[Debian+XP] Samba olee^^

seim

seim

seim oder nicht seim?
Hi,
habe mir gestern mein Bastel- und File-Server neu gemacht und eine neuere Version vom Samba drauf geschmissen, so jetzt gibt's auch das erste Problem, allerdings mehr auf Windowsseite wie von Linux aus xD

Also ich habe den Gastzugang in der Config abgeschaltet (zumind. hoffe ich das ich das habe) und zunächst auch root zugelassen.. Jetzt kann ich in Windows oben in der Leiste eingeben "\\server" und dann kommt die berühmte PW Abfrage, weil ja das "Gastkonto" quasi deaktiviert ist.
So nun gebe ich also ein "root" und "meingeheimespw" und drück ab. So jetzt seh ich die Freigaben also und kann auch prima drauf zugreifen. Allerdings will ich das nicht nur für root testen sondern auch für andere Benutzter und da kommt jetz das große Problem... Who the fuck ist der "Umloggen" Button =)


Hier gibts die smb.conf - mit wahrscheinlich noch 1000 Sicherheitslücken^^
Code:
#
# Sample configuration file for the Samba suite for Debian GNU/Linux.
#
#
# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options most of which 
# are not shown in this example
#
# Any line which starts with a ; (semi-colon) or a # (hash) 
# is a comment and is ignored. In this example we will use a #
# for commentary and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command
# "testparm" to check that you have not made any basic syntactic 
# errors. 
#

#======================= Global Settings =======================

[global]

## Browsing/Identification ###

# Change this to the workgroup/NT-domain name your Samba server will part of
   workgroup = Arbeitsgruppe

# server string is the equivalent of the NT Description field
   server string = %h server

# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable its WINS Server
;   wins support = no

# WINS Server - Tells the NMBD components of Samba to be a WINS Client
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
;   wins server = w.x.y.z

# This will prevent nmbd to search for NetBIOS names through DNS.
   dns proxy = no

# What naming service and in what order should we use to resolve host names
# to IP addresses
;   name resolve order = lmhosts host wins bcast

#### Networking ####

# The specific set of interfaces / networks to bind to
# This can be either the interface name or an IP address/netmask;
# interface names are normally preferred
;   interfaces = 127.0.0.0/8 eth0

# Only bind to the named interfaces and/or networks; you must use the
# 'interfaces' option above to use this.
# It is recommended that you enable this feature if your Samba machine is
# not protected by a firewall or is a firewall itself.  However, this
# option cannot handle dynamic or non-broadcast interfaces correctly.
;   bind interfaces only = true



#### Debugging/Accounting ####

# This tells Samba to use a separate log file for each machine
# that connects
   log file = /var/log/samba/log.%m

# Put a capping on the size of the log files (in Kb).
   max log size = 1000

# If you want Samba to only log through syslog then set the following
# parameter to 'yes'.
;   syslog only = no

# We want Samba to log a minimum amount of information to syslog. Everything
# should go to /var/log/samba/log.{smbd,nmbd} instead. If you want to log
# through syslog you should set the following parameter to something higher.
   syslog = 0

# Do something sensible when Samba crashes: mail the admin a backtrace
   panic action = /usr/share/samba/panic-action %d


####### Authentication #######

# "security = user" is always a good idea. This will require a Unix account
# in this server for every user accessing the server. See
# /usr/share/doc/samba-doc/htmldocs/Samba3-HOWTO/ServerType.html
# in the samba-doc package for details.
;   security = user

# You may wish to use password encryption.  See the section on
# 'encrypt passwords' in the smb.conf(5) manpage before enabling.
   encrypt passwords = true

# If you are using encrypted passwords, Samba will need to know what
# password database type you are using.  
   passdb backend = tdbsam

   obey pam restrictions = yes

;   guest account = nobody
;   invalid users = root

# This boolean parameter controls whether Samba attempts to sync the Unix
# password with the SMB password when the encrypted SMB password in the
# passdb is changed.
;   unix password sync = no

# For Unix password sync to work on a Debian GNU/Linux system, the following
# parameters must be set (thanks to Ian Kahan <<kahan@informatik.tu-muenchen.de> for
# sending the correct chat script for the passwd program in Debian Sarge).
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .

# This boolean controls whether PAM will be used for password changes
# when requested by an SMB client instead of the program listed in
# 'passwd program'. The default is 'no'.
;   pam password change = no

########## Domains ###########

# Is this machine able to authenticate users. Both PDC and BDC
# must have this setting enabled. If you are the BDC you must
# change the 'domain master' setting to no
#
;   domain logons = yes
#
# The following setting only takes effect if 'domain logons' is set
# It specifies the location of the user's profile directory
# from the client point of view)
# The following required a [profiles] share to be setup on the
# samba server (see below)
;   logon path = \\%N\profiles\%U
# Another common choice is storing the profile in the user's home directory
;   logon path = \\%N\%U\profile

# The following setting only takes effect if 'domain logons' is set
# It specifies the location of a user's home directory (from the client
# point of view)
;   logon drive = H:
;   logon home = \\%N\%U

# The following setting only takes effect if 'domain logons' is set
# It specifies the script to run during logon. The script must be stored
# in the [netlogon] share
# NOTE: Must be store in 'DOS' file format convention
;   logon script = logon.cmd

