[Samba] Access to a share resource without password
J. L. Cabral
to the "g-company.net" domain.
I want to access a Linux share resource in /var/share without password
from WXP desktop FROM ANY USER.
This is my scenario:
- I don't create any Linux local user because I want total access from any user
- I use security = share
- My smbusers file is:
root = administrator admin
nobody = guest pcguest smbguest
- The Windows XP guest account is "guest" but I don't know if it has
any password setup.
- This is my smb.conf:
[global]
workgroup = G-COMPANY.NET
server string = Samba Server Version %v
security = SHARE
passdb backend = tdbsam
[share]
comment = Archivos Compartidos
path = /var/share
read only = No
create mask = 0700
directory mask = 0700
guest only = Yes
guest ok = Yes
Form Windows XP I execute:
\\samba_server\share
but I get the error "DENIED ACCESS".
What can I do to access this resource ???
Thanks a lot,
JeLo
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Marco Ciampa
> Dear, I have a Linux Samba server and a Windows XP SP2 client joined
> to the "g-company.net" domain.
>
> I want to access a Linux share resource in /var/share without password
> from WXP desktop FROM ANY USER.
>
> This is my scenario:
>
> - I don't create any Linux local user because I want total access from any user
>
> - I use security = share
Why?
--
Marco Ciampa
+--------------------+
| Linux User #78271 |
| FSFE fellow #364 |
+--------------------+
mat.e...@gmail.com
chmod -R 777 /your/share
Change your create masks to:
create mask = 0777
directory mask = 0777
Sent on the Sprint® Now Network from my BlackBerry®
J. L. Cabral
masks with 777 values.
But I still get ACCESS DENIED error.
Do I have to create a local Linux user account ??? Or waht ??? Because
I need to give full access to every user from my LAN.
Thanks in advance.
JeLo
mat.e...@gmail.com
J. L. Cabral
Maybe any problem in the windows domain settings they avoid join to a
samba server ???
J. L. Cabral
server with the WORKGROUP = <windows domain>.
Any idea ?
On Fri, Feb 25, 2011 at 1:21 PM, <mat.e...@gmail.com> wrote:
> Is the Samba server a member of the domain?
mat.e...@gmail.com
mat.e...@gmail.com
J. L. Cabral
[global]
workgroup = G-BAPRO.NET
server string = Samba Server Version %v
netbiosname = bangkok
security = user
smb passwd file = /etc/samba/smbpasswd
guest account = guest
[share]
guest ok = yes
path = /var/share
writeable = yes
and execute from Windows desktop:
net use Z: \\bangkok\share
after that I put user=guest and password=1234
but I CAN'T ACCESS
"guest" is the name of a local Linux account and it's a samba user
(smbpasswd -a guest with pass "1234").
What can I do ???
Regards
On Fri, Feb 25, 2011 at 1:31 PM, Wolfgang Ratzka
<rat...@hrz.uni-marburg.de> wrote:
>>>> [global]
>>>> (...)
>>>> security = SHARE
>>>> (...)
>
> security = SHARE is rather Windows95-ish and it does not work very well
> with newer Windows versions.
> Just try "security = user". Setting "guest ok = Yes" should give you
> anonymous access.
>
> Kind regards
> --
> Wolfgang Ratzka Phone: +49 6421 2823531 FAX: +49 6421 2826994
> Uni Marburg, HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany
Jeremy Allison
> OK, with Wolfgang advice I do:
>
> [global]
> workgroup = G-BAPRO.NET
> server string = Samba Server Version %v
> netbiosname = bangkok
> security = user
> smb passwd file = /etc/samba/smbpasswd
> guest account = guest
> [share]
> guest ok = yes
> path = /var/share
> writeable = yes
>
> and execute from Windows desktop:
>
> net use Z: \\bangkok\share
>
> after that I put user=guest and password=1234
>
> but I CAN'T ACCESS
>
> "guest" is the name of a local Linux account and it's a samba user
> (smbpasswd -a guest with pass "1234").
>
> What can I do ???
Add :
map to guest = bad password
in the [global] section.
Whatever you've screwed up in configuring the Samba user,
that should fix it :-). You want everyone to have guest
access, right ?
Jeremy.
