Samba server vyzaduje heslo ?

Leos Bitto bitto na atrey.karlin.mff.cuni.cz
Pondělí Březen 27 15:30:27 CEST 2000 

Jan Satko (satko na quanto.uniag.sk) wrote:
: > Pozor - "security = share" je nastaveni serveru, ten nema jmeno co predavat,
: > ten ho jen prijima.
: 
: Takze nakolko neviem pana Bitta presvedcit normalne skusime to  vlastnym
: popisom samby:

Tu dokumentaci je nutno cist celou, ne jen jeden odstavec vytrzeny
z kontextu. Pokudim se doplnit podstatne casti.

: Ok, now for share level security. In share level security (the default
: with samba) the client authenticates itself separately for each
: share. It will send a password along with each "tree connection"
: (share mount).

S touto casti nelze nez souhlasit.

: It does not explicitly send a username with this operation.

Zde je treba si ovsem nejdrive precist toto:

Many clients send a "session setup" even if the server is in share
level security. They normally send a valid username but no
password. Samba records this username in a list of "possible
usernames".

Podotykam ze "many clients" znamena prinejmensim Windows 3.11, 95, 98,
NT4, 2000 a MacOS, s jinymi klienty jsem to nemel moznost zkouset.

Takze jak probiha predavani jmena/hesla pri "security=share":
Nejprve probehne "session setup", kde se preda jmeno, a pak
probehne "tree connection" kde se preda heslo.

A jeste pro uplnost co se deje pri "security=server":
Nejprve probehne "session setup", kde se preda jak jmeno tak heslo,
a odmenou je klientovi jakesi "uid". To uid pak posila pri
"tree connection" a uz neposila ani jmeno ani heslo.

Je tedy videt ze v obou pripadech se preda jak jmeno tak heslo,
a nedochazi k zadnemu hadani at uz jmena ci hesla ze strany serveru.

: The client is expecting a password to be associated with
: each share, independent of the user. This means that samba has to work
: out what username the client probably wants to use. It is never
: explicitly sent the username.

Viz vyse - jmeno se preda jiz behem "session setup".

: Some commercial SMB servers such as NT actually
: associate passwords directly with shares in share level security, but
: samba always uses the unix authentication scheme where it is a
: username/password that is authenticated, not a "share/password".

To je pravda, ale pro nas je to nepodstatne.


Leos Bitto

Další informace o konferenci Linux