'security = share' / Win7 public share

    This site uses cookies. By continuing to browse this site, you are agreeing to our Cookie Policy.

    • 'security = share' / Win7 public share

      Hi all,

      I had an issue where even though permissions were appropriately set for my SMB/CIFS share, attempting to browse the server via Win 7 would prompt me for login credentials.

      Example..

      Source Code

      1. -Server
      2. +--Share1/ (Public)
      3. +--Share2/ (Private)
      4. +--Share3/ (Private)


      My intention was to browse to \\Server\ (using Windows) and get a listing of all shares. If a non-authorized user attempted to open Share2 or Share3, they would be prompted for login credentials. If they opened Share1, they were allowed via read-only. (All shares were marked Browsable, and Share1 as Public. 'nobody' was given read-only to Share1 and recursively applied)

      This was not happening on my OMV install, until I edited smb.conf and added 'security = share'. Now everything works correctly, as stated above.

      I think this 'security = share' is deprecated.. is there another solution for this?


      Also, I had 2 identical shares as far as ACL's, Privileges and Permissions. Using the example above (after adding security=share, and marking Share2 as 'Public', and granting 'nobody' read-only access), Share1 was accessible, and Share2 still prompted for login credentials (even though they had the same ACL/Privs/Permissions).

      I went into smb.conf and edited out the following line in the [Share2] section.

      Source Code

      1. #valid users = "user1"


      (This 'valid users = ' line was not present in the [Share1] configuration.)

      Now both shares work correctly. Anonymous browsing is fine, and still read-only. When I login as 'user1' I still have write access.

      How can I make this change via the GUI, and have I caused any unforeseen issues by doing this?


      To be clear, all changes to smb.conf were made via GUI, except for the line I added (security=share) and the single line I commented out.
    • Re: 'security = share' / Win7 public share

      Did you check the chmod of Share1? To be accessable for 'others'?

      Greetings
      David
      "Well... lately this forum has become support for everything except omv" [...] "And is like someone is banning Google from their browsers"

      Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.


      Upload Logfile via WebGUI/CLI
      #openmediavault on freenode IRC | German & English | GMT+1
      Absolutely no Support via PM!

      I host parts of the omv-extras.org Repository, the OpenMediaVault Live Demo and the pre-built PXE Images. If you want you can take part and help covering the costs by having a look at my profile page.
    • Re: 'security = share' / Win7 public share

      The share is set to public via SMB/CIFS?

      Greetings
      David
      "Well... lately this forum has become support for everything except omv" [...] "And is like someone is banning Google from their browsers"

      Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.


      Upload Logfile via WebGUI/CLI
      #openmediavault on freenode IRC | German & English | GMT+1
      Absolutely no Support via PM!

      I host parts of the omv-extras.org Repository, the OpenMediaVault Live Demo and the pre-built PXE Images. If you want you can take part and help covering the costs by having a look at my profile page.
    • Re: 'security = share' / Win7 public share

      Source Code

      1. cat /etc/samba/smb.conf
      2. cat /etc/openmediavault/config.xml
      3. ls -la /media/UUID/Share1/
      4. ls -la /media/UUID/Share2/


      Greetings
      David
      "Well... lately this forum has become support for everything except omv" [...] "And is like someone is banning Google from their browsers"

      Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.


      Upload Logfile via WebGUI/CLI
      #openmediavault on freenode IRC | German & English | GMT+1
      Absolutely no Support via PM!

      I host parts of the omv-extras.org Repository, the OpenMediaVault Live Demo and the pre-built PXE Images. If you want you can take part and help covering the costs by having a look at my profile page.
    • Re: 'security = share' / Win7 public share

      That others can follow up on this error, here are Brandons pastebins:

      pastebin.com/rHMdXe6U
      pastebin.com/NyvpLf9R
      pastebin.com/zqhA118N

      I just checked this in a VM and had it setup in under 5mins. My guess is that the error is related to his windows machine, instead of the OpenMediaVault settings.

      Greetings
      David
      "Well... lately this forum has become support for everything except omv" [...] "And is like someone is banning Google from their browsers"

      Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.


      Upload Logfile via WebGUI/CLI
      #openmediavault on freenode IRC | German & English | GMT+1
      Absolutely no Support via PM!

      I host parts of the omv-extras.org Repository, the OpenMediaVault Live Demo and the pre-built PXE Images. If you want you can take part and help covering the costs by having a look at my profile page.
    • Re: 'security = share' / Win7 public share

      OK guys, we have progress! Thanks to Davidh2k for his vanilla OMV VM, we've tracked this down..

      Here is the issue..

      Create a share that has root = rw, users = rw, others = r. Add it to samba/cifs and share it (not sure if it's relevant, but share in cifs/shared folder had the same name for me, both = 'test'). Note from davidh2k: Yep, thats irrelevant.

      If you create an OMV username that matches the username on your client PC (for me this was both on a Mac and Windows 7 PC.. OMV user = 'brandon', PC user = 'brandon'), it will attempt to authenticate via these user credentials. You do not even need to grant this user access to the share. Simply having this username in existence is enough to create this issue.

      Now, if the password is the same for BOTH of these accounts (OMV and client OS), authentication goes through, and you can see the public shares no problem. HOWEVER, if the passwords DO NOT match, you will be prompted for credentials to access this public share.

      If I were to delete this user from OMV, all is good again, no prompts / credentials required. If I were to give this user a name that did not match my client PC's logged-in user-name (OMV ='jake', client OS ='brandon') , all would be good as well.

      As for my original question, it seems adding the line 'security=share' in smb.conf and restarting samba will resolve also this issue. I'm not sure how this line changes the authentication process, but it must somehow.


      So it seems the below configuration will prompt for authentication, even on a public share.

      1) Publicly shared folder on OMV via CIFS/SAMBA
      2) Matching usernames for OMV and your client PC
      3) Non-matching passwords between those two systems.

      The two solutions are to either match passwords / un-match user names, or add 'security=share' in smb.conf.

      Thanks again for Davidh2k for helping me track this down.
    • Re: 'security = share' / Win7 public share

      "Well... lately this forum has become support for everything except omv" [...] "And is like someone is banning Google from their browsers"

      Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.


      Upload Logfile via WebGUI/CLI
      #openmediavault on freenode IRC | German & English | GMT+1
      Absolutely no Support via PM!

      I host parts of the omv-extras.org Repository, the OpenMediaVault Live Demo and the pre-built PXE Images. If you want you can take part and help covering the costs by having a look at my profile page.
    • Re: 'security = share' / Win7 public share

      Happy 1000th entry at mantis!!!

      Btw. Volker answered.

      Windows does not support different passwords for shares and login if the username is equal. I can remember that i had this problem on my HTPC, finally i had to use the same password on both systems. I think i have googled that problem and did only find this solution.

      I think you also have to force Windows to forgot the previous used password to be able to access the share after changing the password.
      OMV stoneburner | HP Microserver | 256GB Samsung 830 SSD for system | 4x 2TB in a RAID5
      OMV erasmus| Odroid XU4 | 5TB Data drive | 500GB Backup drive
    • Users Online 1

      1 Guest