Dear person,
I seem to have stumbled on a weird problem with Samba on both my iMac G3 (OS X 10.3.9) and iBook G4 (OS X 10.4.4). I want my Windows shares to be a bit more secure, so I wanted them to be protected by a password instead of leaving them wide open to everybody. On my Linux machine (Betty) I made the following smb.conf. I also made sure I used smbpasswd to generate a good smbpasswd file:
root@Betty:~# cat /etc/samba/smb.conf
# Global parameters
[global]
workgroup = VB21
server string = Betty
security = user
encrypt passwords = yes
local master = No
wins support = yes
os level = 0
hosts allow = Geike.vb21, Sam.vb21
[Documents_Betty]
comment = Documents
path = /home/tsa
user = tsa
writable = yes
This works fine: I can connect to Betty from both my Macs (Geike and Sam) without any problem, provided that I enter the right password. So I made similar smb.conf files for both of them, and I used smbpasswd on both of them to make sure the passwords are OK. But whatever I tried, I could not connect to them. I could even not connect to one Mac from the other! I tried 'security = user', 'security = share' with 'valid users =' and 'user =', but nothing worked. Every time I got kicked out because of a wrong password or an unknown user (and log.nmbd and log.smbd provide no info about the faulty login attempts at all for some reason). I also tried specifying the location of the smbpasswd file ('smb passwd file =' but that also didn't work. I tried adding a line for the user tsa in /etc/passwd, but to no avail. What I also saw was that even when you change the smb password using smbpasswd, the contents of smbpasswd stay the same, except maybe for the time stamp. This leads me to believe that there is something wrong with the way passwords are handled in Samba in OS X. So now I have the following smb.conf on my OS X machines:
[global]
workgroup = VB21
server string = Geike
security = share
guest account = tsa
null passwords = yes
encrypt passwords = yes
local master = No
wins support = yes
os level = 0
hosts allow = betty.vb21, sam.vb21
defer sharing violations = no
[Documents_Geike]
path = /Users/tsa/Documents
guest ok = yes
writable = yes
[etc_Geike]
path = /private/etc
guest ok = yes
writable = no
Only when I use 'guest ok = yes' am I able to connect to a machine running OS X, because then I don't need a password. This is of course not very secure, especially on a laptop with a wireless connection. My question is: is this a bug, and/or what can I do to make this better? I just downloaded Samba but I don't have the resources on either machine to compile the source. I hope there is another solution.
Best regards,
Willem Tjerkstra
I seem to have stumbled on a weird problem with Samba on both my iMac G3 (OS X 10.3.9) and iBook G4 (OS X 10.4.4). I want my Windows shares to be a bit more secure, so I wanted them to be protected by a password instead of leaving them wide open to everybody. On my Linux machine (Betty) I made the following smb.conf. I also made sure I used smbpasswd to generate a good smbpasswd file:
root@Betty:~# cat /etc/samba/smb.conf
# Global parameters
[global]
workgroup = VB21
server string = Betty
security = user
encrypt passwords = yes
local master = No
wins support = yes
os level = 0
hosts allow = Geike.vb21, Sam.vb21
[Documents_Betty]
comment = Documents
path = /home/tsa
user = tsa
writable = yes
This works fine: I can connect to Betty from both my Macs (Geike and Sam) without any problem, provided that I enter the right password. So I made similar smb.conf files for both of them, and I used smbpasswd on both of them to make sure the passwords are OK. But whatever I tried, I could not connect to them. I could even not connect to one Mac from the other! I tried 'security = user', 'security = share' with 'valid users =' and 'user =', but nothing worked. Every time I got kicked out because of a wrong password or an unknown user (and log.nmbd and log.smbd provide no info about the faulty login attempts at all for some reason). I also tried specifying the location of the smbpasswd file ('smb passwd file =' but that also didn't work. I tried adding a line for the user tsa in /etc/passwd, but to no avail. What I also saw was that even when you change the smb password using smbpasswd, the contents of smbpasswd stay the same, except maybe for the time stamp. This leads me to believe that there is something wrong with the way passwords are handled in Samba in OS X. So now I have the following smb.conf on my OS X machines:
[global]
workgroup = VB21
server string = Geike
security = share
guest account = tsa
null passwords = yes
encrypt passwords = yes
local master = No
wins support = yes
os level = 0
hosts allow = betty.vb21, sam.vb21
defer sharing violations = no
[Documents_Geike]
path = /Users/tsa/Documents
guest ok = yes
writable = yes
[etc_Geike]
path = /private/etc
guest ok = yes
writable = no
Only when I use 'guest ok = yes' am I able to connect to a machine running OS X, because then I don't need a password. This is of course not very secure, especially on a laptop with a wireless connection. My question is: is this a bug, and/or what can I do to make this better? I just downloaded Samba but I don't have the resources on either machine to compile the source. I hope there is another solution.
Best regards,
Willem Tjerkstra