Samba Security

Posted on 2005-04-06
Last Modified: 2013-12-16
Hi guys, hope you can help me out.

Ive got samba server working "ok" on my linux box, but I have a concern.

This is what Ive done.

1. In smb.conf

security = user
encrypted passwords = yes
Created a share
public = no
valid users = root

2.I then ran smbpasswd
smbpasswd -a root <password>
I did this to add a password for root to the smbpasswd file.

Now, when I connect through using UNC path from a Windows box, it prompts me (which is good) for a valid username and password.
I enter in root for username and the password that I put in when I ran the smbpasswd command. This works.

Now the issue I have...........

If, from the windows box, I mapped a network drive to the above share on the linux box and input the same credentials, and get in successfully, which I do, but then DISCONNECT the share, and then even stop and restart the smb service on the linux box, and then just connect to the same share through UNC (eg.\\servername\sharename) WITHOUT putting in credentials, I DONT get prompted for username and password. It's as if the Samba server has recorded the ip address or some other identity from the computer from which I connected originally from. So, if on subsequent times I connect from that SAME windows box, I dont get prompted for credentials. This is a BIG concern for our company.

Is there some switch or line I have to set in the smb.conf file or some configuration I have to do on the samba server to STOP this from happening, and to ALWAYS ask or prompt for user credentials??????

Thanks guys.

You are the best.


Question by:Simon336697
    LVL 40

    Assisted Solution

    The problem lies in the windows machine. Once you've authenticated sucessfully to the Samba server windows will cache that username & password. Within that windows session it will use the cached information for subsequent maps of the share. Logging out of windows, or rebooting if you aren't logging in to windows, will clear the cache.
    LVL 22

    Accepted Solution

    Hmm - Do you really want to type in "root" and then "password" every time you access a single byte of data fronm the samba server? How much time do you want to waste retyping in the username/password? What is the correct 'balance' between useability/security?

    Have you ever wondered why Windows has the ability to 'logout'?

    If you logout, then the password cache will get cleared.....however, on logging in, if the username/password that you've logged in as matches those required for the samba server, then connection will be 'automatic', and you will not be prompted for the username/password again.
    LVL 1

    Author Comment

    Thanks guys.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…
    Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
    Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
    Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now