J. L. Cabral
---------- Forwarded message ----------
From: Marco Ciampa <cia...@libero.it>
Date: Fri, Feb 25, 2011 at 2:13 PM
Subject: Re: [Samba] Access to a share resource without password
To: "J. L. Cabral" <jeloc...@gmail.com>
On Fri, Feb 25, 2011 at 01:07:03PM -0300, J. L. Cabral wrote:
> Dear Marco, I use security=share because I want to give full access to
> everyone in my LAN.
>
> Do you think I'm wrong in this setting ??? What is your opinion ???
>
Well it is not required to use such configuration. You can just stick with
security = user
and then do something like this:
[freeaccess]
comment = free access folder
browseable = yes
path = /home/freeaccess
public = yes
writeable = yes
create mode = 0644
force user = adhocuser
force group = adhocuser
just create such adhocuser into the server disabling it shell access
and then do a:
chown adhocuser /home/freeaccess
PS: bounce to the list this message to discover if I've said something
real wrong...
Chris Smith
> I want to access a Linux share resource in /var/share without password
> from WXP desktop FROM ANY USER.
See:
http://blog.realcomputerguy.com/2010/12/samba-and-guest-shares-with-security.html
J. L. Cabral
1) The Linux local user "guest" must be added to samba with "smbpasswd
-a guest" ???
2) The Windows XP desktops must have a guest account enable named
"guest", or it can be named "Invited" or "Invitado" (Spanish Windows
version) ???
3) What owner and group must have the share /var/share ???
Thanks a lot,
JeLo
Chris Smith
> 1) The Linux local user "guest" must be added to samba with "smbpasswd
> -a guest" ???
In the example I show their is no local 'nix user named "guest". The
purpose of the username map file is to map the Windows "guest"
user/account to the 'nix "nobody" user/account - this (nobody) is
typically, in the distros I have run across, the 'nix default guest
account (no login privileges necessary).
> 2) The Windows XP desktops must have a guest account enable named
> "guest", or it can be named "Invited" or "Invitado" (Spanish Windows
> version) ???
No reason whatsoever to enable the guest account on the Windows box.
> 3) What owner and group must have the share /var/share ???
Whatever you want that allows the proper access.
Don't over complicate it, it's pretty straight forward.
Helmut Hullen
Du meintest am 25.02.11:
>> 1) The Linux local user "guest" must be added to samba with
>> "smbpasswd -a guest" ???
> In the example I show their is no local 'nix user named "guest". The
> purpose of the username map file is to map the Windows "guest"
> user/account to the 'nix "nobody" user/account - this (nobody) is
> typically, in the distros I have run across, the 'nix default guest
> account (no login privileges necessary).
Have I to add "nobody" to the samba password file?
Viele Gruesse!
Helmut
Chris Smith
> Have I to add "nobody" to the samba password file?
No.
J. L. Cabral
[global]
workgroup = CASA
netbios name = bangkok
security = user
passdb backend = tdbsam
map to guest = bad password
username map = /etc/samba/smbusers
[grabar]
comment = file sharing
path = /var/share
browseable = yes
public = yes
writeable = yes
create mode = 0644
force user = pepe
force group = pepe
I have:
drwxrwxrwx root nobody /var/share
and I add user pepe:
# useradd -s /sbin/nologin pepe
After that I restart samba:
# /etc/init.d/smb restart
and fro Windows XP machine I do:
net use X: \\10.4.133.109\grabar
and after that I see the resource in my Explorer but when I want to
enter into it with double click I get:
ACCESS DENIED
The smb.log is:
[2011/02/27 23:52:25, 0] lib/util_sock.c:get_peer_addr(1224)
getpeername failed. Error was the connection peer is not connected
[2011/02/27 23:52:25, 0] lib/util_sock.c:read_data(534)
read_data: read failure for 4 bytes to client 0.0.0.0. Error =
connectio reinitialized by remote machine
[2011/02/27 23:52:25, 1] smbd/service.c:make_connection_snum(1077)
kari (10.4.132.61) connect to service grabar initially as user pepe
(uid=500, gid=500) (pid 31657)
[2011/02/27 23:52:29, 1] smbd/fake_file.c:open_fake_file(116)
open_fake_file_shared: access_denied to service[grabar]
file[$Extend/$Quota:$Q:$INDEX_ALLOCATION] user[pepe]
[2011/02/27 23:52:29, 1] smbd/fake_file.c:open_fake_file(116)
open_fake_file_shared: access_denied to service[grabar]
file[$Extend/$Quota:$Q:$INDEX_ALLOCATION] user[pepe]
Can you help me again ???
