Posted: Mon Oct 08, 2007 21:15 Post subject: Users for Samba auth??
You'll have to forgive me as I'm relatively new at this...
Having been pleased with DD-WRT performance on my WRT54G, and having been thrilled when I added a GL as a wireless bridge, I decided to take it to the next level... I invested in an Asus WL-500W and a couple of hard drives and external cases. The idea was to combine the ssh tunneling and dyndns and all the features I enjoy now, with 1 TB of attached network storage and openvpn, as well as on-router torrent access, without having to leave a computer running. The golden age, if you will.
Having gotten v24 RC3 running on the 500W and gotten the startup script just right, mounting the drives and partitions, I'm doing the optware thing on one of them, running samba2, and trying to set up shares.
At this point, samba is running pretty much out of the box. From windows machines on the network I'm able to read from shares configured with public = yes, but they're currently read-only even though as far as samba is concerned they're set up to be writable...
More importantly, I want to restrict access based on username and password. I would like some shares to be read-only to all users but myself, and some shares to be invisible to anyone but myself... I'd also like all shares to be invisible to anyone who's not a user at all.
As far as I know, though, when you do that you're authenticating against the unix users and groups.
DD-WRT's linux system files are read-only, and no useradd or adduser or direct access to the files in question is supplied.
(I also can't access samba's cgi web interface for some reason, that just doesn't work. So I can't even see if I can set up the restrictions I want using it.)
Someone must be using this kind of configuration, as the optware tutorial has a whole section on setting up samba...
SO, how can you authenticate users if you can't add users to the linux system?
Is there some sort of alternative text-based list of groups and users and passwords that I can actually write to and samba installed in /opt/ will examine? Someone please help me out, as openwrt doesn't sound like it's ready for USB sharing on the WL-500W and if I roll back to the asus stock firmware I lose a lot of the dd-wrt features I love. I'm stalled right now, reading my files but being unable to write any.
Reading this over, I realise it might not be clear and needs a summary.
Running: DD-WRT v24 SP3
On router: Asus WL-500W
Goal: Running samba2 ON the router, to share drives plugged into the router's USB ports
Problem: How to handle samba user permissions in a sandbox that doesn't allow you to add linux users.
There, nice and succinct... I should have just said it like that in the beginning.
Hmm, even if I can write to the passwd file, which I thought I couldn't, yeah the passwords are hashed and I don't know by what scheme so I can't create proper hashed passwords. useradd is designed to do this, I don't know why it's not possible to get it on dd-wrt unless it's by design because users CAN'T be added.
Connecting the drives to a PC and sharing them over the network would defeat the entire purpose. That's just what the hope was to STOP doing.
But to get samba user security to work, you just have to add a user with the command above and then use 'smbpasswd -a username' (replace username with actual name) to add a samba password for that user and then you are off and running.
Of course replace 'nobody' with your actual username and modify the rest accordingly. Google 'passwd' to understand each part you may need to modify.
Bird this little snippet should be on a sticky...I have looked at a lot of threads, howtos etc.only mention was adding unix /linux user with adduser no a dd-wrt command..
Thanks - could not get built in samba to run on network share so installed on entware samba4..
Posted: Tue Mar 26, 2024 16:58 Post subject: the code
This code "echo "nobody:*:65534:65534:nobody:/var:/bin/false" >> /etc/passwd"did allow me to successfully add a smbuser to samba. but it became real s.s after reboot.. Samba will not allow a user to be added unless there is a valid linux user...So this becomes a issue "for me" when trying to setup entware samba..
At the end I returned to the built in samba and was able to finally get share working...It looks like the network path is an issue and is effected by the way the usb drive is partitioned.."I did see a partition note on the dd-wrt wiki for samba..
DD-WRT mounts the first partition to the drive label. I can see the issue on windows 7, when accessing the shared drive because the network path is different on the two windows p.c..go figure, but once I mapped the drive all was good..