hunter69 Posted September 9, 2011 Share Posted September 9, 2011 I recently upgraded from 4.5.6 Pro to 4.7. I then upgraded from 4.7 to 5.0 beta12a. Everything seemed to go well. I followed the instruction for the upgrade. I read the security over view. I think I understand the permissions and the way to configure them. I have a share the I set r/w and read only permissions. I have set the smb permissions. I test the permissions by logging on to a computer with a user not allowed into the share. This person has full access into the share. So now I am looking for help to solve this issue. Here is how I have the share setup and Security permissions: Share name= Movies Allocation method=High-water Split Level 2 Cache disk=yes AFP security setting=no SMB security settings=yes Security=Private User access= the users I have created on my server. When I created the users I used the exact username and password as on the windows machine. I am testing from a Windows 7 32bit OS. So lets say I setup the security to allowed sfoster into the share with r and r/w. I log onto the Win 7 machine as fred. Fred is not defined in the security permissions as having allowed any type of access. Fred as complete access including delete permissions. It seems as though the share is maintaining "public" type permissions. I really appreciate any help with this issue. If I did not provided certain critical info to troubleshoot this please let me know so I can provide that info. Quote Link to comment
limetech Posted September 10, 2011 Share Posted September 10, 2011 I recently upgraded from 4.5.6 Pro to 4.7. I then upgraded from 4.7 to 5.0 beta12a. Everything seemed to go well. I followed the instruction for the upgrade. I read the security over view. I think I understand the permissions and the way to configure them. I have a share the I set r/w and read only permissions. I have set the smb permissions. I test the permissions by logging on to a computer with a user not allowed into the share. This person has full access into the share. So now I am looking for help to solve this issue. Here is how I have the share setup and Security permissions: Share name= Movies Allocation method=High-water Split Level 2 Cache disk=yes AFP security setting=no SMB security settings=yes Security=Private User access= the users I have created on my server. When I created the users I used the exact username and password as on the windows machine. I am testing from a Windows 7 32bit OS. So lets say I setup the security to allowed sfoster into the share with r and r/w. I log onto the Win 7 machine as fred. Fred is not defined in the security permissions as having allowed any type of access. Fred as complete access including delete permissions. It seems as though the share is maintaining "public" type permissions. I really appreciate any help with this issue. If I did not provided certain critical info to troubleshoot this please let me know so I can provide that info. Yes I'll take a look at this. There are some non-intuitive interactions between Samba and Windows in regards to authentication, mainly due to credential caching. This is because when a user "logs out" on a PC, no other machines on the network really "know" this (note that Active Directory solves all these kinds of issues). Below are the steps Samba (linux SMB) uses to authenticate. Your scenario might be caused by #4 below. One thing to try is, while logged in as 'sfoster', open a command window (on Windows PC) and type: net use /delete * Then log out and log in as Fred and see if Fred can still access. NOTE ABOUT USERNAME/PASSWORD VALIDATION There are a number of ways in which a user can connect to a service. The server uses the following steps in determining if it will allow a connection to a specified service. If all the steps fail, the connection request is rejected. However, if one of the steps succeeds, the following steps are not checked. If the service is marked “guest only = yes” and the server is running with share-level security (“security = share”, steps 1 to 5 are skipped. 1. If the client has passed a username/password pair and that username/password pair is validated by the UNIX system´s password programs, the connection is made as that username. This includes the \\server\service%username method of passing a username. 2. If the client has previously registered a username with the system and now supplies a correct password for that username, the connection is allowed. 3. The client´s NetBIOS name and any previously used usernames are checked against the supplied password. If they match, the connection is allowed as the corresponding user. 4. If the client has previously validated a username/password pair with the server and the client has passed the validation token, that username is used. 5. If a user = field is given in the smb.conf file for the service and the client has supplied a password, and that password matches (according to the UNIX system´s password checking) with one of the usernames from the user = field, the connection is made as the username in the user = line. If one of the usernames in the user = list begins with a @, that name expands to a list of names in the group of the same name. 6. If the service is a guest service, a connection is made as the username given in the guest account = for the service, irrespective of the supplied password. Quote Link to comment
hunter69 Posted September 11, 2011 Author Share Posted September 11, 2011 I looged in as sfoster and typed the following: net use /delete * then I logged in as Fred. This did not make a difference. Fred can still acces and delete things from the share. I conducted a test. On the macbook Pro it tells me who it is connecting as. It was connecting as "guest" and I could not access the share. I told it to connect as "sfoster" and I could access the share. So I think the security is working but I am not sure how to enforce the security to the accounts on the Windows 7 machine. Any ideas, suggestions? Quote Link to comment
prostuff1 Posted September 11, 2011 Share Posted September 11, 2011 So I think the security is working but I am not sure how to enforce the security to the accounts on the Windows 7 machine. Any ideas, suggestions? [smart_ass_response] stop using windows 7 [/smart_ass_response] Quote Link to comment
hunter69 Posted September 11, 2011 Author Share Posted September 11, 2011 I figured out that the unraid security is working fine. Windows 7 was caching network share credentials. Here is a command that you use in the cmd prompt if you need to delete network credentials: rundll32.exe keymgr.dll, KRShowKeyMgr Thanks for the help Bill Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.