Thank you so much! TAF
------------------------------------ From: Thomas Cameron Subject: Re: Public resource at SAMBA Message-ID: <1116626171.17739.19. Content-Type: text/plain; charset=utf-8
On Fri, 2005-05-20 at 13:32 -0300, Thiago Amaury Ferraz wrote:
Hello! Someone would know to say if there is a way to configure a resourse to be public.. by the way, having the security = user.. in global parameters!?
In Samba, a public share means that it is accessible by all, without a password. Note that I think this is terribly dangerous.
From the smb.conf man page:
public
This parameter is a synonym for guest ok.
guest ok (S)
If this parameter is yes for a service, then no password is required to connect to the service. Privileges will be those of the guest account.
This paramater nullifies the benifits of setting restrict anonymous = 2
See the section below on security for more information about this option.
Default: guest ok = no
Is there some way to set up a samba guest user to be used by Windows guest users?
Also from the smb.conf man page:
guest account (G)
This is a username which will be used for access to services which are specified as guest ok (see below). Whatever privileges this user has will be available to any client connecting to the guest service. This user must exist in the password file, but does not require a valid login. The user account "ftp" is often a good choice for this parameter.
On some systems the default guest account "nobody" may not be able to print. Use another account in this case. You should test this by trying to log in as your guest user (perhaps by using the su - command) and trying to print using the system print command such as lpr(1) or lp(1).
This parameter does not accept % macros, because many parts of the system require this value to be constant for correct operation.
Default: guest account = nobody # default can be changed at compile-time
Example: guest account = ftp
So then you need to look at the entry in smb.conf called "map to guest:"
map to guest (G)
This parameter is only useful in security modes other than security = share - i.e. user, server, and domain.
This parameter can take three different values, which tell smbd (8) what to do with user login requests that don't match a valid UNIX user in some way.
The three settings are :
* Never - Means user login requests with an invalid password are rejected. This is the default.
* Bad User - Means user logins with an invalid password are rejected, unless the username does not exist, in which case it is treated as a guest login and mapped into the guest account.
* Bad Password - Means user logins with an invalid password are treated as a guest login and mapped into the guest account. Note that this can cause problems as it means that any user incorrectly typing their password will be silently logged on as "guest" - and will not know the reason they cannot access files they think they should - there will have been no message given to them that they got their password wrong. Helpdesk services will hate you if you set the map to guest parameter this way :-).
Note that this parameter is needed to set up "Guest" share services when using security modes other than share. This is because in these modes the name of the resource being requested is not sent to the server until after the server has successfully authenticated the client so the server cannot make authentication decisions at the correct time (connection to the share) for "Guest" shares.
For people familiar with the older Samba releases, this parameter maps to the old compile-time setting of the GUEST_SESSSETUP value in local.h.
Default: map to guest = Never
Example: map to guest = Bad User
As an example, I want to make a public share on my Linux box. First I create the directory:
[root@wintermute ~]# mkdir /usr/local/export/public
Then I make it owned by nobody.nobody like this:
[root@wintermute ~]# chown nobody:nobody /usr/local/export/public/
So now I check to make sure it looks right:
[root@wintermute ~]# ls -ld /usr/local/export/public/ drwxr-xr-x 2 nobody nobody 4096 May 20 16:34 /usr/local/export/public/
Now I make sure that the share is enabled in my /etc/samba/smb.conf:
[public] path = /usr/local/export/public read only = No guest ok = Yes
I also set up the map to guest entry in the [global] section of my /etc/samba/smb.conf like this:
[global] ... ... map to guest = Bad User ... ...
Then I restart the smb service:
[root@wintermute ~]# service smb restart Shutting down SMB services: [ OK ] Shutting down NMB services: [ OK ] Starting SMB services: [ OK ] Starting NMB services: [ OK ]
Now my Windows users can access the [public] share on my Linux box without a login or password.
Best regards, And thank´s a lot since now! TAF
Eu espero que este seja útil!
Thomas