FC6 Samba Share Login

lmcilwain · 02-27-2007, 11:30 PM

Hello All,

I shared a tmp directory in my local account using the SMB UI (System -> Administration -> Server Settings -> Samba). Samba Security/Authentication was set to "share":

When I try to connect to via my intel mac
I login using my windows username and password specified in the "samba users settings"

Code:

I get the following error: 
The operation cannot be completed because one or more required items cannot be found (error code -43)

When I try to connect via my windows machine. My log in prompt is shown as:
username: <machine name>\Guest (this is grayed out and can't be changed)
Password is blank (didn't see much point in putting in my password if my login name isn't set right)

Can anyone tell me how I can fix this so that I can connect successfully from my mac or my windows machine? What security/authentication setting should I use? Is there a way to make it so that the I authenticate against my linux login (passwd file)

Brianetta · 03-01-2007, 06:44 PM

You should change security = share to security = user if you want to use your passwd file for user details.

Your Windows and Mac machines need to connect as a guest user first, in order to ennumerate the available shares. This is before they prompt you for your real user's password. Ensure that the guest account = line is set up properly in smb.conf. It either needs to reference a real account, or it needs to be commented out (and the real account nobody must exist).

lmcilwain · 03-01-2007, 07:52 PM

My security setting is as follows:

# This option is important for security. It allows you to restrict
# Use password server option only with security = server
# Use the realm option only with security = ads
; security = user

My share settings are as follows:
[tmp]
comment = Test Directory
path = /home/lmcilwain/tmp
writeable = yes
browseable = yes
valid users = lmcilwain

My guest account settings are as follows:
# Uncomment this if you want a guest account, you must add this to /etc/passwd
; guest account = pcguest
guest ok = yes
; guest account = nobody
; guest ok = no
; guest account = nobody
; guest ok = yes
; guest ok = yes
# Set public = yes to allow user 'guest account' to print
; guest ok = no
; only guest = yes

So far to me, it seems right. Is there something I missed?

Brianetta · 03-01-2007, 07:55 PM

What's security set to? The only security line there is commented out.

lmcilwain · 06-26-2007, 09:05 PM

Somehow I lost track of this thread but I need to reopen it since I am revisiting trying to get this to work.

My issue is:

I have set up a linux smb share on my FC6 machine. I am able to connect to the machine to see the share but I am not able to properly authenticate to read/write to the share. Here are my settings as of right now

My smb.conf file is as follows for my home directory share:

Code:

[temp]
        comment = home temp test
        path = /home/lem/temp
        writeable = yes
        browseable = yes
        valid users = lem

The security is set to "share"

The guest account is set as follows:

Code:

  guest account = nobody

In my smbusers file I have the following:

Code:

# Unix_name = SMB_name1 SMB_name2 ...
root = administrator admin
nobody = guest pcguest smbguest
lem = lem

and I have run

Code:

smbpasswd -a lem

to set the password.

Keithj · 06-27-2007, 12:33 PM

A bit of a "Chinese answer", in that my Samba worked fine with FC5. I upgraded straight to Fedora 7 (it's not called FC7 for some, no doubt excellent, reason).

Samba wouldn't let the other machines on the network see the Linux one, whose main purpose is as a fileserver.

The problem - which sounds very like yours - was caused by just three lines in smb.conf. It was the last, apparently insignificant, change that sorted it.

Oh - and it takes a while for the changes to percolate over the network (or mine did) - quick changes may take you through the solution and past it before the other machines realise. On Windows machines, 'ipconfig /renew' seems to speed things up.

In [global]
REMOVE the 'guest ok' line
ADD security = share

In the individual blocks,
guest ok = yes

This is my complete smb.conf, which works fine:

Quote:

# FEDORA SAMBA FILE AS AT 24 June 2007

[global]

workgroup = Keithj
server string = Fedora-Vin
hosts allow = 192.168.8. 192.168.1. 127.

printcap name = /etc/printcap
cups options = raw

log file = /var/log/samba/log.samba
max log size = 1000

socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192

dns proxy = no
security = share
restrict anonymous = no
domain master = no
preferred master = no
max protocol = NT
ldap ssl = No
server signing = Auto
paranoid server security = no
encrypt passwords = no

netbios name = FEDORA

[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
printable = yes

[rootd]
comment = Fedora
path = /
read only = no
guest ok = yes

[HOME]
path = /home/
guest ok = yes
read only = no

[MNT]
path = /mnt/
guest ok = yes
read only = no

[KEITHJ]
path = /home/keithj/
guest ok = yes
read only = no
case sensitive = no
strict locking = no
msdfs proxy = no

Hope that helps!

lmcilwain · 06-27-2007, 01:44 PM

In My current smb.conf file I have only the following enabled:

Code:

[global]
workgroup = HOME
server string = Samba Server
security = share
load printers = yes
cups options = raw
guest account = nobody
log file = /var/log/samba/%m.log
max log size = 50
dns proxy = no

It seems like this matches mostly what you have, am I wrong?

