Linux Help
guides forums blogs
Home Desktops Distributions ISO Images Logos Newbies Reviews Software Support & Resources Linuxhelp Wiki

Welcome Guest ( Log In | Register )



Advanced DNS Management
New ZoneEdit. New Managment.

FREE DNS Is Back

Sign Up Now
 
Reply to this topicStart new topic
> Samba And The 'nobody' Account
stebnalang
post May 8 2004, 12:48 AM
Post #1


Whats this Lie-nix Thing?
*

Group: Members
Posts: 2
Joined: 8-May 04
Member No.: 2,906



I am having a problem with Samba! I have a system created user account called 'nobody', with a home directory of '/', that doesn’t require a login. My problem is that Samba shares the 'nobody' account's home directory (the root file system) to all users without requesting a username or password. A user discovered that by typing ‘nobody’ in the address bar they were able to brows the whole server. When I set the "valid users" option to '%s' then no user could access their home directory.

Below is my smb.conf
Any assistance will be greatly appreciated!
Steve




# Global parameters
[global]
workgroup = SCS
server string =
security = SHARE
encrypt passwords = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %nn *ReType*new*UNIX*password* %nn
unix password sync = Yes
log file = /var/log/samba/log.%m
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
printcap name = cups
os level = 65
preferred master = Yes
dns proxy = No
guest account =
hosts allow = 192.168.0.
printing = cups

[homes]
comment = Home Directories
read only = No
browseable = No

[printers]
comment = All Printers
path = /var/spool/samba
create mask = 0700
guest ok = Yes
printable = Yes
print command = lpr-cups -P %p %s # using cups own drivers (use generic PostScript on clients).
lpq command = cups -o %p
lprm command = cancel %p-%j
browseable = No

[data]
comment = Data
path = /data/data
read only = No
create mask = 0777
force create mode = 0777
force security mode = 0777
directory mask = 0777
force directory mode = 0777
force directory security mode = 0777
force unknown acl user = 0777
inherit permissions = Yes
inherit acls = Yes

[apps]
comment = Applications
path = /data/apps
read only = No
create mask = 0777
force create mode = 0777
force security mode = 0777
directory mask = 0777
force directory mode = 0777
force directory security mode = 0777
inherit permissions = Yes
inherit acls = Yes

[Printer1]
comment = HP HP LaserJet 5P
path = /var/spool/samba
read only = No
create mask = 0700
guest ok = Yes
printable = Yes
print command = lpr-cups -P %p %s # using cups own drivers (use generic PostScript on clients).
lpq command = cups -o %p
lprm command = cancel %p-%j
printer name = Printer1
oplocks = No
Go to the top of the page
 
+Quote Post
hughesjr
post May 9 2004, 05:14 AM
Post #2


Its GNU/Linuxhelp.net
*******

Group: Admin
Posts: 3,433
Joined: 25-July 03
From: Corpus Chrsiti, TX, USA
Member No.: 1,151



Here is a quote from the Samba 3 docs:
QUOTE
There are reports that recent MS Windows clients do not like to work with share mode security servers. You are strongly discouraged from using Share Level security.


Since you are using SAMBA as a domain controller, you should join all your windows machine to the NT domain named SCS.

You should then use the security = domain option if SAMBA is the only domain controller, or security=server if you have an external PDC ...

If you have an external PDC, then set the option password server = servername

And put the ip address and name of the PDC in /etc/hosts and in /etc/samba/lmhosts
-------------------------------------------------------------------------------------------------------------------
The above is suggested .... but you can probably fix your current problem by putting the following line:

guest ok = no

in your [homes] section....then restart samba.


If that doesn't work, try putting a # in front of the nobody user (like this) in the file /etc/samba/smbusers.

#nobody = guest pcguest smbguest

But that might stop printing from working correctly with some clients.


--------------------
Johnny Hughes
hughesjr@linuxhelp.net
Enterprise Alternatives: CentOS, WhiteBoxEL
Favorite Workstation Distros (in order): CentOS, Gentoo, Debian Sarge, Ubuntu, Mandrake, FedoraCore, Slackware, SUSE
Favorite Server Distros (in order): CentOS, WhiteBoxEL, Debian Sarge, Slackware, Mandrake, FedoraCore, Gentoo, SUSE
Go to the top of the page
 
+Quote Post
stebnalang
post May 9 2004, 09:32 AM
Post #3


Whats this Lie-nix Thing?
*

Group: Members
Posts: 2
Joined: 8-May 04
Member No.: 2,906



Thank you, your suggestions fixed the problem.

Steve
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



RSS Lo-Fi Version Time is now: 21st October 2017 - 06:16 PM