THANKS A LOT
JeLo
On Sun, Feb 27, 2011 at 4:53 PM, Marco Ciampa <cia...@libero.it> wrote:
> On Fri, Feb 25, 2011 at 02:55:17PM -0300, J. L. Cabral wrote:
>> Marco, thanks.....last question:
>>
>> the adhoc user you tell me to create as a linux local user need to be
>> created as a samba user alos with:
>>
>> smbpasswd -a adhocuser:
>> pass:1234
>> pass:1234
>>
>> Thanks again
>>
>
> no, you just have to create the user just to control the user with whom
> the people will access that folder. Since you use the "force user"
> option, you do not have to set any password...
>
> just do a
>
> adduser adhocuser
>
> and you are done.
J. L. Cabral
tutorial you recommend to me, please see below:
[global]
workgroup = CASA
netbios name = bangkok
security = user
passdb backend = tdbsam
Map to guest = Bad User
username map = /etc/samba/smbusers
[grabar]
comment = File sharing
path = /var/alejandro
read only = No
create mask = 0700
directory mask = 0700
guest ok = Yes
The content of smbusers is:
root = administrator admin
nobody = guest pcguest smbguest
and the path:
drwxrwxrwx root nobody /var/share
I restart smb and after tghat I do from Windows:
net use X: \\10.4.133.109\grabar
I see the resource but when I made double click on it I get:
ACCESS DENIED
The smb.log is:
[2011/02/28 00:16:14, 0] lib/util_sock.c:get_peer_addr(1224)
getpeername failed. Error was the other connection peer is not connected
[2011/02/28 00:16:14, 0] lib/util_sock.c:get_peer_addr(1224)
getpeername failed. Error was the other connection peer is not connected
[2011/02/28 00:16:14, 0] lib/util_sock.c:read_data(534)
read_data: read failure for 4 bytes to client 0.0.0.0. Error =
connectio reinitialized by the remote machine
[2011/02/28 00:16:14, 1] smbd/service.c:make_connection_snum(1077)
kari (10.4.132.61) connect to service grabar initially as user
nobody (uid=99, gid=99) (pid 31950)
THANKS AGAIN and please can you continue helping me ???
JeLo
Marco Ciampa
> Marco, I followed your instructions and I couldn't connect, my config is:
>
> [global]
> workgroup = CASA
> netbios name = bangkok
> security = user
> passdb backend = tdbsam
> map to guest = bad password
> username map = /etc/samba/smbusers
>
> [grabar]
> comment = file sharing
> path = /var/share
^^^^^^^^^^^^^^^ why not:
path = /home/pepe
??? is it a problem?
> browseable = yes
> public = yes
> writeable = yes
> create mode = 0644
> force user = pepe
> force group = pepe
>
> I have:
>
> drwxrwxrwx root nobody /var/share
>
> and I add user pepe:
>
> # useradd -s /sbin/nologin pepe
>
> After that I restart samba:
>
> # /etc/init.d/smb restart
>
> and fro Windows XP machine I do:
>
> net use X: \\10.4.133.109\grabar
>
> and after that I see the resource in my Explorer
OK!
> but when I want to
> enter into it with double click I get:
>
> ACCESS DENIED
so it seems a problem of local permissions, not SAMBA ...
>
> The smb.log is:
>
> [2011/02/27 23:52:25, 0] lib/util_sock.c:get_peer_addr(1224)
> getpeername failed. Error was the connection peer is not connected
> [2011/02/27 23:52:25, 0] lib/util_sock.c:read_data(534)
> read_data: read failure for 4 bytes to client 0.0.0.0. Error =
> connectio reinitialized by remote machine
> [2011/02/27 23:52:25, 1] smbd/service.c:make_connection_snum(1077)
> kari (10.4.132.61) connect to service grabar initially as user pepe
> (uid=500, gid=500) (pid 31657)
> [2011/02/27 23:52:29, 1] smbd/fake_file.c:open_fake_file(116)
> open_fake_file_shared: access_denied to service[grabar]
> file[$Extend/$Quota:$Q:$INDEX_ALLOCATION] user[pepe]
> [2011/02/27 23:52:29, 1] smbd/fake_file.c:open_fake_file(116)
> open_fake_file_shared: access_denied to service[grabar]
> file[$Extend/$Quota:$Q:$INDEX_ALLOCATION] user[pepe]
>
> Can you help me again ???
