HPE Community
Operating System - HP-UX
1822936 Members
3814 Online
109645 Solutions
New Discussion юеВ

CIFS Valid Users issue

 
Rob Marles
Occasional Advisor

тАО08-24-2006 07:46 AM

тАО08-24-2006 07:46 AM

CIFS Valid Users issue

Hello

I need to create a share in which only a handfull of users can have r/w access.

Here's my sample smb.conf file:

[global] security = share
guest account = root
admin users = administrator
delete readonly = Yes
log file = /opt/samba/log/log.%m
max log size = 200
valid users = root
<-snip->
[dev]
path = /tmp/devshare
writable = Yes
guest ok = no
valid users = robm abdulai

I can access this dev share, however Abdulai cannot.

His unix/windows user accounts are a mirror of mine, so this should work for him as well.

Anyone have any advice as to how I can allow abdulai access as well?

Thanks.
0 Kudos
Reply
3 REPLIES 3
IT_2007
Honored Contributor

тАО08-24-2006 07:50 AM

тАО08-24-2006 07:50 AM

Re: CIFS Valid Users issue

did you check for typo's in the smb.conf file for abdulai? Is it all lowercase or first letter upper case?
0 Kudos
Reply
Rob Marles
Occasional Advisor

тАО08-24-2006 07:55 AM

тАО08-24-2006 07:55 AM

Re: CIFS Valid Users issue

Yes, abdulai is all lower case and there doesn't seem to be any spelling mistakes.

thanks.
0 Kudos
Reply
Don McCall_1
Occasional Advisor

тАО08-27-2006 10:18 PM

тАО08-27-2006 10:18 PM

Re: CIFS Valid Users issue

So the user robm is able to get access to the 'dev' share, but the user abdulai is NOT, right - and they get an error message on the pc something like 'access denied'?
One thing that could be going wrong is permissions at the HP-UX level on the directory the share is pointing to. for instance does robm have read/execute access to that directory (either because he's the dir owner, or in a group that has access), but abdulai does NOT? this will cause access to a share to fail for a user. If your permissions (HPUX permissions) are wide open on the share (777) and you have at LEAST 'x' permissions on every directory down the path from / TO the share for everyone, then you will have to look elswhere: I would turn 'log level = 10' on in the smb.conf file, and then have abdulai try to do a net use r: \\servername\dev and then take a look at the resulting log file in /var/opt/samba/log.....
Look for what happens after the 'tconx' attempt.

The other thing to make sure of is that robm is actually getting access to the share as himself instead of 'root', or some other user: once you have accessed the share, copy a file to it, and look at the unix ownership, to make sure it's really 'robm' as the owner. Share level security is very buggy; and it tries everything it can to get you access to a share in any way it can. Since you have set guest = no, and a valid users parameter, I would NOT expect this, but you also have your guest user set to 'root' - which is highly unusual, and very scary, security wise. I would change this immediately. Finally, security = user or domain is much better if you can use it, that way you know exactly who is accessing your system, and they have to be authenticated with their username and password before accessing any shares.

Hope this helps.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.