|
FC6 Samba Share Login
Hello All,
I shared a tmp directory in my local account using the SMB UI (System -> Administration -> Server Settings -> Samba). Samba Security/Authentication was set to "share": When I try to connect to via my intel mac I login using my windows username and password specified in the "samba users settings" Code:
I get the following error: username: <machine name>\Guest (this is grayed out and can't be changed) Password is blank (didn't see much point in putting in my password if my login name isn't set right) Can anyone tell me how I can fix this so that I can connect successfully from my mac or my windows machine? What security/authentication setting should I use? Is there a way to make it so that the I authenticate against my linux login (passwd file) |
You should change security = share to security = user if you want to use your passwd file for user details.
Your Windows and Mac machines need to connect as a guest user first, in order to ennumerate the available shares. This is before they prompt you for your real user's password. Ensure that the guest account = line is set up properly in smb.conf. It either needs to reference a real account, or it needs to be commented out (and the real account nobody must exist). |
My security setting is as follows:
# This option is important for security. It allows you to restrict # Use password server option only with security = server # Use the realm option only with security = ads ; security = user My share settings are as follows: [tmp] comment = Test Directory path = /home/lmcilwain/tmp writeable = yes browseable = yes valid users = lmcilwain My guest account settings are as follows: # Uncomment this if you want a guest account, you must add this to /etc/passwd ; guest account = pcguest guest ok = yes ; guest account = nobody ; guest ok = no ; guest account = nobody ; guest ok = yes ; guest ok = yes # Set public = yes to allow user 'guest account' to print ; guest ok = no ; only guest = yes So far to me, it seems right. Is there something I missed? |
What's security set to? The only security line there is commented out.
|
Somehow I lost track of this thread but I need to reopen it since I am revisiting trying to get this to work.
My issue is: I have set up a linux smb share on my FC6 machine. I am able to connect to the machine to see the share but I am not able to properly authenticate to read/write to the share. Here are my settings as of right now My smb.conf file is as follows for my home directory share: Code:
[temp]The guest account is set as follows: Code:
guest account = nobodyCode:
# Unix_name = SMB_name1 SMB_name2 ...Code:
smbpasswd -a lem |
A bit of a "Chinese answer", in that my Samba worked fine with FC5. I upgraded straight to Fedora 7 (it's not called FC7 for some, no doubt excellent, reason).
Samba wouldn't let the other machines on the network see the Linux one, whose main purpose is as a fileserver. The problem - which sounds very like yours - was caused by just three lines in smb.conf. It was the last, apparently insignificant, change that sorted it. Oh - and it takes a while for the changes to percolate over the network (or mine did) - quick changes may take you through the solution and past it before the other machines realise. On Windows machines, 'ipconfig /renew' seems to speed things up. In [global] REMOVE the 'guest ok' line ADD security = share In the individual blocks, guest ok = yes This is my complete smb.conf, which works fine: Quote:
|
In My current smb.conf file I have only the following enabled:
Code:
[global] |
Pretty much!
I'm not sure about the space in Samba Server - I avoided spaces (a very old habit). Try with a # in front of guest account = nobody - I had that and deleted it along the way. I ended up for several hours changing one thing at a time until it worked. That smb.conf is the one that did! |
OK, maybe I will just take your file and modify it to my environment and see if that saves me any time. Is that technically considered "cheating" :)
|
No such thing as cheating in this game ;)
Good luck! That file works for me... |
The problem is that you are disregarding the help you requested.
Brianette told you early on: "You should change security = share to security = user if you want to use your passwd file for user details." She wasn't just making that up. You just went on telling about your security being share, just like it didn't make any difference. Well, it does. And what's this fascination with the nobody account ? I am running a Fedora server, serving Windows workstation, and I don't bother with a nobody account. But my security is set to user. So what do you have in your /etc/hosts file? And what do you have in your /etc/sysconfig/network file? |
Unfortunately that was probably disregarded because I have tried user as well as any other of the security settings. Those don't show in any of the configs posted because its a change that was done prior to reposting again only to find that as far as I knew it didn't work. But sure, I will change it the security to user and leave it at that.
I don't know what the fascination is with the nobody account, that is where people have steered me to. I don't know much about setting up a samba server if anything at all so I'm taking whatever suggestions I can. In my host file is: Code:
[Firewall etc]$ more hostsCode:
[Firewall sysconfig]$ more network |
You still have to deal with Linux filesystem permissions. Having too many users to maintain a linux to windows username mapping file, I just chown smbuser:smbgroup /home/smbshare then set forceuser = smbuser and forcegroup = smbgroup in my smb.conf file. That keeps the samba users contained and eliminates all the administrative overhead.
Maybe someday I'll tackle integrating it all into my AD (MS LDAP) domain but right now it's just too much of a hassle for me. I'm not keeping anything top secret on my samba shares anyway. ;) |
OK, we have two disting subject going on here. I'm going to let Crito address the firewall and ldap concerns. I say this because we are both going to be telling you a lot of stuff, and I don't want you to thing we are telling you two different things. What I am telling you is just basic samba settup.
