samba
Bert David
davidber@msu.edu
Thu, 14 Dec 2000 14:24:15 -0500
if it has something to do with valid users, i'd suggest reading
ENCRYPTION.txt found somewhere in your samba directories. it explains a lot
about how to set up encrypted or non-encrypted passwords.
bert
----- Original Message -----
From: "Adam Pitcher" <pitcher2@cse.msu.edu>
To: "Scott Overfield 7239" <soverfield@fnac-usa.com>;
<linux-user@egr.msu.edu>
Sent: Thursday, December 14, 2000 2:03 PM
Subject: Re: samba
> How are you trying to get to it? I see you are trying to map a guest
> user to fnac, then use that guest for a share. Or is it the other
> shares for valid users?
> If its to map to guests, there is some entry about "map to guest = bad
> user" And something in the share about "guest ok".
> If its for valid users, then you need password encryption and use
> smbpasswd.
>
> Give us a little more detail.
>
> Adam
>
> Scott Overfield 7239 wrote:
> >
> > help..please
> > no matter what i enter in the hosts allow, i cannot connect to the linux
box
> > from a windoze PC
> >
> > redhat7
> > samba ver. 2.0.7
> >
> > also does not show up in network neighborhood but i can search and find
it
> >
> > when i try to connect it tells me the user is not allowed to log in from
this
> > workstation
> >
> > ;
> > ;
> > ;======================= Global Settings
> > =====================================
> > [global]
> > ; workgroup = NT-Domain-Name or Workgroup-Name, eg: WINERS
> > workgroup = FIRST_NATIONAL
> > ; domain controller = ashton
> > netbios name = elproducto
> > ; comment is the equivalent of the NT Description field
> > comment = Appraisals Server and Intranet
> > hosts allow = 172.28.31.246
> > ; valid users= guest
> >
> > ; printing = BSD or SYSV or AIX, etc.
> > ; printing = bsd
> > ; printcap name = /etc/printcap
> > ; load printers = yes
> > ; load printers = no
> >
> > ; Uncomment this if you want a guest account, you must add this to
> > /etc/passwd
> > guest account = fnac
> > ; log file = /var/log/samba.d/%m
> > log file = /var/log/samba.d/smblog
> >
> > ; Put a capping on the size of the log files (in Kb)
> > max log size = 50
> >
> > ; Options for handling file name case sensitivity and / or preservation
> > ; Case Sensitivity breaks many WfW and Win95 apps
> > case sensitive = yes
> > short preserve case = yes
> > preserve case = yes
> >
> > ; Security and file integrity related options
> > lock directory = /usr/local/samba/var/locks
> > locking = no
> > ; Strict locking is available for paranoid locking situations only
> > ; enabling this severely degrades read / write performance.
> > ; strict locking = yes
> > ; fake oplocks = yes
> > ; share modes = yes
> > ; status = yes
> > debuglevel = 1
> >
> > ;password level = 4
> > ;encrypt passwords = yes
> > ;update encrypted = yes
> >
> > ; Security modes: USER uses Unix username/passwd, SHARE uses WfW type
passwords
> > ; SERVER uses an other SMB server (eg: Windows NT Server or
Samba)
> > ; to provide authentication services
> > security = user
> > ; security = share
> > ; security = domain
> > ; security = server
> > ; Use password server option only with security = server
> > ; password server = ashton
> >
> > ; Configuration Options ***** The location of this entry in your
smb.conf
> > ; heirachy determines which parameters are overwritten - please watch
out!
> > ; Where %m is any SMBName (machine name, or computer name) for which a
custom
> > ; configuration is desired
> > ; include = /etc/smb.conf.%m
> >
> > ; Performance Related Options
> > ; Before setting socket options read the smb.conf man page!!
> > socket options = TCP_NODELAY
> > ; Socket Address is used to specify which socket Samba
> > ; will listen on (good for aliased systems)
> > ; socket address = aaa.bbb.ccc.ddd
> > ; Use keep alive only if really needed!!!!
> > ; keep alive = 60
> > ; Configure Samba to use multiple interfaces
> > ; Samba will auto-detect network interfaces - only use this if
> > ; the auto-detection does not deliver the needed results
> > ; interfaces = 192.168.12.2/24 176.16.111.22/19
10.11.13.14/255.255.252.0
> >
> > ; Browser Control Options:
> > ; Local Master set to True causes Samba to participate in browser
elections
> > ; the default setting is true, this causes Samba to behave like a
> > ; Windows NT server. Setting this to false turns off all browser
> > ; election participation.
