Hint 1:
Most - almost all - users will be able to just use the box name as a host.
So instead of mounting some fancy numbers (Which is pretty 90s), you could mount vusolo4k, e.g. \\vusolo4k\Harddisk or \\vusolo4k\Root
Hint 2:
Samba is configured to do "all or nothing".
Either you provide proper credentials and an empty password is not be considered as being proper - or - you provide no credentials at all (Windows will access the server as "guest" then, which does not exist on the server side and leds to an escalation to user root.
This is how Samba will treat login attempts:
User: root
Password: (empty)
-> Fails, due to "root" being a real existing user, but empty passwords not being allowed
User: r00t
Password: (empty)
-> Succeeds, due to "r00t" being a non-existant (= invalid) user
User: guest
Password: (empty)
-> Succeeds, due to "guest" being a non-existant (= invalid) user
Once you create a password for user "root" on the box, logins for root always succeed according to this pattern:
User: root
Password: (correct password)
-> Obviously succeeds
User: root
Password: (wrong one)
-> Also succeeds, due to the password being valid (non-empty) but bad
As you can see, almost any login attempt will succeed, except if the user tries to be (semi-)smart and provides the user name "root" while the configuration for user "root" was never finished (has no password).
Well, why was Samba pre-configured in this way?
Because it allows an important configuration change in just
one step:
The
default is entirely insecure, but very user-friendly. You can
just double-click the box and then its shares in Windows to access the box.
I don't like this default but it has been that way since E2 evolved, so I re-designed it in a way that the behaviour is
still the default but can easily be changed.
You can make Samba secure (Truely require credentials for access) by changing just this one line
in /etc/samba/smb.conf to
The default makes failed logins escalate to "root" rights, the changed setting makes failed logins degrade to the rights of user "nobody" (Who has zero rights at all).
That way you can easily lock out others, e.g. minors, from access to your harddisk, e.g. XXX recordings
You can even have Windows auto-logon to the Samba server, even with the usually different kind of user names in Windows:
Typical Linux user names are "root", "fsmith" and short stuff like that.
Windows on the other hand uses full names with whitespaces as user names, e.g. "Frank Smith".
To overcome this problem, Samba offers a "users.map", a configuration file in /etc/samba/private
There is a sample users.map in our Samba, for OpenViX it looks like this:
root = "OpenViX User" "OpenViX-Benutzer" "Administrator"
kids = "Charlie Brown"
Assuming you want secure access to the box and have created a password for user "root", you would
normally have to specify "login using different credentials" in Windows to use user "root" and its credentials for the login ... on any machine in your network and whenever you re-configure the mount.
But instead you can also add your Windows' user name to the list behind root =, e.g. for "Frank Smith" you would change the first line above to
Although Windows will still send "Frank Smith" as user name, Samba will then treat this login attempt as one from user "root", so if you use the same password for user "root" on the box and "Frank Smith" on Windows, Windows will auto-login when accessing from Frank Smiths account (but fail with other accounts)
Note:
The "kids" user exists and works, but E2 creates all files as "world readable", so it is of no use yet.
The idea/hope was, that someone would make E2 create recordings from blacklisted stations with rights 700 instead of 755, which would be all that is required to make the "kids" user not see/access them.
For the 7yrs old son "Mike Smith" you could then simply change the kids line to
kids = "Mike Smith"
in order to have Mike Smith get access to his "Disney Channel" recordings but not to those on Brazzers TV Europe ...
The "kids" user even already exists in vsftpd too ...
