samba problem

ssl6 · 2007-09-22 06:11:25

ok, this has been getting on my nerves for a week. i've been trying everything i can think of. going through the docs for manual config, and going back and forth between manually configuring and using the kde tool.........

anyway, what i want, i think is pretty simple. just a read only share, accessible via anything within my network address. and i have the shares, i can see them when i browse from any machine on the network, but when i try to open one

, i get a path doesnt exist, or access denied from the windows xp machines, i forgot what vista said, but thats vista anyway, its not important

but heres the smb.conf content, if anyone can help me out here, or even pull stuff i dont need in there to slim it down?

# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
#
# For a step to step guide on installing, configuring and using samba,
# read the Samba-HOWTO-Collection. This may be obtained from:
#  http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf
#
# Many working examples of smb.conf files can be found in the
# Samba-Guide which is generated daily and can be downloaded from:
#  http://www.samba.org/samba/docs/Samba-Guide.pdf
#
# Any line which starts with a ; (semi-colon) or a # (hash)
# is a comment and is ignored. In this example we will use a #
# for commentry and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command "testparm"
# to check that you have not made any basic syntactic errors.
#
#======================= Global Settings =====================================
[global]

# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
workgroup = WHORES R US

# server string is the equivalent of the NT Description field
server string = Samba Server

# Security mode. Defines in which mode Samba will operate. Possible
# values are share, user, server, domain and ads. Most people will want
# user level security. See the Samba-HOWTO-Collection for details.
security = share

# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page
;   hosts allow = 192.168.1. 192.168.2. 127.

# If you want to automatically load your printer list rather
# than setting them up individually then you'll need this
load printers = no

# you may wish to override the location of the printcap file
;   printcap name = /etc/printcap

# on SystemV system setting printcap name to lpstat should allow
# you to automatically obtain a printer list from the SystemV spool
# system
;   printcap name = lpstat

# It should not be necessary to specify the print system type unless
# it is non-standard. Currently supported print systems include:
# bsd, cups, sysv, plp, lprng, aix, hpux, qnx
;   printing = cups

# Uncomment this if you want a guest account, you must add this to /etc/passwd
# otherwise the user "nobody" is used
;  guest account = pcguest

# this tells Samba to use a separate log file for each machine
# that connects
log file = /var/log/samba/log.%m

# Put a capping on the size of the log files (in Kb).
max log size = 50

# Use password server option only with security = server
# The argument list may include:
#   password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
# or to auto-locate the domain controller/s
#   password server = *
;   password server = <NT-Server-Name>

# Use the realm option only with security = ads
# Specifies the Active Directory realm the host is part of
;   realm = MY_REALM

# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
;   passdb backend = tdbsam

# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting.
# Note: Consider carefully the location in the configuration file of
#       this line.  The included file is read at that point.
;   include = /usr/local/samba/lib/smb.conf.%m

# Configure Samba to use multiple interfaces
# If you have multiple network interfaces then you must list them
# here. See the man page for details.
;   interfaces = 192.168.12.2/24 192.168.13.2/24

# Browser Control Options:
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
;   local master = no

# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
;   os level = 33

# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
;   domain master = yes

# Preferred Master causes Samba to force a local browser election on startup
# and gives it a slightly higher chance of winning the election
;   preferred master = yes

# Enable this if you want Samba to be a domain logon server for
# Windows95 workstations.
;   domain logons = yes

# if you enable domain logons then you may want a per-machine or
# per user logon script
# run a specific logon batch file per workstation (machine)
;   logon script = %m.bat
# run a specific logon batch file per username
;   logon script = %U.bat

# Where to store roving profiles (only for Win95 and WinNT)
#        %L substitutes for this servers netbios name, %U is username
#        You must uncomment the [Profiles] share below
;   logon path = \\%L\Profiles\%U

# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
;   wins support = yes

# WINS Server - Tells the NMBD components of Samba to be a WINS Client
#    Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
;   wins server = w.x.y.z

# WINS Proxy - Tells Samba to answer name resolution queries on
# behalf of a non WINS capable client, for this to work there must be
# at least one    WINS Server on the network. The default is NO.
;   wins proxy = yes

# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups. The default is NO.
dns proxy = no
restrict anonymous = no
domain master = no
preferred master = no
max protocol = NT
acl compatibility = win2k
ldap ssl = No
server signing = Auto
map to guest = Bad User
guest ok = yes

