Visit Our UNIX and Linux User Community


Samba server guest connections


 
Thread Tools Search this Thread
Top Forums UNIX for Dummies Questions & Answers Samba server guest connections
# 1  
Old 12-08-2011
Samba server guest connections

Hi,


I am trying to comprehend Samba's behaviour on one of my Arch systems and thus I'd like to ask a couple of quick questions:


The setup I'd like to build is just a small home network for file-sharing using guest connections.

Here it goes,


1) When using the following settings for guest connections,
map to guest = bad user guest account = nobody
does user 'nobody' have to exist both on Samba AND on the system's accounts?
If yes, is there any other way I can use Samba to serve guest connections without the need to create their respective system accounts? Why is that so?


2) If I change the second option to
guest account = myUnixAccountName
I notice that the system works perfectly well and serves guest connections just fine.
But how is that possible since myUnixAccountName doesn't exist on Samba?


Thanks in advance!
# 2  
Old 12-09-2011
I am not a samba expert, or even an arch user, so regard the following with suspicion. That being said:

Quote:
Originally Posted by konos5
1) When using the following settings for guest connections,
map to guest = bad user guest account = nobody
does user 'nobody' have to exist both on Samba AND on the system's accounts?
Not sure what you mean by "on Samba", but I believe account=nobody exists on any linux device by default, and it will probably be in your account database unless you remove it.

Quote:
Originally Posted by konos5
2) If I change the second option to
guest account = myUnixAccountName
I notice that the system works perfectly well and serves guest connections just fine.
But how is that possible since myUnixAccountName doesn't exist on Samba?
In your example, 'guest account' maps account=guest (in the windows world) to account=myUnixAccountName in the linux world. Since you setup the device, I'm guessing you did so using account=myUnixAccountName, so now every guest access runs with your privileges. This may not be what you want, but at least it's useful for testing.
This User Gave Thanks to TomRoche For This Post:
# 3  
Old 12-09-2011
samba always expects its own usernames to match system ones. That's how they login -- a samba password associated with a local system username. When samba has an entry and /etc/passwd doesn't, samba considers that file corruption!

So yes -- there does have to be a 'nobody' user. Linux systems almost always have one anyway, a do-nothing user with no home directory, no password, and access to nothing significant. If you check ps aux you'll probably find daemons running as nobody.

Since Windows can have very long and strange usernames which UNIX would refuse to keep in /etc/passwd, there has to be some way to translate them into local usernames. That's what smbusers is for.

It's just a text replacement which happens before login. So as long as you translate those user names into a local username, it's okay.

Note that samba doesn't care about your system passwords, just the samba ones, which is why samba can login to 'nobody', which shouldn't have a password for local logins.
# 4  
Old 12-11-2011
Quote:
Originally Posted by Corona688
samba always expects its own usernames to match system ones. That's how they login -- a samba password associated with a local system username. When samba has an entry and /etc/passwd doesn't, samba considers that file corruption!

So yes -- there does have to be a 'nobody' user. Linux systems almost always have one anyway, a do-nothing user with no home directory, no password, and access to nothing significant. If you check ps aux you'll probably find daemons running as nobody.

Since Windows can have very long and strange usernames which UNIX would refuse to keep in /etc/passwd, there has to be some way to translate them into local usernames. That's what smbusers is for.

It's just a text replacement which happens before login. So as long as you translate those user names into a local username, it's okay.

Note that samba doesn't care about your system passwords, just the samba ones, which is why samba can login to 'nobody', which shouldn't have a password for local logins.
Thanks for all this useful information.
However, when I tried to map the guest account to 'nobody', the system didn't work. Only when I created the UNIX account 'nobody' did the system work (or when I just used myUnixAccountName). Therefore I assume 'nobody' didn't exist on my system...could that be the case?

