oksage
Posts: 19
Joined: Fri Dec 01, 2017 6:44 am

samba home share allows (!) access without password

Mon Oct 07, 2019 2:11 am

I've had this rpi3 set up as a samba server for years, and the default 'homes' share config requires me to use my password to log in, whether I browse to the home share or if I type in user@ip/homes into thunar's 'location' bar. However lately, when I access the home share by typing user@ip/homes, it's not prompting me for a password. But if I browse to the share, it asks for a password.

Not sure if it makes a difference, but I've got cifs-utils and smbclient installed. And here's the relevant part of /etc/samba/smb.conf , having used grep to remove comments:

Code: Select all

[global]
   workgroup = WORKGROUP
   dns proxy = no
   log file = /var/log/samba/log.%m
   max log size = 1000
   syslog = 0
   panic action = /usr/share/samba/panic-action %d
   server role = standalone server
   passdb backend = tdbsam
   obey pam restrictions = yes
   unix password sync = yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
   pam password change = yes
   map to guest = bad user
   usershare allow guests = yes
[homes]
   comment = Home Directories
   browseable = yes
   read only = no
   create mask = 0775
   directory mask = 0775
   valid users = %S
   
Any ideas? I don't think it was an update that messed with my config, because my usb share is still in the config.

User avatar
thagrol
Posts: 4052
Joined: Fri Jan 13, 2012 4:41 pm
Location: Darkest Somerset, UK
Contact: Website

Re: samba home share allows (!) access without password

Mon Oct 07, 2019 9:52 am

I'm not the samba expert on here and I don't use thunar but three things spring to mind:
  1. In the default config [homes] is not browseable.
  2. Have you previously logged in to the samba server as the same user?
  3. In my experience the expected way to access the homes share is by (using windows explorer syntax) \\server\user not \\server\homes then logging in as the desired user.
Arguing with strangers on the internet since 1993.

All advice given is based on my experience. it worked for me, it may not work for you.
All GPIO pin numbers are BCM numbers.

hippy
Posts: 8966
Joined: Fri Sep 09, 2011 10:34 pm
Location: UK

Re: samba home share allows (!) access without password

Mon Oct 07, 2019 4:35 pm

I had problems with Samba which sound similar to your own.

I recall the issue was that it was defaulting to being guest access, gave every impression of having connected as I had expected but without the permissions.

For me, not using 'thunar', that came down to a mismatch in user\hostname in the connection field and what the pi actually knew it was, "pi\raspberrypi" versus "pi\Pi3B".

I recall disabling guest access revealed the issue.

Not sure if that's the problem here but it might be worth checking.

oksage
Posts: 19
Joined: Fri Dec 01, 2017 6:44 am

Re: samba home share allows (!) access without password

Thu Oct 10, 2019 3:59 am

thagrol wrote:
Mon Oct 07, 2019 9:52 am
I'm not the samba expert on here and I don't use thunar but three things spring to mind:
  1. In the default config [homes] is not browseable.
  2. Have you previously logged in to the samba server as the same user?
  3. In my experience the expected way to access the homes share is by (using windows explorer syntax) \\server\user not \\server\homes then logging in as the desired user.
1) Homes not browseable by default? I must have changed that at some point. Shouldn't matter to my problem either way though, unless I'm missing something.
2) I have previously logged on. Been using this pi as a samba server for years. Sometimes browsing thunar ('go' in menu > browse network), doesn't work, but typing directly into thunar's 'location' bar does.
3) To log in without browsing, I type in smb://ip/share (from linux to pi). I listed the wrong syntax in my original post.

I wonder if thunar is storing the password somehow. But you'd think any stored passwords would be lost when restarting my laptop.

oksage
Posts: 19
Joined: Fri Dec 01, 2017 6:44 am

Re: samba home share allows (!) access without password

Thu Oct 10, 2019 4:05 am

hippy wrote:
Mon Oct 07, 2019 4:35 pm
I had problems with Samba which sound similar to your own.

I recall the issue was that it was defaulting to being guest access, gave every impression of having connected as I had expected but without the permissions.

For me, not using 'thunar', that came down to a mismatch in user\hostname in the connection field and what the pi actually knew it was, "pi\raspberrypi" versus "pi\Pi3B".

I recall disabling guest access revealed the issue.

Not sure if that's the problem here but it might be worth checking.
I added 'guest ok = no' to the homes section of smb.conf and restarted smbd and nmbd on the pi, but the problem still persists.

hortimech
Posts: 460
Joined: Wed Apr 08, 2015 5:52 pm

Re: samba home share allows (!) access without password

Thu Oct 10, 2019 8:11 am

oksage wrote:
Thu Oct 10, 2019 4:05 am
I added 'guest ok = no' to the homes section of smb.conf and restarted smbd and nmbd on the pi, but the problem still persists.
It would, you just added a default line.

This is your 'homes' share:

Code: Select all

[homes]
   comment = Home Directories
   browseable = yes
   read only = no
   create mask = 0775
   directory mask = 0775
   valid users = %S
Would it help if I told you that you are shooting yourself in the foot ?
By setting 'browseable = yes' you are unhiding the 'homes' share and it is allowing you to browse to the share, change its value to 'no'.
Your masks are allowing anyone read access to the share, change the value to '0700'

Return to “Troubleshooting”