Solved

samba shares accessibility

Posted on 2011-02-18
5
900 Views
Last Modified: 2012-05-11
Hi everyone,

I would like to define 2 samba shares on my network. I have a 3-leg perimeter with a samba-server on the green zone (with all my other clients and servers).

1 share is a public share for all the clients and servers. So no authentication
1 share is a share which only clients may access. So authentication with the local accounts on the linux-server.

Is this possible to access 1 share without authentication and the other one with authentication?
And how what would the stanza of the 2 shares be in the smb.conf ?

Thanks in advance!
0
Comment
Question by:Silencer001
  • 3
  • 2
5 Comments
 
LVL 14

Accepted Solution

by:
Monis Monther earned 500 total points
ID: 34932825
Yes it is possible

 the first share would be like

[public share]
path =/path/to/dir
guest ok = yes
readonly = no

[auth share]
path = /path/to/dir
read only = no

For the public share in the global section you must have

guest account = nobody
map to guest = bad user


Note: Permissions on the dir form the LInux side must be appropriate
Note: Add your users to Samba.To do that you must first create accounts for them under linux

useradd username

Then you need to add them into samba

smbpasswd -a username

Note: If you have a lot of users it would be better if you make this a Domain similar to MS AD but this would be another story.
0
 

Author Comment

by:Silencer001
ID: 34935621
Hi small_student, thanks for your reply!!
But I don"t understand what you mean with "for the public share in the global section you must have"..

Is it like this:
[public share]
path =/path/to/dir
guest ok = yes
readonly = no
guest account = nobody
map to guest = bad user

I just want to give everyone full access so I will give 777 on the dir. Or is this not smart?

But the problem is that I need to give in a password when I want to connect to the server. So when I access \\172.27.10.10, I will be promted for a password. How can I resolve this so that I only need to give in a password when I want to join auth share?

And is there also a way to just block access to the auth share for server by its ip-address?

I also added the users to samba.

Thanks for your reply already, much appreciated!
0
 

Author Comment

by:Silencer001
ID: 34937153
Hi Small_Student,

I just adapted the settings and worked like a charm!! Really nice help!
I gave 770 for the auth share and 777 for the public share. (I changed the group-owner to the group with the users that may access the samba-server).

So the next 2 lines made sure that you don't need to logon immediatly when you access the samba-server? Can you please give me some additional information about these 2 lines?

guest account = nobody
map to guest = bad user


Already thank you soo much! 500 point coming your way! ;-)

Kind regards,

Sven
0
 
LVL 14

Assisted Solution

by:Monis Monther
Monis Monther earned 500 total points
ID: 34938328
Sorry to respond lately I just checked my mail and saw your posts.

The way samba works is as follows.

A windows machine makes a request to a Samba Server.
Windows Credentials are different than Linux. Windows use LanMan and NTPasswd. Unix/Linux use UID/GID.
Samba maps the windows user to a corresponding Linux user to access the share. This is why Linux permissions are also important and you must have Linux and Samba Users.

Finally to have a public account this means anyone must map to a specific user. Here in our case comes the line

guest account = nobody

This means for shares that have guest access map any request to the Linux account nobody.
nobody is a user under Linux you can check this user by running the following command

grep nobody /etc/passwd

Finally when would samba map a request to the guest account? This would be the

map to guest = bad user

Which means for unknown users map them to the guest account and these are users who do not have a username or password.

Hope this helps  
0
 

Author Comment

by:Silencer001
ID: 34939488
Wow thanks, great explanation!!

Thanks for all your information!!
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Problem Imaging Computers With Clonezilla 2 98
Full Backup software for Linux 5 75
Squid Authentication 7 83
Video Streaming 6 100
If you use Debian 6 Squeeze and you are tired of looking at the childish graphical GDM login screen that is used by default, here's an easy way to change it. If you've already tried to change it you've probably discovered that none of the old met…
The purpose of this article is to show how we can create Linux Mint virtual machine using Oracle Virtual Box. To install Linux Mint we have to download the ISO file from its website i.e. http://www.linuxmint.com. Once you open the link you will see …
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question