[Stuff]
case sensitive = no
strict locking = no
msdfs proxy = no
path = /home/urmom/stuff/
hosts allow = 192.168.1.*
locking = no
mangled names = no

[Shared]
case sensitive = no
strict locking = no
msdfs proxy = no
path = /share/
guest ok = no

[SHARE]
path = /home/urmom/Desktop/share/
case sensitive = no
strict locking = no
msdfs proxy = no

i dunno whats so hard here, ubuntu shared files no problem, i dont get this, its not like im setting special permissions for an entire domain, i just want one public share on this machine that anyone can browse

shazeal · 2007-09-22 06:53:18

I know this is basic stuff, but does /etc/hosts.allow contain the relevant entries for samba allowing the network machines access?

ssl6 · 2007-09-22 07:15:14

basic? uhmmm........i should probably say right now that i dont know what im doing to be honest

hosts.allow is blank, aside form a couple lines commented out.

shazeal · 2007-09-22 13:11:32

Oh ok, thats probably it then try adding this to your /etc/hosts.allow

ALL:ALL

If that fixes your problem I suggest having a read of the archwiki for some bits on hosts.allow since ALL:ALL is very unsecure

buttons · 2007-09-22 13:25:43

Arch denies all incoming connections by default. That can be fixed by commenting out ALL: DENY in /etc/hosts.deny, or adding ALL: ALL in hosts.allow. /etc/hosts.allow will override /etc/hosts.deny, so it's simpler to comment out the line in /etc/hosts.deny. That way you can use /etc/hosts.deny to block hosts (like, say, adservers) in the future. By leaving ALL: ALL in /etc/hosts.allow, /etc/hosts.deny becomes useless.

EDIT: It's in the FAQ under "I can't SSH into my machine!" Yeah, it's a bit buried in there. I was really confused at first, too.

Last edited by buttons (2007-09-22 13:30:47)

ssl6 · 2007-09-22 14:53:11

that still doesn't work.

i'm not getting this. i've never had this kind of trouble sharing a folder with windows machines on linux

buttons · 2007-09-22 15:12:01

Huh. Well, I can tell you that map to guest = Bad User doesn't do anything when you're using security = share. Silly question: Does "nobody" have read access to the places you're trying to open (/home/urmom/stuff, /home/urmom/Desktop/share)? I've never used security = share before and honestly it seems rather confusing.

buttons · 2007-09-22 15:23:33

Here's mine, for reference:

[global]
    ; General server settings
    netbios name = freyja
    
    workgroup = MSHOME
    announce version = 5.0
    socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192

    passdb backend = tdbsam
    security = user
    null passwords = true
    username map = /etc/samba/smbusers
    name resolve order = hosts wins bcast
    domain master = yes
    local master = yes

    wins support = yes
    smb ports = 139

    printing = CUPS
    printcap name = CUPS

    syslog = 1
    syslog only = yes

; NOTE: If you need access to the user home directories uncomment the
; lines below and adjust the settings to your hearts content.
;[homes]
    ;valid users = %S
    ;create mode = 0600
    ;directory mode = 0755
    ;browseable = no
    ;read only = no
    ;veto files = /*.{*}/.*/mail/bin/

; NOTE: Only needed if you run samba as a primary domain controller.
; Not needed as this config doesn't cover that matter.
;[netlogon]
    ;path = /var/lib/samba/netlogon
    ;admin users = Administrator
    ;valid users = %U
    ;read only = no

; NOTE: Again - only needed if you're running a primary domain controller.
;[Profiles]
    ;path = /var/lib/samba/profiles
    ;valid users = %U
    ;create mode = 0600
    ;directory mode = 0700
    ;writeable = yes
    ;browseable = no

; NOTE: Inside this place you may build a printer driver repository for
; Windows - I'll cover this topic in another HOWTO.
[print$]
    path = /var/lib/samba/printers
    browseable = yes
    guest ok = yes
    read only = yes
    write list = root
    create mask = 0664
    directory mask = 0775

[printers]
    path = /tmp
    printable = yes
    guest ok = yes
    browseable = no

; Uncomment if you need to share your CD-/DVD-ROM Drive
;[DVD-ROM Drive]
    ;path = /media/cdrom
    ;browseable = yes
    ;read only = yes
    ;guest ok = yes

