remove the «share» option in the very next update but they have been saying that for 4 years now so maybe Samba4 will finally remove it
EDIT: I should have also noted that is you don’t add «map to guest = Bad User» it defaults to «map to guest = Never».
Code:
testparm -sv /dev/null | grep "map to guest"
Last edited by Morbius1; April 21st, 2012 at 04:15 PM.
-
Re: (Samba) Warning: security=share is deprecated
Originally Posted by Morbius1
The current equivalent for your purposes of «security = share» are the following 2 lines:
Code:
security = user map to guest = Bad User
The remote user name will be compared to the one found in the samba password database and if it doesn’t find a match it will be tagged a «Bad User» and mapped to the guest account.
The guest account by default is nobody:
Code:
testparm -sv /dev/null | grep "guest account"
There are some peculiar and very rare bugs however that show up from time to time that can be worked around by using «security = share». The developers insist they will remove the «share» option in the very next update but they have been saying that for 4 years now so maybe Samba4 will finally remove it
EDIT: I should have also noted that is you don’t add «map to guest = Bad User» it defaults to «map to guest = Never».
Code:
testparm -sv /dev/null | grep "map to guest"
Ok, so I don’t add map to guest to smb.conf, right?
-
Re: (Samba) Warning: security=share is deprecated
If you use «security = user» you must add «map to guest = Bad User».
-
Re: (Samba) Warning: security=share is deprecated
Originally Posted by Morbius1
If you use «security = user» you must add «map to guest = Bad User».
Thank you, I’ll start testing this right now.
Edit: So far, so good. Thanks!
Last edited by jlacroix; April 22nd, 2012 at 03:39 PM.
-
Re: (Samba) Warning: security=share is deprecated
Originally Posted by Morbius1
If you use «security = user» you must add «map to guest = Bad User».
I’m sorry: there is something that I am missing.
I also need to setup a «public folder» writable by anybody without any passwd check. If I do not use «security = share» I get immediately asked for username/password when trying to browse the public folder.
Here is my smb.confCode:
[global] workgroup = MyWorkgroup server string = %h Samba Server security = user map to guest = Bad User obey pam restrictions = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Entersnwes*spassword:* %nn *retypesnewspassword:* %nn *passwordsupdatedssuccesfully* . unix password sync = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1024 dns proxy = No usershare allow guests = Yes panic action = /usr/share/samba/panic-action %d [public] path = /usr/pub/share browsable = Yes guest ok = Yes read only = No create mask = 0755 directory mask = 0755 force user = nobody force group = nogroup
Can anybody give me a hint in the right direction?
-
Re: (Samba) Warning: security=share is deprecated
security = user
map to guest = Bad UserLet’s take as an example a Windows client. The same thing will happen with a Linux client but you have to go out of your way to make that happen in Linux. In Windows the client’s username and password is automatically sent when it browses for shares — this is done without the user’s knowledge. That forces Samba to deal with the sent credentials even though it’s a guest share that requires no authentication.
When that username is passed Samba will search through it’s password database for that user:
* If there is no match to the username the client user is tagged a «Bad User» and converted ( mapped ) to the guest account which by default is «nobody».
* If it finds a match to the username and there is a samba password that matches the one sent by the Windows client then the Windows user automatically gains access although not as an anonymous user which is why you needed to add «force user = nobody» to your share definition.
* If it finds a match to the username but the samba password does not match exactly the password that’s automatically sent by the Windows client then you will be prompted for a password — even for a guest share.
If all you have is that one guest share then check the samba password database:
If you have an entry for that remote user either make sure the samba password matches the remote users password exactly or simply remove the samba user from the database:
Code:
sudo smbpasswd -x user-name
Originally Posted by Morbius1
Bookmarks
Bookmarks
Posting Permissions
- Печать
Страницы: [1] Вниз
Тема: SAMBA не получается расшарить папку. (Прочитано 1961 раз)
0 Пользователей и 1 Гость просматривают эту тему.
Alex Gluck
Задача дать пользователям возможность расшаривать по самбе папки из файлового менеджера.
Команда для расшаривания
net usershare add [params]
руководство откуда я почерпнул эту информацию
Версия ОС и самбы
& lsb_release -d
Description: Fedora release 21 (Twenty One)
& uname -a
Linux 3.17.7-300.fc21.x86_64 #1 SMP Wed Dec 17 03:08:44 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
& yum list samba
Установленные пакеты
samba.x86_64 2:4.1.14-1.fc21 @updates
Инструкция которой пользовался
Проделанные процедуры: менял параметр security на все возможные, в случае значения share ошибка
WARNING: Ignoring invalid value 'share' for parameter 'security'
Пробовал расшарить через конфиг его правкой и через system-config-samba
Отключал SElinux
Либо недостаточно прав, либо ошибка подключения к ресурсу виндоус.
zotkindm
Alex Gluck
zotkindm
вот
и вообще
Description: Fedora release 21 (Twenty One)Не на том форуме спрашиваешь.
