# Help With Samba Shares (solved)

## EstebanGonzales

Hi I was wondering if someone was able to help me at all. 

I seem to be experiencing a wierd problem when trying to share two directories on samba. 

I currently have 3 users on the system

mary 

bob

pcguest (no password set , created just using the useradd command) 

Mary and Bob are both users on the main system and both have samba passwords set. 

They can access any of there shares on the Server when they type in there username and password on the windows xp boxes. 

The problem I seem to be having is I am trying to share my Public (/Media) and tmp (/tmp) directories on my Server so they are open to anyone on in my workgroup to use from the windows boxes. 

Everytime I try to access the server  it ask's me for a username and password even though I have the 2 directories set to share to anyone with no users required.  

If I change the 

```
security = user 
```

 to 

```
 security = share 
```

 in the smb.conf I can then access the (/tmp) and (/Media) shares onthe server with no username and password  but Mary and Bob can not access there home shares on the server just (/tmp) and (/public) . 

Could anyone please help me with my problem??

Here is a copy of my samba.conf 

```
#======================= Global Settings =====================================

[global]

# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH

   workgroup = WORKGROUP

# server string is the equivalent of the NT Description field

   server string = File Server 

# Security mode. Defines in which mode Samba will operate. Possible 

# values are share, user, server, domain and ads. Most people will want 

# user level security. See the Samba-HOWTO-Collection for details.

   security = user 

# If you want to automatically load your printer list rather

# than setting them up individually then you'll need this

   load printers = yes

# you may wish to override the location of the printcap file

;   printcap name = /etc/printcap

# on SystemV system setting printcap name to lpstat should allow

# you to automatically obtain a printer list from the SystemV spool

# system

;   printcap name = lpstat

# It should not be necessary to specify the print system type unless

# it is non-standard. Currently supported print systems include:

# bsd, cups, sysv, plp, lprng, aix, hpux, qnx

;   printing = cups

# Uncomment this if you want a guest account, you must add this to /etc/passwd

# otherwise the user "nobody" is used

  guest account = pcguest

# this tells Samba to use a separate log file for each machine

# that connects

   log file = /var/log/samba/log.%m

# Put a capping on the size of the log files (in Kb).

   max log size = 50

# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names

# via DNS nslookups. The default is NO.

   dns proxy = no 

#============================ Share Definitions ==============================

[homes]

   comment = Home Directories

   browseable = no

   writable = yes

[printers]

   comment = All Printers

   path = /var/spool/samba

   browseable = no

# Set public = yes to allow user 'guest account' to print

   guest ok = no

   writable = no

   printable = yes

# This one is useful for people to share files

[tmp]

   comment = Temporary file space

   path = /tmp

   read only = no

   public = yes

   browseable = yes

   guest ok = yes

[Bobs Share]

   comment = Bobs Service

   path = /home/bob

   valid users = bob

   public = yes 

   writable = yes

   printable = no

[Marys Share]

   comment = Marys 

   path = /home/mary 

   valid users = bob mary

   public = no

   writable = yes

   printable = no

[public]

   path = /Media

   public = yes

   only guest = yes

   writable = yes

   printable = no

```

Im basically just trying to have some users that can access there own home directories and a open share on the server that anyone can get into without a user or password

Does anyone have any ideas what the problem could be ?Last edited by EstebanGonzales on Sat Oct 16, 2010 5:09 pm; edited 1 time in total

----------

## dmpogo

Can you put 'security' inside a share description to limit its scope ? Ah, just looked, seems you can't

----------

## gentoo_newguy

Afraid you cant do that.Last edited by gentoo_newguy on Sat Oct 16, 2010 5:10 pm; edited 1 time in total

----------

## Cyker

I think you're on the right track with the SHARE security; The reason the users can access the public shares but not their own is probably because you need to map passwords to users with SHARE security. I have no idea how to do this with the tdb backend but with smbpasswd it's as simple as getting that user to run smbpasswd under their account and setting the password.

My smb.conf is something like:

```

# Samba config file created using SWAT

# from UNKNOWN (0.0.0.0)

# Date: 2010/06/08 18:28:24

[global]

        workgroup = CYNET

        server string = %h (Samba %v)

        security = SHARE

        passdb backend = smbpasswd

        lanman auth = Yes

        client lanman auth = Yes

        client plaintext auth = Yes

        min receivefile size = 8192

        use sendfile = yes

        write cache size = 65535

        name resolve order = lmhosts host wins bcast

        unix extensions = No

        socket options = IPTOS_LOWDELAY TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

        load printers = No

        show add printer wizard = No

        mangle prefix = 3

        os level = 80

        dns proxy = No

        host msdfs = No

        create mask = 0644

        hosts allow = 172.162.1.0/255.255.255.0

        block size = 4096

        case sensitive = No

        map archive = No

[steeeve]

        comment = Steve's user area

        path = /home/steeeve

        username = steeeve

        read only = No

[public]

        comment = public directory

        path = /home/public

        read only = No

        create mask = 0666

        directory mask = 0777

        guest ok = Yes

```

and then I would have  'steeeve' run smbpasswd and set his password to the same password that he's using to log in with (Doesn't need to be his actual login password if using smbpasswd; If you use the default tdb backend then you don't have this choice I think).

I'm using smbpasswd because it's simple and works, but is extremely basic. I have been unable to get SHARE security working with the tdb backend (Mainly because I can't be arsed to understand it).

The biggest advantage of SHARE security is that it is MUCH easier to enable anonymous access; You can do it with USER security, but it's much more finicky and unreliable plus clients HAVE to give a username/password pair no matter what, even if it's just garbage to access the 'guest' shares. It also will have problems with 'real' SHARE level clients like Win9x.

However, SHARE security doesn't work properly in Vista+ (Or at least we couldn't get it to work) and it's incredibly insecure as only the password gets used (Samba 'guesses' the username), not a username, so don't let it out past the LAN!

----------

## salahx

You want to use the "map to guest" function

Add this to smb.conf :

```

[global]

map to guest = bad user

```

----------

