FANDOM


Forums: Index > Help desk > How to make samba root access password protected


After running IOMTOOLS and making root access available with write permissions, it seems anybody on the network can connect and add/remove/delete whatever they want. So I would like to make the "Root" share password protected. I tried several things:


SCENARIO #1

Add password to root account, using command "passwd" and followed prompts to enter and verify new password. (But then the ALL shares are inaccessible from Windows). So I telnet back in using new password and use command "passwd" again and hit "enter" (for blank password) at prompts to enter and verify new password. (All shares are accessible again)


SCENARIO #2

Add user using command "adduser"


BusyBox v1.1.3 (2008.08.05-12:04+0000) multi-call binary

Usage: adduser [OPTIONS] user_name

Adds a user to the system

Options:

       -h DIR          Assign home directory DIR
       -g GECOS        Assign gecos field GECOS
       -s SHELL        Assign login shell SHELL
       -G              Add the user to existing group GROUP
       -S              create a system user (ignored)
       -D              Do not assign a password (logins still possible via ssh)
       -H              Do not create the home directory

I type "adduser root2" then I type "passwd root2" and assign "root2" as password I then change /usr/local/samba/lib/smb.conf using vi with command "vi /usr/local/samba/lib/smb.conf"

  1. This is the main Samba configuration file.
  2. Create by IomTools.

#======================= Global Settings =====================================

[global]

       log file = /usr/local/etc/dvdplayer/samba/log/log.%m
       max log size = 1000
       lock dir=/usr/local/etc/dvdplayer/samba/lock
       pid directory=/usr/local/etc/dvdplayer/samba/pid
       private dir=/usr/local/etc/dvdplayer/samba/priv
       smb passwd file = /etc/smbpasswd
       encrypt passwords = yes   
       guest account = root <------ Changed to "root2"
       write cache size = 0
       hide dot files = yes
       security = share <------ Changed to "user"
       passdb backend = tdbsam
       load printers = no
       disable spoolss = yes
       max open files = 10000
       max connections = 4;;5
       max mux = 10
       max smbd processes = 4;;5
       dns proxy=No
       use sendfile=yes
       guest account=root <------ Changed to "root2"
       encrypt passwords=yes
       passdb backend=smbpasswd
       socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=2048 SO_RCVBUF=204
       read raw=yes
       write raw=yes
       oplocks=yes
       max xmit=65535
       dead time=15
       getwd cache=yes
       lpq cache=30
       read prediction=yes
       client NTLMv2 auth=yes
       netbios name = MediaService
       workgroup = WORKGROUP
       server string = MediaService

#============================ Share Definitions ==============================

[ScreenPlay]

 comment = ScreenPlay
 path = /tmp/hddmedia
 writeable = yes
 browseable = yes
 guest ok = yes

[usbshare]

comment = usbshare
path = /mnt/usbmounts/sda1
writeable = yes
browseable = yes
guest ok = yes

[Root]

comment = Root
path = /
writeable = yes
browseable = yes
guest ok = yes <------ Changed to "no"

#============================ End 11/1/2009 11:09:17 PM ========================


Now when connecting from windows I get prompted for username and password. I tried root/<blank> & root2/root2. I google the issue and find I need to give user "root2" a samba password with command "smbpasswd root2" but get this error:

/ # smbpasswd root2

-sh: smbpasswd: not found

/ #

I thought I was on the right track, but am lost now.

HELP!

Special:Contributions/MacDaddy SF 10:11, November 3, 2009 (UTC)


Well, you made very remarkable progress. I commend you. Yes, you are on the right track. Yes, you do need to add the user. But smbpasswd is not one of the built in commands for the screenplay. That would totally suck if that were a dead end. But it isn't :)
There happens to be a toolchain that I've recently blogged about. Upon seeing your situation and seeing that you needed smbpasswd, I decided to look at the Ellion source and see if Samba was there. And it was, along with all samba utilities. So I compiled it, stripped it, and I have tested it. I used smbpasswd -a root (I've assigned root a password), gave it the samba password I wanted to use and now it is working.
So, here you go. --JCoug 05:23, November 4, 2009 (UTC)
By the way, I didn't have to do the root2 or change the security to user. It asks for the password for guest and I just put in the smb root password. Worked great! --JCoug 06:35, November 4, 2009 (UTC)


Jcoug, Thank you for compiling that smbpasswd file for the rest of us to use. I also have the samba shares password protection working, but its not quite what I want. I want to share the MAIN MEDIA portion of the drive without a password (as it is out the box) and the ROOT (file system) share with a password. So I am going to do something similar to this ( [1] ) unless you know an easier way to get the job done.

MacDaddy SF 07:21, November 4, 2009 (UTC)


Actually, that's exactly how mine works. Look at my blog entry. My Main media does not require a password, and it asks for a password when I try to browse to my root file system. --JCoug 08:40, November 4, 2009 (UTC)

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.