[Samba] Standalone Server with Wins -- Password Not Required on Win/XP

Sat, 12 Jan 2008 13:58:08 -0800 

Hi There,

I created a standalone server on CentOS 5.1 with samba at 25b on an x86_64
system. The shares defined below are available to the windows xp clients on
the 10.43.10.x/24 subnet.  Samba also provides win server support to this
subnet.

We are having problems we password protection associated with the shares.
The first access to the samba server requests a userid -- this likely allows
samba to understand which home share should be displayed.  At this point,
the client can access both the 'homes' share and the 'orr' share without
ever entering a password -- this is a security issue for us.

We need to figure out how to configure samba to enforce userid & password
protection prior to allowing access to a share. Below is a copy of the
smb.conf file that we are using for testing.

  [global]
        
        # workgroup and server identification
        workgroup = ORRRANCH
        server string =
        netbios name = ORR00

        interfaces = 10.43.10.0/24 lo
        bind interfaces only = yes
        hosts allow = 10.43.10. 127.0.0.

        # logs split per machine; max 50KB per log file, then rotate
        log file = /var/log/samba/%m.log
        max log size = 50

        # default user security, encrypted passwords and tdbsam
        security = user 
        encrypt passwords = yes
        passdb backend = tdbsam

        # allow samba to be the domain master browser if possible
        local master = yes
        os level = 33
        preferred master = yes
        domain master = yes

        # samba is a wins server for the system; use wins first
        wins support =yes
        name resolve order = wins hosts bcast
        
  [homes]
        comment = Home Directories
        browseable = no
        writable = yes
        valid users = %S
        path = /samba/home/%S

  [orr]
        comment = Orr Ranch Share
        path = /samba/orr
        valid users = greg catherine sarah brandon
        guest ok = no
        writable = yes
        printable = no
        create mask = 0765


Each of the 'valid users' have ids on the system and have used smbpasswd to
create samba passwords. Nsswitch.conf has been modified to add 'wins' to the
'hosts' line to assist with names resolution.

Any assistance would be appreciated!!  Thanks, Greg

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Reply via email to