Alex Gluck
русский форум федоры закрыли, проблема с самбой а не федорой. гуи для самбы мне не нужны учитывая не работу стандратного функционала ПО. На другие форумы и джаберы я написал уже.
ALEX190185
Было дело..работает самба если отключить фаервол)
Мучался-мучался..отрубил фаервол..все пошло.Там с группами намудрили Федоровцы
Alex Gluck
Саму самбу не без помощи добрых людей настроил, но задача для не рут пользователей иметь возможность расшаривать любые свои папки которые они хотят. Так что вопрос как заставить на федоре21-воркстэйшн отрабатывать добавление шары по net usershare add открыт.
Ну и про решение, клиентами при тесте работы самба выступали федора21-воркстэйшн и минт17, тунар и немо багануто отображали папки самбы, телек с raspbmc корректно работает, винду достану позже и там проверю. Проблема была в клиентах, а не в сервере.
Alex Gluck
Проблема решена. Во время тестов я экспериментировал с правами, и впоследствии после установки лога в дебаг значением 10 нашёл проблему. Но это ещё не всё. А пока мои права и smb.conf
# chmod 1770 /var/lib/samba/usershare
# ll /var/lib/samba | grep usershare
drwxrwx--T. 2 root sambashare 4096 янв 11 00:15 usershare
# cat /etc/samba/smb.conf
[global]
usershare path = /var/lib/samba/usershare
usershare max shares = 10
usershare allow guests = yes
usershare owner only = yes
workgroup = WORKGROUP
server string = %L
security = user
map to guest = bad user
dns proxy = no
После этого список ресурсов появился, но оказывается параметр guest ok = yes запрещает неавторизованым юзерам просматривать содержимое ресурсов. А параметр guest ok = no разрешает гостевой доступ. Такие пироги.
- Печать
Страницы: [1] Вверх
I’m setting up a Samba server on Ubuntu 9.04 Server Edition.
What I’m trying to do is have a share that is readable by everyone, and writable by a select few.
I am able to login from my computer using smbclient //server/security -U brad,
but I am unable to connect using [Places->Connect to Server...] with a username and password.
One thought I came up with is that I’m using lower case letters in the password.
This is a portion of the /etc/samba/smb.conf file that was generated by swat.
/etch/samba/smbd.conf
[global] preferred master = Yes domain master = Yes wins support = Yes security = SHARE usershare allow guests = Yes guest ok = Yes null passwords = Yes guest account = samba map to guest = Bad User unix password sync = Yes lanman auth = Yes client plaintext auth = Yes lanman auth = Yes client NTLMv2 auth = Yes client lanman auth = Yes client plaintext auth = Yes [Security] comment = Security and Antivirus software path = /share/security write list = brad inherit permissions = Yes inherit owner = Yes hide special files = Yes hide unreadable = Yes
/var/log/samba/log.192.168.0.5
# smbclient //server/security -U brad [2009/05/04 09:45:31, 1] smbd/service.c:make_connection_snum(1111) 192.168.0.5 (192.168.0.5) connect to service Security initially as user brad (uid=1000, gid=1000) (pid 3129) [2009/05/04 09:48:49, 1] smbd/service.c:close_cnum(1323) 192.168.0.5 (192.168.0.5) closed connection to service Security # smbclient //server/security -U brad [2009/05/04 09:48:53, 1] smbd/service.c:make_connection_snum(1111) 192.168.0.5 (192.168.0.5) connect to service Security initially as user brad (uid=1000, gid=1000) (pid 3177) [2009/05/04 09:48:58, 1] smbd/service.c:close_cnum(1323) 192.168.0.5 (192.168.0.5) closed connection to service Security # smbclient //server/security -U brad # giving null password at prompt [2009/05/04 09:49:45, 1] smbd/service.c:make_connection_snum(1111) 192.168.0.5 (192.168.0.5) connect to service Security initially as user samba (uid=1024, gid=1024) (pid 3189) [2009/05/04 09:49:51, 1] smbd/service.c:close_cnum(1323) 192.168.0.5 (192.168.0.5) closed connection to service Security # connect with [Places->Connect to Server...] # with username and password # # # connect with [Places->Connect to Server...] # without username [2009/05/04 09:50:29, 1] smbd/service.c:make_connection_snum(1111) 192.168.0.5 (192.168.0.5) connect to service Security initially as user samba (uid=1024, gid=1024) (pid 3310)
When I log in using smbclient //server/security -U brad, I can delete a file I put there by other means.
All files and folders are currently owned by the username samba, but I am willing to change the owner if it would help.
I would really prefer to keep it under share mode security.
This is what I ended up doing:
[Security]
comment = Security & Antivirus software
path = /share/security
readonly = Yes
[Security$]
comment = Security & Antivirus software +rw
path = /share/security
browsable = No
administrative share = Yes