> > ; local master = true
> >
> > ; OS Level gives Samba the power to win browser elections. Windows NT =
32
> > ; Any value < 32 means NT wins as Master Browser, > 32 Samba gets
it
> > ; default = 0, this ensures that Samba will NOT win the browser
election.
> > ; os level = 33
> >
> > ; Domain Master specifies Samba to be the Domain Master Browser
> > ; Only ever set this if there is NO Windows NT Domain Controller
on the
> > ; network
> > ; domain master = yes
> >
> > ; Preferred Master causes Samba to force a local browser election on
startup
> > ; preferred master = yes
> >
> > ; Use with care only if you have an NT server on your network that has
been
> > ; configured at install time to be a primary domain controller.
> > domain controller = ashton
> >
> > ; Domain Logon Service Options:
> > ; Domain logon control can be a good thing! See [netlogon] share section
below!
> > ; Do NOT set this to yes if there is an Windows NT domain
controller
> > ; on the network
> > ; domain logons = yes
> >
> > ; run a specific logon batch file per workstation (machine)
> > ; logon script = %m.bat
> > ; run a specific logon batch file per username
> > ; logon script = %u.bat
> >
> > ; Where to store roving profiles (only for Win95 and WinNT)
> > ; %L substitutes for the SMB name we are called, %U is username
> > ; You must uncomment the [Profiles] share below
> > ; logon path = \\%L\Profiles\%U
> >
> > ; Windows Internet Name Serving Support Section:
> > ; WINS Support - Tells the NMBD component of Samba to enable it's WINS
Server
> > ; the default is NO. If you have an Windows NT Server WINS use it!
> > ; Samba defaults to wins support = no
> > ; wins support = yes
> >
> > ; WINS Server - Tells the NMBD components of Samba to be a WINS Client
> > ; Note: Samba can be either a WINS Server, or a WINS Client, but
NOT both
> > wins server = 172.28.1.23
> >
> > ; WINS Proxy - Tells Samba to answer name resolution queries on behalf
of a non
> > ; WINS Client capable client, for this to work there must be at
least one
> > ; WINS Server on the network. The default is NO.
> > ; wins proxy = yes
> >
> > ;============================ Share Definitions
==============================
> > ;[homes]
> > ; comment = Home Directories
> > ; browseable = no
> > ; read only =no
> > ; create mode = 0750
> >
> > ; Un-comment the following and create the netlogon directory for Domain
Logons
> > ; [netlogon]
> > ; comment = Samba Network Logon Service
> > ; path = /usr/local/samba/lib/netlogon
> > ; Case sensitivity breaks logon script processing!!!
> > ; case sensitive = no
> > ; guest ok = yes
> > ; locking = no
> > ; writable = no
> > ; For browseable say NO if you want to hide the NETLOGON share
> > ; browseable = yes
> >
> > ; Un-comment the following to provide a specific roving profile share
> > ; the default is to use the user's home directory
> > ;[Profiles]
> > ; path = /usr/local/samba/profiles
> > ; browseable = no
> > ; printable = no
> > ; guest ok = yes
> >
> > ; NOTE: There is NO need to specifically define each individual printer
> > ;[printers]
> > ; comment = All Printers
> > ; path = /usr/spool/samba
> > ; browseable = no
> > ; printable = yes
> > ; Set public = yes to allow user 'guest account' to print
> > ; guest ok = no
> > ; writable = no
> > ; create mask = 0700
> >
> > [scanning]
> > comment = Share for scanning station
> > path = /usr/apr
> > public = no
> > user = fnac
> > read only = no
> > valid users = fnac ddonovan
> > writable = yes
> > [chuck]
> > comment = Chuck's IntrAnet access
> > path = /home/httpd/html/geeks
> > user = guest
> > read only = no
> > read only = no
> > writable = yes
> > valid users = craig ddonovan cgilbert
> >
> > [amanion]
> > comment = amanion
> > path = /home/httpd/html/amanion
> > ; user = guest
> > read only = no
> > writable = yes
> > valid users = ddonovan amanion fnac
> >
> > [eqv]
> > comment = eqv
> > path = /home/eqv
> > ; user = guest
> > read only = no
> > writable = yes
> > valid users = ddonovan eqv
> >
> > [David]
> > comment = David
