4

I'm trying to get a shared folder to work. Everyone should have read access (preferably not even a password prompt should pop up when connecting with Windows), but a few selected users should be able to log in and have write access too.

So far I have the following configuration:

[global]
    server string = %h server
    security = SHARE
    obey pam restrictions = Yes
    pam password change = Yes
    unix password sync = Yes
    syslog = 0
    log file = /var/log/samba/log.%m
    max log size = 1000

[shared]
    comment = Shared
    path = /shared
    write list = @users
    create mask = 0660
    directory mask = 0771
    guest ok = Yes

While this works nicely in allowing anonymous users to access the share (with the password prompt disabled), it will not allow me to connect with a authenticated user

smbclient //192.168.2.9/shared/
Enter cdecker's password: 
tree connect failed: NT_STATUS_ACCESS_DENIED

I also tried server-level security, but that required all users to be authenticated and the password prompt would bug the hell out of my users.

cdecker
  • 431
  • 2
  • 5
  • 17

1 Answers1

4

man smb.conf:

guest ok (S)

If this parameter is yes for a service, then no password is required to connect to the service. Privileges will be those of the guest account.

I suppose there is no way to accomplish what you want to have in this way. As a workaround, I would suggest defining another share without setting guest ok = yes and let the authenticating users connect there instead.

[shared-auth]
    comment = Shared
    path = /shared
    write list = @users
    create mask = 0660
    directory mask = 0771
the-wabbit
  • 40,319
  • 13
  • 105
  • 169