Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 921
  • Last Modified:

samba shares accessibility

Hi everyone,

I would like to define 2 samba shares on my network. I have a 3-leg perimeter with a samba-server on the green zone (with all my other clients and servers).

1 share is a public share for all the clients and servers. So no authentication
1 share is a share which only clients may access. So authentication with the local accounts on the linux-server.

Is this possible to access 1 share without authentication and the other one with authentication?
And how what would the stanza of the 2 shares be in the smb.conf ?

Thanks in advance!
0
Silencer001
Asked:
Silencer001
  • 3
  • 2
2 Solutions
 
Monis MontherSystem ArchitectCommented:
Yes it is possible

 the first share would be like

[public share]
path =/path/to/dir
guest ok = yes
readonly = no

[auth share]
path = /path/to/dir
read only = no

For the public share in the global section you must have

guest account = nobody
map to guest = bad user


Note: Permissions on the dir form the LInux side must be appropriate
Note: Add your users to Samba.To do that you must first create accounts for them under linux

useradd username

Then you need to add them into samba

smbpasswd -a username

Note: If you have a lot of users it would be better if you make this a Domain similar to MS AD but this would be another story.
0
 
Silencer001Author Commented:
Hi small_student, thanks for your reply!!
But I don"t understand what you mean with "for the public share in the global section you must have"..

Is it like this:
[public share]
path =/path/to/dir
guest ok = yes
readonly = no
guest account = nobody
map to guest = bad user

I just want to give everyone full access so I will give 777 on the dir. Or is this not smart?

But the problem is that I need to give in a password when I want to connect to the server. So when I access \\172.27.10.10, I will be promted for a password. How can I resolve this so that I only need to give in a password when I want to join auth share?

And is there also a way to just block access to the auth share for server by its ip-address?

I also added the users to samba.

Thanks for your reply already, much appreciated!
0
 
Silencer001Author Commented:
Hi Small_Student,

I just adapted the settings and worked like a charm!! Really nice help!
I gave 770 for the auth share and 777 for the public share. (I changed the group-owner to the group with the users that may access the samba-server).

So the next 2 lines made sure that you don't need to logon immediatly when you access the samba-server? Can you please give me some additional information about these 2 lines?

guest account = nobody
map to guest = bad user


Already thank you soo much! 500 point coming your way! ;-)

Kind regards,

Sven
0
 
Monis MontherSystem ArchitectCommented:
Sorry to respond lately I just checked my mail and saw your posts.

The way samba works is as follows.

A windows machine makes a request to a Samba Server.
Windows Credentials are different than Linux. Windows use LanMan and NTPasswd. Unix/Linux use UID/GID.
Samba maps the windows user to a corresponding Linux user to access the share. This is why Linux permissions are also important and you must have Linux and Samba Users.

Finally to have a public account this means anyone must map to a specific user. Here in our case comes the line

guest account = nobody

This means for shares that have guest access map any request to the Linux account nobody.
nobody is a user under Linux you can check this user by running the following command

grep nobody /etc/passwd

Finally when would samba map a request to the guest account? This would be the

map to guest = bad user

Which means for unknown users map them to the guest account and these are users who do not have a username or password.

Hope this helps  
0
 
Silencer001Author Commented:
Wow thanks, great explanation!!

Thanks for all your information!!
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now