LINUX.ORG.RU
решено ФорумAdmin

Samba, приватные и неприватные шары

 , ,


1

1

Хочу, чтобы шара Movies была доступна гостю и пользователям, гостю без пароля, ro. Но чтобы при этом шара Private была доступна только пользователям по паролю.

Почему-то Private выдает NT_STATUS_WRONG_PASSWORD, но когда глобально security= user, то все ок, но тогда гостю нет доступа. ЧЯДНТ?!!!

samba 3.6.6.


[global]
  workgroup = WORKGROUP
  #realm = WORKGROUP
  netbios name = main
  server string = Main File Server
  load printers = no
  printing = bsd
  printcap name = /dev/null
  disable spoolss = yes
  log file = /var/log/samba/log.smbd
  max log size = 50
  max xmit = 65536
  dead time = 15
#  security = user
  security = share
  guest account = nobody
  auth methods = guest, sam_ignoredomain, winbind:ntdomain
  encrypt passwords = yes
  create mask = 0664
  directory mask = 0775
  domain master = no
  local master = yes
  preferred master = yes
  socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
  os level = 65
  use mmap = yes
  use sendfile = yes
  dns proxy = no
  #idmap uid = 10000-65000
  #idmap gid = 10000-65000
  dont descend = /proc,/dev,/etc
  admin users =
  null passwords = yes
  oplocks = no
unix extensions = no
  debug level = 1
  server signing = no
#  include = /usr/private/user_smb_conf/%U.smbconf
 # include = /usr/private/user_smb_conf/%D.smbconf
#[Configuration]
#  path = /Configuration
#  comment = System Configuration
#  public = yes
#  browseable = yes
 # writable = no
 # guest ok = yes

 [Private]
 path = /DataVolume/Public/
 comment = Private Share (For Administration Access)
 security = user
 writable = yes
 map read only = no
 guest only = no
 guest ok = no


 [Movies]
 path = "/DataVolume/Public/Shared Videos/"
 comment = Movies, Shows and Pr0n!
 public =  yes
 guest_ok = yes
 writeable = no
 browseable = yes
# map to guest = bad user


★★★★★

How to have a guest share on Samba without resorting to the deprecated "security = share" configuration.

This is a regular query on the Samba mailing list. When it comes to "security = share" just say no!
In a nutshell you need:

    A username map file.
    A valid 'nix "guest" user mapped to the Windows guest account ("nobody" in most distros).
    Proper smb.conf configuration.

In this example our username map file is /etc/samba/smbusers. It maps a 'nix user to a Windows user.

In smbusers:
nobody = guest

In smb.conf:
[global]
  ...
  security = user
  Map to guest = Bad User
  username map = /etc/samba/smbusers
  ...
  -- no 'valid users =' line --

[theshare]
  ...
  guest ok = yes
  -- no 'valid users =' line --
  ...
warmate ()
Ответ на: комментарий от visual

У пользователя с паролем все ок, у непользователя ничего вообще.

[global]
  workgroup = WORKGROUP
  #realm = WORKGROUP
  netbios name = main
  server string = Main File Server
  load printers = no
  printing = bsd
  printcap name = /dev/null
  disable spoolss = yes
  log file = /var/log/samba/log.smbd
  max log size = 50
  max xmit = 65536
  dead time = 15
  security = user
#  security = share
  guest account = nobody
  auth methods = guest, sam_ignoredomain, winbind:ntdomain
  encrypt passwords = yes
  create mask = 0664
  directory mask = 0775
  domain master = no
  local master = yes
  preferred master = yes
  socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
  os level = 65
  use mmap = yes
  use sendfile = yes
  dns proxy = no
  #idmap uid = 10000-65000
  #idmap gid = 10000-65000
  dont descend = /proc,/dev,/etc
  admin users =
  null passwords = yes
  oplocks = no
unix extensions = no
  debug level = 1
  server signing = no
#  include = /usr/private/user_smb_conf/%U.smbconf
 # include = /usr/private/user_smb_conf/%D.smbconf
#[Configuration]
#  path = /Configuration
#  comment = System Configuration
#  public = yes
#  browseable = yes
 # writable = no
 # guest ok = yes

 [Private]
 path = /DataVolume/Public/
 comment = Private Share (For Administration Access)
 security = user
 writable = yes
 map read only = no
 guest only = no
 guest ok = no


 [Movies]
 path = "/DataVolume/Public/Shared Videos/"
 comment = Movies, Shows and Pr0n!
 public =  yes
 guest_ok = yes
 writeable = no
 browseable = yes
 map to guest = bad user


Shaman007 ★★★★★ ()
Ответ на: комментарий от Shaman007
global]
  workgroup = WORKGROUP
  #realm = WORKGROUP
  netbios name = main
  server string = Main File Server
  load printers = no
  printing = bsd
  printcap name = /dev/null
  disable spoolss = yes
  log file = /var/log/samba/log.smbd
  max log size = 50
  max xmit = 65536
  dead time = 15
  security = user
 map to guest = bad user
  guest account = nobody
  auth methods = guest, sam_ignoredomain, winbind:ntdomain
  encrypt passwords = yes
  create mask = 0664
  directory mask = 0775
  domain master = no
  local master = yes
  preferred master = yes
  socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
  os level = 65
  use mmap = yes
  use sendfile = yes
  dns proxy = no
  #idmap uid = 10000-65000
  #idmap gid = 10000-65000
  dont descend = /proc,/dev,/etc
  admin users =
  null passwords = yes
  oplocks = no
unix extensions = no
  debug level = 1
  server signing = no

 [Private]
 path = /DataVolume/Public/
 comment = Private Share (For Administration Access)
 security = user
 writable = yes
 map read only = no
 guest only = no
 guest ok = no


 [Movies]
 path = "/DataVolume/Public/Shared Videos/"
 comment = Movies, Shows and Pr0n!
 public =  yes
 guest_ok = yes
 writeable = no
 browseable = yes

 [Books]
 path = /DataVolume/Public/Books/
 comment = Books
 public = yes
 guest ok = yes
 writeable = no
 browseable = yes

Shaman007 ★★★★★ ()
Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.