# This allows Unix users to be created on the domain controller via the SAMR
# RPC pipe.  The example command creates a user account with a disabled Unix
# password; please adapt to your needs
; add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u

########## Printing ##########

# If you want to automatically load your printer list rather
# than setting them up individually then you'll need this
;   load printers = yes

# lpr(ng) printing. You may wish to override the location of the
# printcap file
;   printing = bsd
;   printcap name = /etc/printcap

# CUPS printing.  See also the cupsaddsmb(8) manpage in the
# cupsys-client package.
;   printing = cups
;   printcap name = cups

# When using [print$], root is implicitly a 'printer admin', but you can
# also give this right to other users to add drivers and set printer
# properties
;   printer admin = @ntadmin


############ Misc ############

# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting
;   include = /home/samba/etc/smb.conf.%m

# Most people will find that this option gives better performance.
# See smb.conf(5) and /usr/share/doc/samba-doc/htmldocs/Samba3-HOWTO/speed.html
# for details
# You may want to add the following on a Linux system:
#         SO_RCVBUF=8192 SO_SNDBUF=8192
   socket options = TCP_NODELAY

# The following parameter is useful only if you have the linpopup package
# installed. The samba maintainer and the linpopup maintainer are
# working to ease installation and configuration of linpopup and samba.
;   message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm %s' &

# Domain Master specifies Samba to be the Domain Master Browser. If this
# machine will be configured as a BDC (a secondary logon server), you
# must set this to 'no'; otherwise, the default behavior is recommended.
;   domain master = auto

# Some defaults for winbind (make sure you're not using the ranges
# for something else.)
;   idmap uid = 10000-20000
;   idmap gid = 10000-20000
;   template shell = /bin/bash
;
; The following was the default behaviour in sarge
; but samba upstream reverted the default because it might induce
; performance issues in large organizations
; See #368251 for some of the consequences of *not* having
; this setting and smb.conf(5) for all details
;
;   winbind enum groups = yes
;   winbind enum users = yes

#======================= Share Definitions =======================

[homes]
   comment = Home Directories
   browseable = no

# By default, the home directories are exported read-only. Change next
# parameter to 'yes' if you want to be able to write to them.
   writable = no

# File creation mask is set to 0700 for security reasons. If you want to
# create files with group=rw permissions, set next parameter to 0775.
   create mask = 0700

# Directory creation mask is set to 0700 for security reasons. If you want to
# create dirs. with group=rw permissions, set next parameter to 0775.
   directory mask = 0700

# Un-comment the following and create the netlogon directory for Domain Logons
# (you need to configure Samba to act as a domain controller too.)
;[netlogon]
;   comment = Network Logon Service
;   path = /home/samba/netlogon
;   guest ok = yes
;   writable = no
;   share modes = no

[printers]
	browseable = no
	printable = yes
	writable = no
	path = /tmp
	comment = All Printers
	public = no
	create mode = 0700

# Windows clients look for this share name as a source of downloadable
# printer drivers

[root]
	force user = root
	delete readonly = yes
	path = /
	force group = root


[root_zugriff]
	guest account = root
	locking = no
	delete readonly = yes
	write list = root
	path = /
	revalidate = yes
	force user = root


[bit]
	force user = root
	guest account = root
	path = /home/bit/seim
	write list = root

[dateien]
	guest account = root
	comment = /home/files
	writeable = yes
	path = /home/files



[dateien2]
	copy = dateien
	comment = /media/files
	path = /media/files

[sicherung]
	copy = dateien
	comment = /home/sicherung
	path = /home/sicherung
 
[root]
force user = root
delete readonly = yes
path = /
force group = root


[root_zugriff]
guest account = root
locking = no
delete readonly = yes
write list = root
path = /
revalidate = yes
force user = root

Erkläre bitte mal, was dieses Konstrukt bewirken soll, also was hast du da im Sinn?

Ansonsten würde ich mir mal den Schalter
Code:
valid users = ...

anschauen.
 
Zuletzt bearbeitet:
Ich hab keine Ahnung die Freigaben hab ich ganz billig in Webmin erstellt^^
Naja und / hab ich nur freigegeben, weil ich mit ner Baumstruktur auf der GUI mehr anfangen kann.
Einmal mit und einmal ohne Schreibzugriff, damit man bei dem ganzen Klicki-Bunti nicht ausversehen irgendein Verzeichnis verschiebt.

Das war der grobe Sinn xD



Aber und das ist noch viel wichtiger^^ ich weis jetzt wie man in Windows den Benutzter wechselt mit dem man auf eine Freigabe zugreift... Naja eigentlich weis ich das nur halb weil das nur geht wenn man den Login gespeichert hat, also einfach mal eben Umloggen weis ich immernoch nicht.

Jedenfalls: Start > Ausführen > "control userpasswords2" > Erweitert > Kennwörter verwalten
Da kann man die Passwörter verwalten, die man für Netzwerkfreigaben gespeichert hat.
 
Zuletzt bearbeitet:

Ähnliche Themen

configure schlägt bei X fehl

NGINX bietet intern abgerufene Seiten nur zum Download an, extern geht's

Nginx als Reverse Proxy für Nextcloud und Emby

Zugriff Ubuntu 16.04. auf Freigabe 18.04. LTS nicht möglich

Samba 4.0.0 - DNS-Problem

Zurück
Oben