Thanks to both of you for your time and effort.
# 5  
Old 12-12-2011
Quote:
Originally Posted by konos5
Thanks for all this useful information.
However, when I tried to map the guest account to 'nobody', the system didn't work. Only when I created the UNIX account 'nobody' did the system work (or when I just used myUnixAccountName). Therefore I assume 'nobody' didn't exist on my system...could that be the case?
I can't tell you whether it existed or not, and probably neither can you by this point... if it had an entry in /etc/passwd it existed, if it didn't it didn't.

If you did have to create your own nobody account, you might want to secure it now. Set its login shell to some nonsense like /bin/false, make sure the UNIX account for it has no password, remove it from all groups, give it a home directory of /, and so forth. Nobody will be able to login to it except samba, and it will have access to only world-readable things.
This User Gave Thanks to Corona688 For This Post:
 

Previous Thread | Next Thread
Test Your Knowledge in Computers #868
Difficulty: Medium
Maclisp is a successor to Common Lisp.
True or False?

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

See AIX server remote connections

Good morning, Is there any command to view remote conxiones an AIX server? Thank you very much and best regards. (1 Reply)
Discussion started by: systemoper
1 Replies

2. AIX

connections on server

I am using AIX 5.3, its a application server, i am giving the support of OS & Hardware only, now i want to check how many connections are connected to my server, means how many people using my server.:confused: (4 Replies)
Discussion started by: reply.ravi
4 Replies

3. UNIX and Linux Applications

Server migration from samba+ldap to windows server 2003

Hi, i have a server installed samba+openldap (pdc). Need to migration windows server 2003 (active directory) object users, computers. Where you can read how to do it? Or can tell me how to do it? Thanks. P.S. Sorry for bad english (0 Replies)
Discussion started by: ap0st0l
0 Replies

4. Red Hat

Samba server

Hi everyone, I am trying to set up a samba server using either the interface or the command line. However, I am unable to access the files found on the server. Can anyone tell me how to set up this server? Thanks in advance (2 Replies)
Discussion started by: shakshakshuk
2 Replies

5. UNIX for Dummies Questions & Answers

Server has more TIME_WAIT connections in Apache(port 80)

Server has more TIME_WAIT connections in Apache(port 80) Hi, My webserver has 16GB of RAM and CentOS 5.5, Apache 2.2.3, It's shared webserver used of for webhosting. I have optmized the server as : <IfModule prefork.c>... (4 Replies)
Discussion started by: chandranjoy
4 Replies

6. Web Development

How to find number of http connections active currently in apache web server

Hi I have a solaris 9 OS with apache web server running on top of it. i want to know how many http connections are active at any point in time. (In other words how many users are accessing my website it at any moment of time) How to get it..? hit counters are not required... ----------... (0 Replies)
Discussion started by: aemunathan
0 Replies

7. Virtualization and Cloud Computing

Cmd to start guest in VMware server 2.0

Is there any command in VMware Server 2.0 to poweron/start the guests like we have vmware-cmd ESX server 3.5 .. (1 Reply)
Discussion started by: fugitive
1 Replies

8. Shell Programming and Scripting

How do I make multiple connections to the server in this case

Given the following code #!/usr/bin/perl -w use IO::Socket; my($handle, $line, $kidpid); $handle = IO::Socket::INET->new( PeerAddr =>"64.22.229.139", PeerPort =>"4321", Proto=>"tcp", ... (0 Replies)
Discussion started by: frequency8
0 Replies

9. UNIX for Advanced & Expert Users

close_wait connections causing a server to hung

Hi Guys, Just wondering if anyone of you have been in a situation where you end up having around 100 close_wait connections and seems to me those connections are locking up resources/processes in the server so unless the server is rebooted those processes won't be released by the close_wait... (3 Replies)
Discussion started by: hariza
3 Replies

10. UNIX for Dummies Questions & Answers

dsl connections lost when attempting to retrieve mail from my server.

suse linux 6.4 im running and i have port 110 for pop and smtp open, i have set up some email addresses for my friends, but they recieve errors saying that relaying is denied. i know this is to prevent spamming software from using my domain to send spam, but how do i let my users send their mail?... (6 Replies)
Discussion started by: norsk hedensk
6 Replies

Featured Tech Videos