>
> THANKS A LOT
>
> JeLo
>
if you do from root:
#su -s /bin/bash pepe
user pepe is able to write to /var/share ????
Marcello Romani
Hi,
I have a similar setup.
I forced /var/share to be owned by group "publicshare", and in smb.conf
I have force group = publicshare. The permission bits are 775.
HTH
--
Marcello Romani
Marco Ciampa
> Chris, after following Marco guideline and fail I followed the
> tutorial you recommend to me, please see below:
just to remember you to post even when successful.
We are interested in knowing what went wrong...
--
Marco Ciampa
+--------------------+
| Linux User #78271 |
| FSFE fellow #364 |
+--------------------+
J. L. Cabral
tell you....thanks.
J. L. Cabral
Just a question: maybe the administrator of the Windows Domain has
setup any policy ti avoide tha access from domain's users to samba ???
Has the administrator of my Windows domain allow any access or do
something specific related to samba machine ???
Thanks again
Marcello Romani
IIRC there is a registry setting which prevents a windows machine from
accessing non-authenticated smb shares.
I'm sorry but can't find the key name right now...
HTH
--
Marcello Romani
J. L. Cabral
guest, I fail again....look:
Debian:~# smbclient //10.4.133.109/share -U guest
Enter guest's password: <I put any password because guest is not a
samba nor Linux user>
Domain=[BANGKOK] OS=[Unix] Server=[Samba 3.0.33-3.29.el5_5.1]
smb: \> ls
NT_STATUS_ACCESS_DENIED listing \*
56892 blocks of size 8388608. 53742 blocks available
I can't list the share directory, and the rigths ar:
drwxrwxr-x 2 nobody nobody share
I think if I can't access form a Linux machine with smbclient, I'm
really bad......
Chris Weiss
> OK thanks, but when I try to access from a Linux Debian machine as
> guest, I fail again....look:
>
> Debian:~# smbclient //10.4.133.109/share -U guest
> Enter guest's password: <I put any password because guest is not a
> samba nor Linux user>
guest access doesn't actually use a username, this may be the problem.
to force-use the anonymous account, you can do: -U %
I'd start here:
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/FastStart.html
you don't have to get very down that page to have a anonymous read-write share.
J. L. Cabral
Linux CentOS 5.5 please:
testparm output:
[global]
workgroup = CASA
map to guest = Bad User
passdb backend = tdbsam
username map = /etc/samba/smbusers
cups options = raw
(I put security = user but is not displayed in testparm)
[share]
comment = File server
path = /var/share
read only = No
create mask = 0700
directory mask = 0700
guest ok = Yes
In smbusers:
root = administrator admin
nobody = guest pcguest smbguest
The share:
Debian:~# smbclient -U guest -L 10.4.133.109
Enter guest's password: <ANY PASS>
Domain=[BANGKOK] OS=[Unix] Server=[Samba 3.0.33-3.29.el5_5.1]
Sharename Type Comment
--------- ---- -------
share Disk File share
IPC$ IPC IPC Service (Samba 3.0.33-3.29.el5_5.1)
Domain=[BANGKOK] OS=[Unix] Server=[Samba 3.0.33-3.29.el5_5.1]
Server Comment
--------- -------
Workgroup Master
--------- -------
CASA BANGKOK
And finally try to enter the "share" resource:
Debian:~# smbclient //10.4.133.109/grabar -U guest
Enter guest's password: <ANY PASS>
Domain=[BANGKOK] OS=[Unix] Server=[Samba 3.0.33-3.29.el5_5.1]
smb: \> ls
NT_STATUS_ACCESS_DENIED listing \*
56892 blocks of size 8388608. 53742 blocks available
What can be the problem ???
THANKS
drwxrwxrwx 2 nobody nobody 4096 feb 28 16:21 share
nobody is a Linux local user with /sbin/nologin shell.