Your /etc/hosts file is missing an important line that it had originally. It needed modified, but not removed. Here is what it looked like to begin with: 127.0.0.1 localhost.localdomain localhost And here is what you want it modified to be: 127.0.0.1 Fedora-Vin.localdomain Fedora-Vin localhost.localdomain localhost Your computer is always localhost, and needs that here. Adding the name you want it known as on the Samba network to the front of it is done here as well. I supposed you wanted it called Fedora-Vin from what I saw in a previous post. You might want to change it to something else. |
OK, in your /etc/sysconfig/network file you should have something like this:
NETWORKING=yes NETWORKING_IPV6=yes HOSTNAME=Fedora-Vin.localdomain It looks like you are nameing your computer "Firewall". I know you want to do the firewall as well, but here it should carry the same name as in your hosts file. Perhaps Crito can tell you the appropriate palce to put that Firewall name. |
Honestly the naming of it I don't care about. If it needs to be something else I have no issues or attachments with changing that.
Crito - care to give me an idea of where I can formalize this. I would like to know where the names reside so I can name them all the same thing. |
I was going through your samba.conf file and found this:
encrypt passwords = no netbios name = FEDORA The netbios name is the name your computer has on Samba, and should be the same as the one given in /hosts and /sysconfig/network. Make them all Fedora-Vin or all FEDORA. And encrypt passwords is definately yes. This isn't just a preference based of how secure yout want to be. It is mandatory, or you won't be communicating with any Windows later than 98 or ME. Includ this as well: # Backend to store user information in. New installations should # use either tdbsam or ldapsam. smbpasswd is available for backwards # compatibility. tdbsam requires no further configuration. passdb backend = tdbsam And after this is added, you will want to re assign those password so that they go into tdbsam. system-config-samba Click on Preferences, then Samba Users and delete each user, then click OK and exit. Then go right back in and re-create each of the users, giving them the passwords. |
Oh, and do a testparm to let Fedora grade your samba.conf file. It can find things and bring them to your attention.
|
Edited to eliminate double post.
|
Quote:
I don't think the Netbios name gets used anywhere - I've never seen it appear. It's been FEDORA since when that was the "server string" name - I changed that to see what was doing what in smb.conf. I had to remove the "guest account nobody" to get mine to work. The problem I had - and which Imcilwain seems to be having, was that Samba said all the right things but just didn't work. I created a "minimal" smb.conf with about three lines, and added and removed stuff to see what happened. That file up there is the version that worked (and still works) in every respect I needed. It even allows me to print! I don't know how or why - don't care, really - but the proof of the pudding and all that. |
Some people are wondering what the guest account thing is all about. It's the anonymous account that client computers will use when they initially browse the shares on your Samba server, and it should be a valid Unix account. If you remove it, it defaults to the user nobody. It can be changed in case you have sensitive files on your system owned by nobody and don't want any potential Samba exploit to be able to compromise them.
The guest account, if disabled somehow, will cause client Windows PCs to be prompted for a password just to browse the shares in Network Neighbourhood. Windows always attempts to log in anonymously to list the shares, and Windows servers always allow this. It isn't until a client attempts to browse the shares themselves that Windows requires an actual user account. Keithj: The NETBIOS name is the short (11 character) name that older NETBIOS clients such as Windows 3.11 will use. The server name can be longer, but only on much later versions of Windows. Windows XP will, of course, use DNS as well. This makes three possible ways to reveal your Samba server's name to a Windows client, and yes, it's possible to make them all return something different if you're feeling complicated. (-: |
Thank you Brianetta. I did not know that. I do have a valid nobody account in Linux, because that comes standard. I guess I was thinking of it as a samba user named nobody, and I knew I didn't do that. Basically, I have a samba user, with password, defined for every user I expect to browse the network, and for myself, if another user comes along, I actually don't want them to get anywhere.
|
FWIW, here's the smb.conf file from the laptop I'm on right now. By using force user and force group I never have to worry about user mappings or permissions. Of course, this setup wouldn't be appropriate for sensitive info, but for a public share it works just fine.
Code:
[global] |
Thank you Crito. Granted, for a public share that is fine. But in lmcilwain's opening post he had this:
code My share settings are as follows: [tmp] comment = Test Directory path = /home/lmcilwain/tmp writeable = yes browseable = yes valid users = lmcilwain /code That says he want's only one user, lmmcilwain, to have access. He can't do that with encrypted password set to no. To specify valid users, users have to be validated, and that's done with the encrypted password. And its quite easy to do. I fear I left out a step, and I apologize. When you go to system-config-samba/Prefrences/users and create the users, you are invited to select them from the list of Linux users. That means you first have to do system-config-users and create the linux users, THEN go to system-config-samba and define them by selection and give them the passwords that the windows systems will be providing. This way, when someone sneeks a laptop in, they don't git nuthin, but those in my list can work freely. |
Quote:
Quote:
Quote:
|
Thanks for the information above - all added to the Keithj reference manual ;)
Having just gone through the "fun" of setting up Slackware in a spare partition on the same machine, I've discovered that Samba is not always Samba! My Fedora smb.conf above (edited for the obvious bits) didn't work with Slackware. I had to make quite a few changes. All of them are covered in this thread - interesting! |
Kethj - I tried your setup but was not able to get things to work. I finally decided to check my log file which in all of this I never bothered to look at once and found the following entries after attempting to authenticate and get into my share:
Code:
[2007/07/04 21:30:21, 0] smbd/service.c:make_connection_snum(920)Code:
drwxrwxr-x 11 lem lem 4096 Jul 2 09:47 tmpCode:
::1 Firewall localhos[HTML][/HTML]t.localdomain localhostCode:
HOSTNAME=Firewall.localdomain |
| All times are GMT -5. The time now is 10:28 PM. |