Koozali.org: home of the SME Server
Obsolete Releases => SME Server 8.x => Topic started by: Frank VB on October 20, 2014, 12:15:30 PM
-
I've been running a server for about 3 years on which I set up an ibay which is used as a network shared drive. I turned this share into an anonymous share (for particular reasons). I did this by creating two custom templates (in /etc/e-smith/templates-custom/etc/smb.conf). One contains the line:
guest ok = yesThe second one contains this fragment (I replaced "user" by "share" in the last line):
}
security = {
if ($smb{ServerRole} eq "DM") {
"domain";
} elsif ($smb{ServerRole} eq "ADS") {
"ADS";
} else {
"share";
}
}
Now this has all been working flawlessly until I updated this server on friday to the latest samba (version 3.6.23-6). This morning users reported they couldn't access the share anymore. They can see it but they can't access it. I checked whether the samba service is up and running (it is).
I've a little bit of the flu at the moment so I would like to find a quick work around for this problem. My question: is it save to do a downgrade of samba (and all other samba packages) to the previous version and is this the correct syntax:
yum downgrade samba3x samba3x-client samba3x-common samba3x-winbind
I'm reporting this issue on the forum and not in the bugtracker since an anonymous share is not an out of the box feature of SME server but a tweak I implemented myself.
TIA
Frank
-
Hi Frank,
the change log of samba3x version 3.6.23-6 shows:
# rpm -q samba3x --changelog
* Wed Jul 09 2014 - Andreas Schneider <asn@redhat.com> - 3.6.23-6
- resolves: #1110729 - Fix write operations as guest with 'security = share'.
That might imply that you have been putting a security hole to practical business use...
As for the downgrade, I would give it a try on a non production VM on e.g. VirtualBox to test.
HTH
guest
-
ps. one might want to implement the yum change log, and manually supervise any updates:
http://wiki.contribs.org/Yum-changelog
-
Thank you HF, for pointing to the samba changelog and yum-change rpm. I had already googled that samba behaviour had changed. Normally I apply updates only after applying them on a test server and waiting two weeks before applying them to production servers (unless the updates are critical such as the bash update). But it seems this time I was caught by surprise.
Anyway, it doesn't solve my problem. As a workaround, instead of downgrading, I've removed the custom-templates and switched back to a normal ibay/share. I created a user on the server and instructed my users to connect to the share using the user account.
As for a final solution, I either have to find a new way for implementing anonymous access or I have to create a user account on the "broken" server with exactly the same logon credentials as on my main server (which acts as a DC). We're talking about 20-25 accounts. It is not a disaster but it certainly isn't practical in terms of maintenance.
I wonder if I'm the only one who is using this "it is not a bug, it is a feature" or maybe I should say "it WAS a bug ..." :-)
Regards
Frank
-
I know another user, a sysadmin in a french college, he needed this feature for collecting the works of student. In fact the network share is in free access but without permissions of browsing and reading/removing.
so the student can give his work without password but he cannot see others works.
Unfortunately for now he has to downgrade to keep this feature.
-
The concept referred to here may be useful.
http://wiki.contribs.org/User_homes_admin_access
It is not exactly the same situation but may help or guide.
-
The concept referred to here may be useful.
http://wiki.contribs.org/User_homes_admin_access
It is not exactly the same situation but may help or guide.
Thank you Janet. I will have a look at this.
Frank
-
There is also the nice SharedFolder contrib http://wiki.contribs.org/SharedFolders
-
Just to give an update on the final solution I implemented. The network share in question is mounted by a logon script which is set in the gpedit.msc management console. I added the username and password to the net use command:
net use s: \\servername\sharename passw0rd /user:dummy /p:yes
As a result the share is mounted automatically and can be accessed without the user having to enter a username and/or password. Of course this means that I had to boot up each client computer and change the script, but luckily I only have to do this once and only about 15 computers were involved.
Again, thank you all for your input.
Frank
-
Again, thank you all for your input.
Frank
And thank you for your feedback and final resolution that works the best for you.