Keithj · 06-27-2007, 03:10 PM

Pretty much!

I'm not sure about the space in Samba Server - I avoided spaces (a very old habit).
Try with a # in front of guest account = nobody - I had that and deleted it along the way.

I ended up for several hours changing one thing at a time until it worked.
That smb.conf is the one that did!

lmcilwain · 06-27-2007, 03:38 PM

OK, maybe I will just take your file and modify it to my environment and see if that saves me any time. Is that technically considered "cheating"

Keithj · 06-29-2007, 08:31 PM

No such thing as cheating in this game

Good luck! That file works for me...

OralDeckard · 06-30-2007, 07:46 PM

The problem is that you are disregarding the help you requested.
Brianette told you early on: "You should change security = share to security = user if you want to use your passwd file for user details."

She wasn't just making that up. You just went on telling about your security being share, just like it didn't make any difference. Well, it does.

And what's this fascination with the nobody account ? I am running a Fedora server, serving Windows workstation, and I don't bother with a nobody account. But my security is set to user.

So what do you have in your /etc/hosts file?
And what do you have in your /etc/sysconfig/network file?

lmcilwain · 07-02-2007, 10:06 AM

Unfortunately that was probably disregarded because I have tried user as well as any other of the security settings. Those don't show in any of the configs posted because its a change that was done prior to reposting again only to find that as far as I knew it didn't work. But sure, I will change it the security to user and leave it at that.

I don't know what the fascination is with the nobody account, that is where people have steered me to. I don't know much about setting up a samba server if anything at all so I'm taking whatever suggestions I can.

In my host file is:

Code:

[Firewall etc]$ more hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
::1     Firewall        localhost.localdomain   localhost
192.168.11.100  machine1
192.168.11.101  machine2
192.168.11.102  machine3
192.168.11.104  machine4

In my network file I have:

Code:

[Firewall sysconfig]$ more network
NETWORKING=yes
NETWORKING_IPV6=yes
HOSTNAME=Firewall

Crito · 07-02-2007, 11:22 AM

You still have to deal with Linux filesystem permissions. Having too many users to maintain a linux to windows username mapping file, I just chown smbuser:smbgroup /home/smbshare then set forceuser = smbuser and forcegroup = smbgroup in my smb.conf file. That keeps the samba users contained and eliminates all the administrative overhead.

Maybe someday I'll tackle integrating it all into my AD (MS LDAP) domain but right now it's just too much of a hassle for me. I'm not keeping anything top secret on my samba shares anyway.

OralDeckard · 07-02-2007, 03:45 PM

OK, we have two disting subject going on here. I'm going to let Crito address the firewall and ldap concerns. I say this because we are both going to be telling you a lot of stuff, and I don't want you to thing we are telling you two different things. What I am telling you is just basic samba settup.

Your /etc/hosts file is missing an important line that it had originally. It needed modified, but not removed. Here is what it looked like to begin with:
127.0.0.1 localhost.localdomain localhost

And here is what you want it modified to be:
127.0.0.1 Fedora-Vin.localdomain Fedora-Vin localhost.localdomain localhost

Your computer is always localhost, and needs that here. Adding the name you want it known as on the Samba network to the front of it is done here as well. I supposed you wanted it called Fedora-Vin from what I saw in a previous post. You might want to change it to something else.

OralDeckard · 07-02-2007, 03:50 PM

OK, in your /etc/sysconfig/network file you should have something like this:
NETWORKING=yes
NETWORKING_IPV6=yes
HOSTNAME=Fedora-Vin.localdomain

It looks like you are nameing your computer "Firewall". I know you want to do the firewall as well, but here it should carry the same name as in your hosts file. Perhaps Crito can tell you the appropriate palce to put that Firewall name.