Dago Pacheco wrote:
Johnny Hughes escribió:
OK ... I already told you to run testparm and to validate all your smb.conf lines.
<snip>
ok....This is the thing.... security level was set to "share". When thigs worked fine, there were a lot of shared folders that could be access by anyone in the network, but when it comes to acces the remote home folder, from windows client, samba checked the user/password used to loged in to windows and use it. Now whit security level set to "share", I can access the public folders, but when it comes to the "home" folders, smaba promt me to enter a password as an invited user.
One should avoid setting security to share, it is there primarily for historical reasons, but security should start with "user" then if you have Windows domain servers set it to "domain" or "ads".
You will need to create LM passwords for each user unless you have a Windows domain server to check passwords against.
I think there is an option in the man page about auto-creating samba users on first connect if they exist in passwd, which will ask the user for his/her password the first time and if it is correct will save it in the samba passwd file.
If I change security level to "user", samba promt user to enter user and password, that's good, but even if I enter a good login.... nothing happend, it doesn't validate it... and then, I can't access home and public folders.
Well there is probably additional configuration that is needed when moving from "share" to "user".
This is the output for testparm
<Ok testparm output is good>
[global] workgroup = MAKIMET netbios aliases = servidor server string = Servidor Maestranza interfaces = 192.168.0.10/255.255.255.0 security = SHARE
Once again you should really use security = "user" here
obey pam restrictions = Yes pam password change = Yes username map = /etc/samba/smbusers log level = 3 log file = /var/log/samba/%m.log acl compatibility = winnt server signing = auto socket options = TCP_NODELAY IPTOS_LOWDELAY hostname lookups = Yes printcap name = /etc/printcap os level = 10 preferred master = No domain master = Yes dns proxy = No ldap ssl = no preload = global administracion biblioteca cartas faxformatos fotografias informes instaladores memos of_tecnica planos procedimientos
-----------
read only = No create mask = 0777 force create mode = 0777 directory mask = 0777 force directory mode = 0777 guest ok = Yes
----------- These options really should be per-share. You are making all data on all shares world readable and writable by default, which you really do not want to do.
hosts allow = 192.168.0., 127.0.0.[homes] comment = Home directory for %S valid users = bodega, calidad, contador, cvaldivieso, dibujotec1, dibujotec2, faena, hcatalan, hfigueroa, personal, planning, produccion, root, secretaria, tvillagran, ymoya, ocastro, hsandoval, afigueroa, mahumada, chidalgo, informatica, @makimet force group = makimet create mask = 0700 directory mask = 0700 browseable = No
[printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No
[administracion] comment = Archivos Administracion path = /home/publicos/administracion force user = root force group = makimet
Please for your sake don't force root, use some other administrative user like 'admin' and force that, this is just asking for trouble!
[biblioteca] comment = Biblioteca Electronica path = /home/publicos/biblioteca force user = root force group = makimet
[cartas] comment = Cartas Enviadas path = /home/publicos/cartas force user = root force group = makimet
[fax] comment = Historico Fax path = /home/publicos/fax force user = root force group = makimet
[formatos] comment = Formatos Oficiales path = /home/publicos/formatos force user = root force group = makimet
[fotografias] comment = Historico Fotografias path = /home/publicos/fotografias force user = root force group = makimet
[informes] comment = Informes Tecnicos path = /home/publicos/informes force user = root force group = makimet
[instaladores] comment = Programas de Instalacion path = /home/publicos/instaladores force user = root
[memos] comment = Historico Memos path = /home/publicos/memos force user = root force group = makimet
[of_tecnica] comment = Documentos Oficina Tecnica path = /home/publicos/of_tecnica force user = root force group = makimet
[planos] comment = Archivos CAD r14 path = /home/publicos/planos force user = root force group = makimet
[procedimientos] comment = Manuales de Procedimento path = /home/publicos/procedimientos force user = root force group = makimet
You really need to start tightening the security here. The system is just ripe for an user escalation attack.
Try removing the 'force user' lines, use force group and then use the sticky bit on the directory perms 'chmod 1XXX' so the group will be maintained on new files and folders and move the force create mode and force directory mode into the shares where appropriate removing the world bits if they are not needed and/or at least making them world readable only.
-Ross
______________________________________________________________________ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof.