>[оверквотинг удален]
>в [share 2]
>path = blabla
>(здесь будет работать public = no из сексии глобал)
>valid users = user [@user_group]
>
>вообщем, ксперементируй, тренируйся
>самба позволяет шары так обезопасить, как винде и не снилось
>а если ещё файрволл подключить, то и комар не пролетит
>
>от windows AD лучше вообще отказаться/избавиться Забавно, но по Вашему посту я понял, что знаю, как настраивается Samba лучше, чем Вы :)
Речь ведь шла о том, чтобы отображать список папок любому компьютеру (вне зависимости от того, что у него, домен или раб-группа, ноут и т.д.) :)
Естественно я в курсе, что есть команды chmod и chown :) :) :)
При дефолтной настройке Samba при security = user - список папок кому попало не отображается - сначало нужно авторизоваться...
В общем я сейчас уже нашел решение - оно было описано в man 5 smb.conf:
map to guest (G)
This parameter is only useful in SECURITY = security modes other
than security = share and security = server - i.e. user, and
domain.
This parameter can take four different values, which tell smbd(8)
what to do with user login requests that don't match a valid UNIX
user in some way.
The four settings are :
•
Never - Means user login requests with an invalid password
are rejected. This is the default.
•
Bad User - Means user logins with an invalid password are
rejected, unless the username does not exist, in which case
it is treated as a guest login and mapped into the guest
account.
•
Bad Password - Means user logins with an invalid password
are treated as a guest login and mapped into the guest
account. Note that this can cause problems as it means that
any user incorrectly typing their password will be silently
logged on as "guest" - and will not know the reason they
cannot access files they think they should - there will
have been no message given to them that they got their
password wrong. Helpdesk services will hate you if you set
the map to guest parameter this way :-).
•
Bad Uid - Is only applicable when Samba is configured in
some type of domain mode security (security = {domain|ads})
and means that user logins which are successfully authenti-
cated but which have no valid Unix user account (and smbd
is unable to create one) should be mapped to the defined
guest account. This was the default behavior of Samba 2.x
releases. Note that if a member server is running winbindd,
this option should never be required because the nss_win-
bind library will export the Windows domain users and
groups to the underlying OS via the Name Service Switch
interface.
Note that this parameter is needed to set up "Guest" share
services when using security modes other than share and
server. This is because in these modes the name of the
resource being requested is not sent to the server until after
the server has successfully authenticated the client so the
server cannot make authentication decisions at the correct
time (connection to the share) for "Guest" shares. This param-
eter is not useful with security = server as in this security
mode no information is returned about whether a user logon
failed due to a bad username or bad password, the same error
is returned from a modern server in both cases.
Соответственно, при дефолтном конфиге smb.conf параметр равен: Never, а в этой задачке нужно так:
map to guest = Bad User
Еще неплохо бы однозначно определить анонимного пользователя:
guest account = nobody
Только в этом случае при security = user список папок без проблем отдается любому.
А уж далее делаем как нам нужно:
# Доступ в первую - полный, анонимный
[testshare1]
path = /backup/samba/testshare1
browseable = yes
writable = yes
guest ok = yes
guest only = yes
# Доступ во вторую - только с авторизацией по базе пользователей Samba
[testshare2]
path = /backup/samba/testshare2
browseable = yes
writeable = yes
# Доступ в третью - только указанному пользователю:
[backup]
path = /backup
browseable = yes
writable = yes
public = no
guest ok = no
guest only = no
valid users = egor
write list = egor
В общем - greenwar - это Вам нужно "ксперементировать и тренируваться" :)