From a Linux Debian machine I try to connect:
J. L. Cabral
Debian:~# smbclient //10.4.133.109/share -U %
Domain=[CASA] OS=[Unix] Server=[Samba 3.0.33-3.29.el5_5.1]
smb: \> ls
NT_STATUS_ACCESS_DENIED listing \*
56892 blocks of size 8388608. 53742 blocks available
Always the error !!!
Chris Weiss
> Chris I tried to connect with -U % and see:
>
> Debian:~# smbclient //10.4.133.109/share -U %
> Domain=[CASA] OS=[Unix] Server=[Samba 3.0.33-3.29.el5_5.1]
> smb: \> ls
> NT_STATUS_ACCESS_DENIED listing \*
>
if security isn't in your testparm, them something is odd with how you
entered it. I think user is the default, test with this:
testparm -v | grep security
Also check your guest settings, this will show what account samba will
use for anonymous access, among other things:
testparm -v | grep guest
Make sure the account listed can access the directory you are sharing,
or use "force user" to override the shares filesystem access, which is
what the howto does.
Also, i never use smbusers file for anything, ever. I find that it
only adds confusion.
J. L. Cabral
> if security isn't in your testparm, them something is odd with how you
> entered it. I think user is the default, test with this:
> testparm -v | grep security
security = USER
paranoid server security = Yes
security mask = 0777
force security mode = 00
directory security mask = 0777
force directory security mode = 00
> Also check your guest settings, this will show what account samba will
> use for anonymous access, among other things:
> testparm -v | grep guest
map to guest = Bad User
guest account = nobody
usershare allow guests = No
guest only = No
guest ok = No
guest ok = Yes
> Make sure the account listed can access the directory you are sharing,
> or use "force user" to override the shares filesystem access, which is
> what the howto does.
drwxrwxrwx nobody nobody /var/share
> Also, i never use smbusers file for anything, ever. I find that it
> only adds confusion.
But the tutorial you show me points:
username map = /etc/samba/smbusers
I repeat my smb.conf file:
[global]
workgroup = CASA
interfaces = lo eth0
map to guest = Bad User
security = user
passdb backend = tdbsam
username map = /etc/samba/smbusers
[grabar]
comment = File share
path = /var/share
borowseable = yes
read only = No
create mask = 0700
directory mask = 0700
guest ok = Yes
And the NT_STATUS_ACCESS_DENIED listing \* error appear again !!!
Any other idea please ??? Thanks and sorry for interrupting you...
JeLo
Helmut Hullen
Du meintest am 01.03.11:
> testparm output:
> [global]
> workgroup = CASA
> map to guest = Bad User
> passdb backend = tdbsam
> username map = /etc/samba/smbusers
> cups options = raw
> (I put security = user but is not displayed in testparm)
There's a big difference between "testparm" and "testparm -v"; the "-v"
option shows "what is", including the defaults.
Viele Gruesse!
Helmut
Chris Weiss
>
> And the NT_STATUS_ACCESS_DENIED listing \* error appear again !!!
>
I guess all that's left is to turn up the log level and see if
anything looks odd.
it's possible that you aren't actually accessing it mapped to guest
due to the accounts you've created, or that the smbusers is confusing
it, or any number of oddities specific to your server config.
what I do know is that on a clean server, that howto works perfectly.
TAKAHASHI Motonobu
> Dear, I have a Linux Samba server and a Windows XP SP2 client joined to the "g-company.net" domain.
>
> from WXP desktop FROM ANY USER.
>
>
> - I don't create any Linux local user because I want total access from any user
>
> - I use security = share
>
> - My smbusers file is:
>
> nobody = guest pcguest smbguest
>
> any password setup.
> Form Windows XP I execute:
>
> \\samba_server\share
>
> but I get the error "DENIED ACCESS".
>
> What can I do to access this resource ???
What is your distro and filesystems?
Can you access with correct username and password?
And if you use Fedora or CentOS or such kind of OSes,
have you already stopped SELinux?
If you have not, type
setenforce 0
and try again.
---
TAKAHASHI Motonobu <mo...@monyo.com>
J. L. Cabral
The problem was the SELinux in my CentOS server....I've never heart
about it, so it avoid me to access the share.
THANKS TO EVERYBODY HERE and sorry for my interruptions.
Regards,
JeLo