Tried this: guest account = pcguest and I still get the same result Thanks though, Guille ----- Original Message ----- From: "tms3" <[EMAIL PROTECTED]> To: "Guille Williams" <[EMAIL PROTECTED]> Sent: Thursday, July 01, 2004 8:09 PM Subject: Re: [Samba] Security question for newbie
> I found it. I think. Try this. Add a line > > guest account = pcguest . > > The smb.conf.sample file says this: > > # Uncomment this if you want a guest account, you must add this to > /etc/passwd > # otherwise the user "nobody" is used > guest account = pcguest > > Since no accout pcguest exists...and now it ignores "nobody".... I'm > guessing here. > > Guille Williams wrote: > > >O.k. > >I decided to start from scratch with a separate box running the same linux distro (Fedora 2). > >This time the linux box is a standalone server, Security=User, and I created a user *nix/smb Student, and all the other settings are defaults. > >>From the WinXP box I type \\fedora\ so that I can login with Student and verify access to the home directory. > >I also browse the Network Neighborhood and only see the Home directory. So that works fine too. But then I type \\fedora\nobody and I can see the file-system once again. > >What can I be doing wrong in such a simple setup. > > > >Guille > ># Samba config file created using SWAT > ># from 0.0.0.0 (0.0.0.0) > ># Date: 2004/07/01 19:39:32 > > > ># Global parameters > >[global] > > workgroup = WORKGROUP > > realm = > > netbios name = FEDORA > > netbios aliases = > > netbios scope = > > server string = Samba Server > > log file = /var/log/samba/log.smbd > > max log size = 50 > > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > > dns proxy = No > > ldap ssl = no > > idmap uid = 10000-20000 > > idmap gid = 10000-20000 > > > >[homes] > > comment = Home Directories > > read only = No > > browseable = No > > > >[printers] > > comment = All Printers > > path = /var/spool/samba > > printable = Yes > > browseable = No > >----- Original Message ----- > > From: tms3 > > To: Guille Williams > > Sent: Thursday, July 01, 2004 7:17 PM > > Subject: Re: [Samba] Security question for newbie > > > > > > Don't know much about the intracacies of System V/Linux, but there's got to be something odd in your smb.conf file to cause this. After reading your initiall email I thought: > > > > Shit, I better look into this! > > > > I did, and I can't replicate it. On my Samba ads joined machine, no ADS account, no mapping. I don't use SWAT for security reasons. Is SWAT adding things to smb.conf you don't want (again, I've never used it)? Maybe some miscofiguration in ldap? I wish I could be of more help. > > > > TMS III > > > > Guille Williams wrote: > > > >Good idea. > >The only problem is I am going to have to do this for all the UID -500 > >(except root). > >The solution is tedious but works. > >Thanks for you help, > >Guille > > > >----- Original Message ----- > >From: "tms3" <[EMAIL PROTECTED]> > >To: "Guille Williams" <[EMAIL PROTECTED]> > >Sent: Thursday, July 01, 2004 5:04 PM > >Subject: Re: [Samba] Security question for newbie > > > > > > Wow, you can't on mine--Samba 3.0.4, FreeBSD5.2.1, W2k server. > > > >Anyway since the authentication is through AD, then create a user called > >nobody in AD, give it a password (big long ugly thing), and really > >deprive it's privaleges in AD. Should put a kibosh on it until you find > >out why this is happening. > > > >TMS III > >Guille Williams wrote: > > > > Hi, > > > >I am using Samba version 3.051 in an Active Directory setting with > > Windows 2000 server. > > Everything is working rather well with regards to file-sharing and > > authentication. > > However, the one thing that I noticed that I haven't been able to fix > > quickly with SWAT is the prevention of browsing the Linux file-system with > >users such as 'nobody' or 'bin'. > > For example... > >I have a user in Active Directory named John. John is part of the group > > 'students', and has restricted access through Group Policy and Samba Shares. > >Now John should only have three browseable Shares in this example, Home, > >Public, and Software. > > Samba and Windows drive mapping take care of this correctly. But say John > > is a Linux fan, notices that were are using Linux, and decides to play > >around abit. > > John now enters \\(linux machine)\nobody ( more appropriate > > \\%N\nobody\), and TADA.... he now can see the root file-system for the > >Linux machine. > > Now John can browse through /etc/samba, find my samba.conf file, and see > > all the shares I may have hidden. I know I can chmod that file but that's > >not what's scaring me. > > John shouldn't be able to see /. I know that user 'nobody' home directory > > is /. John shouldn't have access to nobody's home directory. > > HOW DO I STOP THIS? > >Changing the properties of 'Other' on the folders in the root filesytem > > won't help because it just starts to break things. > > So I need a quick fix before I start buying books and reading months of > > old threads to resolve this issue. > > Thanks Ladies and Gents, > >Guille > > > >p.s. Sorry if this question is answered already in a thread I haven't > > found. I just joined the Mailing list and I am currently searching. > > > > > > > > > > > > > > > > > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
