Samba

Anne Wilson cannewilson at tiscali.co.uk
Tue Apr 4 16:36:11 UTC 2006 

On Tuesday 04 April 2006 14:15, Craig White wrote:
> for the record, defaults are what you get when you don't specify
> anything...
>
> from smb.conf
> Default: workgroup = WORKGROUP

and as in windows, it is always better to not use the default.

> The  default is security = user
>
> also, please note that the option is
> security = share
> not shares
>
I missed that.

> security = share means that there are no users, no home directories and
> login is a password with access/file permissions as the user specified
> by smb.conf and thus a user name logging in is pointless when using
> 'security = share'
>
I think we can take it that John Terpstra knows what he is talking about.  
From "Samba-2 by Example':

"This installation demands simplicity.  Frequent turn-over of volunteer staff 
would indicate that a network environment that requires users to logon might 
be problematic.  It is suggested that the best solution for this office would 
be one where the user can log onto any PC with any username and password.....

This oranisation is a prime candidate for Share Mode security."

He goes on to say that ownership of files created can be forced.

Note that he is saying that they would not need a password to access the 
shares.

> The information is available in the man pages for smb.conf should either
> the OP or the other people trying to help actually want to solve the
> problem.
>
Very little information of this kind is available in the man pages.  There is 
a lot of information in the original samba.conf file, but if you use swat or 
webmin to edit the file it will be overwritten and you will never see the 
useful stuff.  I always rename a copy for safe-keeping before editing.  If 
anyone needs a copy of the original I'm happy to supply one.

> I don't know what the OP is actually trying to accomplish. Is it the
> ability to access without passwords? security = share would probably be
> ok but he should set a user and (map to guest = that user) and permit
> guest (guest ok = yes) on each share. 

Again, I disagree, based on the authority of JT.

> The section within the man page of 
> smb.conf 'security = share' completely describes this. 

There is no such section in the man page, so I presume you are referring to 
another document.  It would be helpful to know which one.

> Again note, 
> things like logon/home/profile shares are meaningless to a context of
> 'security = share'
>

> SELinux issues can be a problem with samba - check /var/log/messages
>
Antonio specifically said that SELinux is disabled.

Anne
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20060404/7a15cb75/attachment-0002.bin

More information about the users mailing list