Hallo Georg,
danke mal für deine rasche Antwort. Der LinVDR (basierend auf Debian)
ist gleichzeitig ein Samba-Server und stellt mir im Intranet die
aufgenommenen Filme im .vdr-Format im jeweiligen Home zur Verfügung,
die dann mit dem Mplayer angeschaut werden können. Also besteht hier -
meines Erachtens - kein wirklich sicherheitsrelevantes Problem,
bezogen auf den Anonymous login. Leider bin ich kein allzugrosser
Samba-Spezialist, da ich Samba nur für diese Aufgabe verwende und mir
ein Freund den LinVDR aufgesetzt hat.
Zuerst nachträglich meine smb.conf (serverseitig):
/etc/samba/smb.conf
*************************
# Samba config file created using SWAT
# from 10.0.1.61 (10.0.1.61)
# Date: 2003/12/06 15:48:34
# Global parameters
[global]
unix charset = ISO8859-15
display charset = UTF-8
workgroup = VDR
server string = %h server (Samba %v)
passdb backend = tdbsam, guest
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
dns proxy = No
ldap ssl = no
panic action = /usr/share/samba/panic-action %d
invalid users = root
[homes]
comment = Home Directories
create mask = 0700
directory mask = 0700
browseable = No
[video]
comment = Video
path = /video
read only = No
create mask = 0755
/usr/share/samba/smb.conf
*****************************
|* |* le configuration file for the Samba suite for Debian GNU/Linux.
#
#
# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options most of which
# are not shown in this example
#
# Any line which starts with a ; (semi-colon) or a # (hash)
# is a comment and is ignored. In this example we will use a #
# for commentary and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command
# "testparm" to check that you have not many any basic syntactic
# errors.
#
#======================= Global Settings =======================
[global]
## Browsing/Identification ###
# Change this to the workgroup/NT-domain name your Samba server will
part of
workgroup = DEBIAN_FANS
# server string is the equivalent of the NT Description field
server string = %h server (Samba %v)
# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable its WINS
Server
; wins support = no
# WINS Server - Tells the NMBD components of Samba to be a WINS Client
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT
both
; wins server = w.x.y.z
# This will prevent nmbd to search for NetBIOS names through DNS.
dns proxy = no
# What naming service and in what order should we use to resolve host
names
# to IP addresses
; name resolve order = lmhosts host wins bcast
#### Debugging/Accounting ####
# This tells Samba to use a separate log file for each machine
# that connects
log file = /var/log/samba/log.%m
# Put a capping on the size of the log files (in Kb).
max log size = 1000
# If you want Samba to only log through syslog then set the following
# parameter to 'yes'.
; syslog only = no
# We want Samba to log a minimum amount of information to syslog.
Everything
# should go to /var/log/samba/log.{smbd,nmbd} instead. If you want to
log
# through syslog you should set the following parameter to something
higher.
syslog = 0
# Do something sensible when Samba crashes: mail the admin a backtrace
panic action = /usr/share/samba/panic-action %d
####### Authentication #######
# "security = user" is always a good idea. This will require a Unix
account
# in this server for every user accessing the server. See
# /usr/share/doc/samba-doc/htmldocs/ServerType.html in the samba-doc
# package for details.
; security = user
# You may wish to use password encryption. See the section on
# 'encrypt passwords' in the smb.conf(5) manpage before enabling.
encrypt passwords = no
# If you are using encrypted passwords, Samba will need to know what
# password database type you are using.
passdb backend = tdbsam guest
obey pam restrictions = yes
; guest account = nobody
invalid users = root
# This boolean parameter controls whether Samba attempts to sync the
Unix
# password with the SMB password when the encrypted SMB password in
the
# passdb is changed.
; unix password sync = no
# For Unix password sync to work on a Debian GNU/Linux system, the
following
# parameters must be set (thanks to Augustin Luton
<aluton(a)hybrigenics.fr> for
# sending the correct chat script for the passwd program in Debian
Potato).
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
# This boolean controls whether PAM will be used for password changes
# when requested by an SMB client instead of the program listed in
# 'passwd program'. The default is 'no'.
; pam password change = no
########## Printing ##########
# If you want to automatically load your printer list rather
# than setting them up individually then you'll need this
; load printers = yes
# lpr(ng) printing. You may wish to override the location of the
# printcap file
; printing = bsd
; printcap name = /etc/printcap
# CUPS printing
-----------------------------------------------------------------
Ich habe nun in der /usr/share/samba/smb.conf folgende Veränderung
gemacht und den Dienst neu gestartet - leider ohne Erfolg:
####### Authentication #######
# "security = user" is always a good idea. This will require a Unix
account
# in this server for every user accessing the server. See
# /usr/share/doc/samba-doc/htmldocs/ServerType.html in the samba-doc
# package for details.
; security = user
Änderung in:
security = share
Ich werde jetzt mal weitersuchen (hoffentlich mit Erfolg) - vielleicht
hast du ja noch einen Tip für mich - wäre super.
Gruss aus dem sonnigen Vorarlberg
Schifahren wäre wohl besser als vor die Kiste zu sitzen ;-)
Anton