>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<<
On 12/5/00, 4:01:58 PM, "Alan Davies"
On Tue 05 Dec, gary.stainburn@ringways.co.uk wrote:
It's not a case of thinking 'down' to your level, it's merely a case of perspective.
For this example, I would leave out both entries. From the smb.conf that you included I cannot see why you would get a username/password dialog unless smbd didn't know what user to log you in as.
Well - neither could I - although I wasn't as surprised as you!
Try adding 'guest account = nobody' in the [global] section and 'user = nobody' in the [test] section. Then see what happens.
'user=nobody'?
I assumed that this meant that there was nobody who was a guest - and therefore no one could log on as guest. This would appear to be incorrect?
No, user 'nobody' is a normal unix user account, but is there for a specific purpose. If you want to run a process with no special permissions - in deed fewer than normal permissions, you would run it as nobody. As superuser 'root', if you wish to provide a service, such as a web server, it would be dangerous to run it under your own user ID. If someone managed to find a security hole, they would have root access to your system. If you run that web server under account 'nobody' then if they break into the server, they can only do whatever they could if they logged in as user nobody. Usually, nobody, only has read access to certain areas, and write access to /tmp etc.
..however, user=nobody does appear to allow everyone to connect to that share, as well as to their home directory - assuming they use their LINUX username and password - and have encrypted entries in the smbpasswd file.
I notice that there is a command 'update encrypted' for use in global
of smb.conf which will update their encrypted password after they have connected once to a share (impossible if they require encrypted passwords to do
I could see how that would let people connect to your [test] service, as that was the idea. However, I'm not sure why it's let them access their [home] areas. This should be looked into further as it's not a satisfactory answer. section that in
the first place).
Is there a way to duplicate the entire passwd file into smbpasswd file and do the encryption for everyone in one go?
Sorry, can't help here, I've not played with the smbpasswd file.
..still I getting there. Many thinks again.
-- Alan Davies Head of Computing Birkenhead School