i have use the valid user command in share and it worked perfectly. but with one big issue. because of my less knowledge
[test]
path = /test
read only = no
valid users = timothy
but if i access this share which is for timothy from JAMES computer and later close the window. and click the same **test folder **again it opens without asking user name and password for timothy in james computer because it is still in timothy’s file server account.
the only way to logout from timothy samba account is to logout from Windows account. and login again.
so how can i get rid from this problem because it not safe if someone access his files on some one else computer.
my smb.config is like this
[global]
workgroup = WORKGROUP
netbios name = BCH-Fileshare
name resolve order = bcast host lmhosts wins
server string = “”
printcap name = cups
cups options = raw
use client driver = yes
map to guest = Bad User #include = /etc/samba/dhcp.conf
local master = yes
preferred master = yes
os level = 65 #usershare allow guests = Yes #usershare max shares = 100 #usershare owner only = False
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
Share disabled by YaST
[profiles]
comment = Network Profiles Service
path = %H
read only = No
store dos attributes = Yes
create mask = 0600
directory mask = 0700
[users]
comment = All users
path = /home
read only = No
inherit acls = Yes
veto files = /aquota.user/groups/shares/
[groups]
comment = All groups
path = /home/groups
read only = No
inherit acls = Yes
Share disabled by YaST
[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
Share disabled by YaST
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @ntadmin root
force group = ntadmin
create mask = 0664
directory mask = 0775
[test]
path = /test
read only = no
valid users = timothy charlie
>
> i have use the valid user command in share and it worked perfectly. but
> with one big issue. because of my less knowledge
>
> [test]
> path = /test
> read only = no
> valid users = timothy
>
> but if i access this share which is for timothy from JAMES computer and
> later close the window. and click the same *test folder *again it opens
> without asking user name and password for timothy in james computer
> because it is still in timothy’s file server account.
> the only way to logout from timothy samba account is to logout from
> Windows account. and login again.
>
> so how can i get rid from this problem because it not safe if someone
> access his files on some one else computer.
>
> my smb.config is like this
>
>
<snip>
davesal;
Windows caches those credentials by default and so Samba has no way of undoing
that. ( Samba asks for credentials but Windows just supplies the cached
credentials without a log on box.) It is your Windows boxes you need to fix.
Use Group Policy MMC, double click on the Security Options folder (Computer
Configuration\Windows Setting\Security Settings\Local Policies\Security
options). Enable “Network access: Do not allow storage of credentials or .NET
Passports for network authentication”.
The down side to this is that every time someone wants to use a network
resource they will need to provide their credentials. It might make more
sense to just avoid a log in on an account that should not have access to
that resource or be sure to log off after doing so.
–
P. V.
“We’re all in this together, I’m pulling for you.” Red Green
> On Wed April 29 2009 06:06 pm, davesal wrote:
>
>>
>> i have use the valid user command in share and it worked perfectly. but
>> with one big issue. because of my less knowledge
>>
>> [test]
>> path = /test
>> read only = no
>> valid users = timothy
>>
>> but if i access this share which is for timothy from JAMES computer and
>> later close the window. and click the same *test folder *again it opens
>> without asking user name and password for timothy in james computer
>> because it is still in timothy’s file server account.
>> the only way to logout from timothy samba account is to logout from
>> Windows account. and login again.
>>
>> so how can i get rid from this problem because it not safe if someone
>> access his files on some one else computer.
>>
>> my smb.config is like this
>>
>>
> <snip>
> davesal;
>
> Windows caches those credentials by default and so Samba has no way of
> undoing
> that. ( Samba asks for credentials but Windows just supplies the cached
> credentials without a log on box.) It is your Windows boxes you need to fix.
>
> Use Group Policy MMC, double click on the Security Options folder (Computer
> Configuration\Windows Setting\Security Settings\Local Policies\Security
> options). Enable “Network access: Do not allow storage of credentials or
> .NET Passports for network authentication”.
>
> The down side to this is that every time someone wants to use a network
> resource they will need to provide their credentials. It might make more
> sense to just avoid a log in on an account that should not have access to
> that resource or be sure to log off after doing so.
>
davesal;
I just double checked this, it seems Windows XP does not even close the
connection until you log off. VISTA closes the connection when you close the
share. Setting the above group policy may not help with XP clients. You may
be forced to either control with LINUX permissions, or follow the advice of
the last paragraph.
P. V.
“We’re all in this together, I’m pulling for you.” Red Green