Re: [Samba] Doesn't require a password

[G�mes G�za]

James Bear �rta:

Here is my problem:

Previously, I was using Samba as a PDC and everybody logged in with 
WXP and then they had roaming profiles and all was grand, except 
sometimes my students had really big pictures and such being saved to 
their "My Documents."  That's bad.  When it came time to log off, 
other students sometimes had to wait 20 minutes.  A Bad thing.

So, this year, I scrapped the roaming profiles and got some XP Home 
Edition machines.  I simply shared files on the server using Samba. 
It's fine.  All the machines have a mapped network drive to the homes 
directory.  When they click it, they are prompted for a username and 
password.  They gain access to the server.  They can do things exactly 
as I want them to be able to do things.

One little problem.  A student pointed out that if he didn't enter a 
password, it worked just the same.  A user can enter any username and 
as long as it is a user on the server, they have access to that file 
without supplying a password or supplying a bogus password.  It's a 
bad thing.

Can anybody help?  Keep in mind that this is a modified smb.conf.  I 
previously had it when I had the samba as a PDC and some of the 
settings while seemingly illogical are carryovers.  Me not sharp 
enough or have enough time to bother with trying to change them.  Here 
is my smb.conf:

# Samba config file created using SWAT
# from 0.0.0.0 (0.0.0.0)
# Date: 2003/09/10 12:54:53
# Global parameters
[global]
    netbios name = WALDO
    encrypt passwords = Yes
    update encrypted = Yes
    null passwords = Yes
    passwd program = /usr/bin/passwd %u
    passwd chat = *New*password* %n\n *Retype*new*password* %n\n 
*passwd:*all*authentication*tokens*updated*successfully*
    log file = /var/log/samba/%m.log
    max log size = 1000
    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
    add user script = /usr/sbin/useradd -d /dev/null -g 100 -s 
/bin/false -M %u
    domain logons = Yes
    os level = 255
    domain master = Yes
    wins support = Yes
    default service = homes
    path = /home
    guest account = root
    read only = No
    printing = lprng
    browseable = No
    locking = No

[homes]
    comment = Home Directories
    guest account = %S
    valid users = %S
    browseable = Yes
[printers]
    comment = All Printers
    path = /var/spool/samba
    printable = Yes
[lab]
    path = /var/spool/samba
    printable = Yes
    printer name = lab
    oplocks = No


I think instead of guest account = root you should definitely use guest 
account = nobody
Or you will give root access to your every badly authenticated user :-(
Which looks strange to me is the fact that I haven't seen a map to guest 
statement in your smb.conf. You could also solve your problem, with map 
to guest = never.

Good Luck!

Geza Gemes

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba