'security = share' / Win7 public share

    Hi all,


    I had an issue where even though permissions were appropriately set for my SMB/CIFS share, attempting to browse the server via Win 7 would prompt me for login credentials.


    Example..


    Code
    -Server
+--Share1/ (Public)
+--Share2/ (Private)
+--Share3/ (Private)


    My intention was to browse to \\Server\ (using Windows) and get a listing of all shares. If a non-authorized user attempted to open Share2 or Share3, they would be prompted for login credentials. If they opened Share1, they were allowed via read-only. (All shares were marked Browsable, and Share1 as Public. 'nobody' was given read-only to Share1 and recursively applied)


    This was not happening on my OMV install, until I edited smb.conf and added 'security = share'. Now everything works correctly, as stated above.


    I think this 'security = share' is deprecated.. is there another solution for this?


    Also, I had 2 identical shares as far as ACL's, Privileges and Permissions. Using the example above (after adding security=share, and marking Share2 as 'Public', and granting 'nobody' read-only access), Share1 was accessible, and Share2 still prompted for login credentials (even though they had the same ACL/Privs/Permissions).


    I went into smb.conf and edited out the following line in the [Share2] section.

    Code
    #valid users = "user1"


    (This 'valid users = ' line was not present in the [Share1] configuration.)


    Now both shares work correctly. Anonymous browsing is fine, and still read-only. When I login as 'user1' I still have write access.


    How can I make this change via the GUI, and have I caused any unforeseen issues by doing this?


    To be clear, all changes to smb.conf were made via GUI, except for the line I added (security=share) and the single line I commented out.

    Did you check the chmod of Share1? To be accessable for 'others'?


    Greetings
    David

    "Well... lately this forum has become support for everything except omv" [...] "And is like someone is banning Google from their browsers"


    Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.

    Upload Logfile via WebGUI/CLI
    #openmediavault on freenode IRC | German & English | GMT+1
    Absolutely no Support via PM!

    Zitat von "davidh2k"

    Did you check the chmod of Share1? To be accessable for 'others'?


    Greetings
    David


    Not exactly sure what's meant by that.. 'share1' is root:users 755. Under 'ACL', others is read-only.


    It will still prompt me for credentials, unless I add the 'security=share' line in smb.conf

    The share is set to public via SMB/CIFS?


    Greetings
    David

    "Well... lately this forum has become support for everything except omv" [...] "And is like someone is banning Google from their browsers"


    Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.

    Upload Logfile via WebGUI/CLI
    #openmediavault on freenode IRC | German & English | GMT+1
    Absolutely no Support via PM!

    Code
    cat /etc/samba/smb.conf
cat /etc/openmediavault/config.xml
ls -la /media/UUID/Share1/
ls -la /media/UUID/Share2/


    Greetings
    David

    "Well... lately this forum has become support for everything except omv" [...] "And is like someone is banning Google from their browsers"


    Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.

    Upload Logfile via WebGUI/CLI
    #openmediavault on freenode IRC | German & English | GMT+1
    Absolutely no Support via PM!

    Zitat von "davidh2k"
    Code
    cat /etc/samba/smb.conf
cat /etc/openmediavault/config.xml
ls -la /media/UUID/Share1/
ls -la /media/UUID/Share2/


    Greetings
    David


    thanks! pasted to irc, but will follow up in a few days when I can get a clean windows VM to re-verify the issue.

    That others can follow up on this error, here are Brandons pastebins:


    http://pastebin.com/rHMdXe6U
    http://pastebin.com/NyvpLf9R
    http://pastebin.com/zqhA118N


    I just checked this in a VM and had it setup in under 5mins. My guess is that the error is related to his windows machine, instead of the OpenMediaVault settings.


    Greetings
    David

    "Well... lately this forum has become support for everything except omv" [...] "And is like someone is banning Google from their browsers"


    Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.

    Upload Logfile via WebGUI/CLI
    #openmediavault on freenode IRC | German & English | GMT+1
    Absolutely no Support via PM!

    OK guys, we have progress! Thanks to Davidh2k for his vanilla OMV VM, we've tracked this down..


    Here is the issue..


    Create a share that has root = rw, users = rw, others = r. Add it to samba/cifs and share it (not sure if it's relevant, but share in cifs/shared folder had the same name for me, both = 'test'). Note from davidh2k: Yep, thats irrelevant.


    If you create an OMV username that matches the username on your client PC (for me this was both on a Mac and Windows 7 PC.. OMV user = 'brandon', PC user = 'brandon'), it will attempt to authenticate via these user credentials. You do not even need to grant this user access to the share. Simply having this username in existence is enough to create this issue.


    Now, if the password is the same for BOTH of these accounts (OMV and client OS), authentication goes through, and you can see the public shares no problem. HOWEVER, if the passwords DO NOT match, you will be prompted for credentials to access this public share.


    If I were to delete this user from OMV, all is good again, no prompts / credentials required. If I were to give this user a name that did not match my client PC's logged-in user-name (OMV ='jake', client OS ='brandon') , all would be good as well.


    As for my original question, it seems adding the line 'security=share' in smb.conf and restarting samba will resolve also this issue. I'm not sure how this line changes the authentication process, but it must somehow.



    So it seems the below configuration will prompt for authentication, even on a public share.


    1) Publicly shared folder on OMV via CIFS/SAMBA
    2) Matching usernames for OMV and your client PC
    3) Non-matching passwords between those two systems.


    The two solutions are to either match passwords / un-match user names, or add 'security=share' in smb.conf.


    Thanks again for Davidh2k for helping me track this down.

    http://bugtracker.openmediavault.org/view.php?id=1000


    Greetings
    David

    "Well... lately this forum has become support for everything except omv" [...] "And is like someone is banning Google from their browsers"


    Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.

    Upload Logfile via WebGUI/CLI
    #openmediavault on freenode IRC | German & English | GMT+1
    Absolutely no Support via PM!

    Happy 1000th entry at mantis!!!


    Btw. Volker answered.


    Zitat

    Windows does not support different passwords for shares and login if the username is equal. I can remember that i had this problem on my HTPC, finally i had to use the same password on both systems. I think i have googled that problem and did only find this solution.


    I think you also have to force Windows to forgot the previous used password to be able to access the share after changing the password.

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!

Benutzerkonto erstellen Anmelden