> > path = /home/ddonovan
> > ; user = guest
> > read only = no
> > writable = yes
> > valid users = ddonovan
> >
> > [Craig]
> > comment = Craig's Web Folder
> > path = /home/httpd/html/geek/mis/
> > read only = no
> > writable = yes
> > valid users = craig
> >
> > ; A publicly accessible directory, but read only, except for people in
> > ; the staff group
> >
> > [public]
> > ; user =app
> > comment = apps
> > path = /
> > ; public = yes
> > writable = no
> > ; printable = no
> > valid users = root npc
> >
> > ;A directory for mapping to NT and reading the bios into PowerDynamo
> > [bios]
> > comment = Employee Bio Space
> > path = /new/apr/employees/bios/
> > public = yes
> > read only = yes
> > guest ok = yes
> >
> > [photos]
> > comment = Employee New Photo Space
> > path = /new/apr/new_photos/
> > valid users = sam alkinoos npc
> > public = no
> > ; read only = no
> > ; guest ok = no
> > writable = yes
> > ; printable = no
> >
> > [emp]
> > comment = Employee Space
> > path = /new/apr/employees/
> > valid users = sam alkinoos npc
> > public = no
> > ; read only = no
> > ; guest ok = no
> > writable = yes
> >
> > [fam]
> > comment = Employee Family Space
> > path = /new/apr/families/
> > valid users = sam alkinoos npc
> > public = no
> > ; read only = no
> > ; guest ok = no
> > writable = yes
> >
> > [web]
> > comment = Link to Web-incoming folder
> > path = /home/httpd/html/
> > valid users = npc
> > public = no
> > ; read only = no
> > ; guest ok = no
> > writable = yes
> >
> > ; Other examples.
> > ;
> > ; A private printer, usable only by fred. Spool data will be placed in
fred's
> > ; home directory. Note that fred must have write access to the spool
directory,
> > ; wherever it is.
> > ;[fredsprn]
> > ; comment = Fred's Printer
> > ; valid users = fred
> > ; path = /homes/fred
> > ; printer = freds_printer
> > ; public = no
> > ; writable = no
> > ; printable = yes
> > ;
> > ; A private directory, usable only by fred. Note that fred requires
write
> > ; access to the directory.
> > ;[fredsdir]
> > ; comment = Fred's Service
> > ; path = /usr/somewhere/private
> > ; valid users = fred
> > ; public = no
> > ; writable = yes
> > ; printable = no
> > ;
> > ; a service which has a different directory for each machine that
connects
> > ; this allows you to tailor configurations to incoming machines. You
could
> > ; also use the %u option to tailor it by user name.
> > ; The %m gets replaced with the machine name that is connecting.
> > ;[pchome]
> > ; comment = PC Directories
> > ; path = /usr/pc/%m
> > ; public = no
> > ; writable = yes
> > ;
> > ;
> > ; A publicly accessible directory, read/write to all users. Note that
all files
> > ; created in the directory by users will be owned by the default user,
so
> > ; any user with access can delete any other user's files. Obviously this
> > ; directory must be writable by the default user. Another user could of
course
> > ; be specified, in which case all files would be owned by that user
instead.
> > ;[public]
> > ; path = /usr/somewhere/else/public
> > ; public = yes
> > ; only guest = yes
> > ; writable = yes
> > ; printable = no
> > ;
> > ;
> > ; The following two entries demonstrate how to share a directory so that
two
> > ; users can place files there that will be owned by the specific users.
In this
> > ; setup, the directory should be writable by both users and should have
the
> > ; sticky bit set on it to prevent abuse. Obviously this could be
extended to
> > ; as many users as required.
> > ;[myshare]
> > ; comment = Mary's and Fred's stuff
> > ; path = /usr/somewhere/shared
> > ; valid users = mary fred
> > ; public = no
> > ; writable = yes
> > ; printable = no
> > ; create mask = 0765
> >
> > _______________________________________________
> > linux-user mailing list
> > linux-user@egr.msu.edu
> > http://www.egr.msu.edu/mailman/listinfo/linux-user
>
> --
> Adam Pitcher
> _______________________________________________
> linux-user mailing list
> linux-user@egr.msu.edu
> http://www.egr.msu.edu/mailman/listinfo/linux-user
>