Help - Search - Members - Calendar
Full Version: Samba And The 'nobody' Account
Linuxhelp > Support > Technical Support
stebnalang
I am having a problem with Samba! I have a system created user account called 'nobody', with a home directory of '/', that doesn’t require a login. My problem is that Samba shares the 'nobody' account's home directory (the root file system) to all users without requesting a username or password. A user discovered that by typing ‘nobody’ in the address bar they were able to brows the whole server. When I set the "valid users" option to '%s' then no user could access their home directory.

Below is my smb.conf
Any assistance will be greatly appreciated!
Steve




# Global parameters
[global]
workgroup = SCS
server string =
security = SHARE
encrypt passwords = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %nn *ReType*new*UNIX*password* %nn
unix password sync = Yes
log file = /var/log/samba/log.%m
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
printcap name = cups
os level = 65
preferred master = Yes
dns proxy = No
guest account =
hosts allow = 192.168.0.
printing = cups

[homes]
comment = Home Directories
read only = No
browseable = No

[printers]
comment = All Printers
path = /var/spool/samba
create mask = 0700
guest ok = Yes
printable = Yes
print command = lpr-cups -P %p %s # using cups own drivers (use generic PostScript on clients).
lpq command = cups -o %p
lprm command = cancel %p-%j
browseable = No

[data]
comment = Data
path = /data/data
read only = No
create mask = 0777
force create mode = 0777
force security mode = 0777
directory mask = 0777
force directory mode = 0777
force directory security mode = 0777
force unknown acl user = 0777
inherit permissions = Yes
inherit acls = Yes

[apps]
comment = Applications
path = /data/apps
read only = No
create mask = 0777
force create mode = 0777
force security mode = 0777
directory mask = 0777
force directory mode = 0777
force directory security mode = 0777
inherit permissions = Yes
inherit acls = Yes

[Printer1]
comment = HP HP LaserJet 5P
path = /var/spool/samba
read only = No
create mask = 0700
guest ok = Yes
printable = Yes
print command = lpr-cups -P %p %s # using cups own drivers (use generic PostScript on clients).
lpq command = cups -o %p
lprm command = cancel %p-%j
printer name = Printer1
oplocks = No
hughesjr
Here is a quote from the Samba 3 docs:
QUOTE
There are reports that recent MS Windows clients do not like to work with share mode security servers. You are strongly discouraged from using Share Level security.


Since you are using SAMBA as a domain controller, you should join all your windows machine to the NT domain named SCS.

You should then use the security = domain option if SAMBA is the only domain controller, or security=server if you have an external PDC ...

If you have an external PDC, then set the option password server = servername

And put the ip address and name of the PDC in /etc/hosts and in /etc/samba/lmhosts
-------------------------------------------------------------------------------------------------------------------
The above is suggested .... but you can probably fix your current problem by putting the following line:

guest ok = no

in your [homes] section....then restart samba.


If that doesn't work, try putting a # in front of the nobody user (like this) in the file /etc/samba/smbusers.

#nobody = guest pcguest smbguest

But that might stop printing from working correctly with some clients.
stebnalang
Thank you, your suggestions fixed the problem.

Steve
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2017 Invision Power Services, Inc.