[MyFiles]
    path = /media/samba
    
    read only = no
    guest ok = no
    create mask = 0644
    directory mask = 0755
    force user = buttons
    force group = buttons
    available = yes
    browsable = yes
    public = yes
    writable = yes

After that, I have to enable users specifically by doing smbpasswd -a -e -n USER (gives a null password as well, scratch -n if you don't want that), and these users need to be in my /etc/passwd.

ralvez · 2007-09-22 16:24:35

Your problem is at the Sama configuration file, I think.
You are using security=share but I think you need security=user.
Then you need to create the accounts of the allowed users in the samba shares. If you take a quick look at the instructions for setting up Samba it tells you how to do that.
Then you need to add : encrypt passwords = yes because windows needs this setting in order to authenticate and that should be about it.

I have set up Samba a good number of times and that always works.

Hope this helps.

R

edit: by the way, set the passwords with the smbpasswd tool and make sure that your windows users passwords and the passwords of the Samba box are the same to avoid having to use two different passwords when going to the shares.

Last edited by ralvez (2007-09-22 16:27:51)

ssl6 · 2007-09-23 04:44:57

ok, well now this is pissing me off.........i have it working, halfway. i have a shared folder, that other users can now write to, nobody is going to use that but me, its mainly a place i can transfer things to for me to sort them in to the other folders that will be shared and readonly

so basically, the one called share, works fine, its accessible and writeable. but the other stuff folder, can't access it, can someone tell me why?

#======================= Global Settings =====================================
[global]

workgroup = WHORES R US
netbios name = URMOM-PC
server string = Samba Server
security = user
encrypt passwords = yes
username map = /etc/samba/smbusers

# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page
;   hosts allow = 192.168.1. 192.168.2. 127.


# Uncomment this if you want a guest account, you must add this to /etc/passwd
# otherwise the user "nobody" is used
;  guest account = pcguest

# this tells Samba to use a separate log file for each machine
# that connects
log file = /var/log/samba/log.%m

# Put a capping on the size of the log files (in Kb).
max log size = 50



# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups. The default is NO.
;dns proxy = no
;restrict anonymous = no
;domain master = no
;preferred master = no
;max protocol = NT
;acl compatibility = win2k
;ldap ssl = No
;server signing = Auto
;map to guest = Bad User
;guest ok = yes

#======================= Share Settings =====================================

[Stuff]
path = /home/urmom/stuff
browseable = yes
read only = yes
valid users = urmom, Lorraine, tris, xbox

[Shared]
path = /share/
browseable = yes
read only = no
valid users = urmom, Lorraine, tris, xbox

ralvez · 2007-09-23 14:38:52

Did you make the folder world readable in the Samba box?
I take the problem is in /home/urmom/stuff, so you do chmod 744 /home/urmom/stuff.

BTW it is _not_ a good thing that you use a folder inside your home directory (I know urmom is not your home directory, but just in case). If you are shearing slices of a Samba box with others make the directories like this : /shares/stuff so as to keep your home area and the shared area as separate as possible. The /shares belongs to root but sutff is set chmod 744

Hope this helps.

R.

Last edited by ralvez (2007-09-23 14:43:35)

ssl6 · 2007-09-23 22:03:11

actually, urmom is my home directory with my music and stuff folder i want shared. my stuff folder is mostly windows apps that i've collected over the years. and my music is stuff i want shared over network. soon enough those are going to be copied to a server, but right now my machines the onyl one with the storage for it

i got that stuff folder working though, just copied it to the main home directory, outside my users home folder and it worked fine. i made a link to it in my folder to avoid breaking my library in amarok and i wont get lost looking for stuff that to me is now out of place

Arch Linux

#1 2007-09-22 06:11:25

samba problem

#2 2007-09-22 06:53:18

Re: samba problem

#3 2007-09-22 07:15:14

Re: samba problem

#4 2007-09-22 13:11:32

Re: samba problem

#5 2007-09-22 13:25:43

Re: samba problem

#6 2007-09-22 14:53:11

Re: samba problem

#7 2007-09-22 15:12:01

Re: samba problem

#8 2007-09-22 15:23:33

Re: samba problem

#9 2007-09-22 16:24:35

Re: samba problem

#10 2007-09-23 04:44:57

Re: samba problem

#11 2007-09-23 14:38:52

Re: samba problem

#12 2007-09-23 22:03:11

Re: samba problem

Board footer