Re: [Samba] how to access public shares without password even when security = user
hello there, does not ANYone have an idea about this following post? On Tue, Oct 11, 2011 at 4:50 PM, Athanasios Silis < athanasios.si...@gmail.com> wrote: > Hello everyone, > I have always thought that with security = user , a login window will > pop-up and you must insert credentials to access the shares of a samba > server. > > Yet here I am sitting in front of a QNAP system file server, running Samba > 3.5.2. When I type in the address of the samba server, I am presented with > the top level shares (public or not). No login window pops up.. Then if I > try to access some of these shares (that are not public), a login in window > will pop up.. > I checked the QNAP's smb.conf thoroughly and found the following > > security = USER > map to guest = Bad User > > I used the 'map to user' option in another samba server i have > (slackware64 v13.37) Samba v.3.5.10. I also allowed guest users > I almost mimiced the behaviour. I.e. I access the samba server, a login > window pops up, i can type in some random characters and will access the > shares without the need for a proper username password. > > But I want to omit having a login window pop up in the top level of the > shares. how should I go about doing that? (of course that will map me to > some guest user and give me access to public folders. the private folders > should still throw a login window at me) > > Thank you for your help > > Nass > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] how to access public shares without password even when security = user
Hello everyone, I have always thought that with security = user , a login window will pop-up and you must insert credentials to access the shares of a samba server. Yet here I am sitting in front of a QNAP system file server, running Samba 3.5.2. When I type in the address of the samba server, I am presented with the top level shares (public or not). No login window pops up.. Then if I try to access some of these shares (that are not public), a login in window will pop up.. I checked the QNAP's smb.conf thoroughly and found the following security = USER map to guest = Bad User I used the 'map to user' option in another samba server i have (slackware64 v13.37) Samba v.3.5.10. I also allowed guest users I almost mimiced the behaviour. I.e. I access the samba server, a login window pops up, i can type in some random characters and will access the shares without the need for a proper username password. But I want to omit having a login window pop up in the top level of the shares. how should I go about doing that? (of course that will map me to some guest user and give me access to public folders. the private folders should still throw a login window at me) Thank you for your help Nass -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba authenticates only against the primary group of a user?
Hello everyone! I seem to be have a bit of a problem setting up a few network folders for a my office on a Qnap storage device running Samba -v3.5.2. So I ask: when the 'write list' of a share contains ONLY groups, and a user tries to log on to that share, then samba authenticates against the primary group only of that user only?? Here is the example that fails: -the user is 'isak' -the group of interest is 'iso_ops'. This user belongs these groups: everyone, engineers, iso_ops (this is the order I get when I run the command 'groups' from a shell) -The shared folder in question is 'iso'. this folder has the following permissions: no individual user permissions have been set (every tickbox is blank). group 'everyone' is denied access. group 'iso_ops' has read/write access. the relevant smb.conf part is this: [iso] comment = ISO files path = /share/MD0_DATA/iso browsable = yes oplocks = yes ftp write only = no public = yes invalid users = "guest",@"everyone" read list = write list = @"iso_ops",@"administrators" valid users = "root",@"iso_ops",@"administrators" inherit permissions = yes So normally, I would expect that user 'isak', is allowed read/write access to 'iso' folder, because he is member of the 'iso_ops' group. However, now I try to log on to the share as 'isak' but I never get past the login prompt.. If I move @everyone to the 'valid users' then I can log on AND I can write to the network share, since @iso_ops can write to the share (even though @everyone can't).. So - correct me if I'm wrong - but it seems that users are authenticated only against their primary group! This is most upsetting since on the machine I am running samba on, I don't have the command usermod is order to change the primary groups of my user (in fact even though I have ssh access, the system is optimised to be setup from its web interface - and I can't set the primary group from there either). But that doesn't seem like a rational behaviour of samba altogether - usermod would merely tackle some of the problems that can arise. Let me explain: -there are a few engineering related shared folders that the @engineers group can authenticate against -there is this one 'iso' folder that @iso_ops can authenticate against. -Dearest user isak is an engineer (thus in the engineers group), but is also responsible for keeping the ISO9001 files for the office -imagine how much of an important person! -by authenticating against only the primary group, isak can only access the engineering folders, or the iso folder depending of which one is his primary group - BUT NOT BOTH! this is a non welcoming behaviour that can only be tackled by allowing @everyone to have read access to the shares - unwelcomed too. So finally is there a way to make samba try and authenticate a user against ALL of his groups (and not just the primary one)? Thank you very much for your help Thanassis Silis I -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba