LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Fedora
User Name
Password
Fedora This forum is for the discussion of the Fedora Project.

Notices

Reply
 
Search this Thread
Old 07-02-2007, 03:00 PM   #16
lmcilwain
Member
 
Registered: Dec 2003
Location: Maryland
Distribution: Fedora 14
Posts: 367

Original Poster
Rep: Reputation: 30

Honestly the naming of it I don't care about. If it needs to be something else I have no issues or attachments with changing that.

Crito - care to give me an idea of where I can formalize this. I would like to know where the names reside so I can name them all the same thing.
 
Old 07-02-2007, 03:05 PM   #17
OralDeckard
Member
 
Registered: Mar 2006
Posts: 140

Rep: Reputation: 15
I was going through your samba.conf file and found this:
encrypt passwords = no

netbios name = FEDORA

The netbios name is the name your computer has on Samba, and should be the same as the one given in /hosts and /sysconfig/network. Make them all Fedora-Vin or all FEDORA.

And encrypt passwords is definately yes. This isn't just a preference based of how secure yout want to be. It is mandatory, or you won't be communicating with any Windows later than 98 or ME.

Includ this as well:
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
passdb backend = tdbsam

And after this is added, you will want to re assign those password so that they go into tdbsam.
system-config-samba
Click on Preferences, then Samba Users and delete each user, then click OK and exit.
Then go right back in and re-create each of the users, giving them the passwords.
 
Old 07-02-2007, 03:06 PM   #18
OralDeckard
Member
 
Registered: Mar 2006
Posts: 140

Rep: Reputation: 15
Oh, and do a testparm to let Fedora grade your samba.conf file. It can find things and bring them to your attention.
 
Old 07-02-2007, 03:31 PM   #19
OralDeckard
Member
 
Registered: Mar 2006
Posts: 140

Rep: Reputation: 15
Edited to eliminate double post.
 
Old 07-02-2007, 07:23 PM   #20
Keithj
Member
 
Registered: May 2005
Location: Essex and Norfolk
Distribution: Debian, Fedora 8 and 9, Mandriva 2009, Mepis, Kubuntu, SuSe 10.1, Slackware 12.1 - and Knoppix.
Posts: 155

Rep: Reputation: 30
Quote:
Originally Posted by OralDeckard
And encrypt passwords is definately yes. This isn't just a preference based of how secure yout want to be. It is mandatory, or you won't be communicating with any Windows later than 98 or ME.
That is my (working) smb.conf that you are quoting, not Imcilwain's "problem" one. encrypt passwords is "no" because it didn't work with "yes". I'm running Windows XP Pro SP2 on two of the machines on the network, and they access Fedora-Vin just fine, and Fedora-Vin accesses them just fine. I guess they haven't read the instruction book (yet).

I don't think the Netbios name gets used anywhere - I've never seen it appear. It's been FEDORA since when that was the "server string" name - I changed that to see what was doing what in smb.conf.

I had to remove the "guest account nobody" to get mine to work.

The problem I had - and which Imcilwain seems to be having, was that Samba said all the right things but just didn't work. I created a "minimal" smb.conf with about three lines, and added and removed stuff to see what happened. That file up there is the version that worked (and still works) in every respect I needed. It even allows me to print!

I don't know how or why - don't care, really - but the proof of the pudding and all that.
 
Old 07-03-2007, 04:07 AM   #21
Brianetta
LQ Newbie
 
Registered: Mar 2007
Location: Newcastle upon Tyne, UK
Distribution: Trustix, Fedora, Ubuntu
Posts: 16

Rep: Reputation: 3
Some people are wondering what the guest account thing is all about. It's the anonymous account that client computers will use when they initially browse the shares on your Samba server, and it should be a valid Unix account. If you remove it, it defaults to the user nobody. It can be changed in case you have sensitive files on your system owned by nobody and don't want any potential Samba exploit to be able to compromise them.

The guest account, if disabled somehow, will cause client Windows PCs to be prompted for a password just to browse the shares in Network Neighbourhood. Windows always attempts to log in anonymously to list the shares, and Windows servers always allow this. It isn't until a client attempts to browse the shares themselves that Windows requires an actual user account.

Keithj: The NETBIOS name is the short (11 character) name that older NETBIOS clients such as Windows 3.11 will use. The server name can be longer, but only on much later versions of Windows. Windows XP will, of course, use DNS as well. This makes three possible ways to reveal your Samba server's name to a Windows client, and yes, it's possible to make them all return something different if you're feeling complicated. (-:
 
Old 07-03-2007, 05:48 PM   #22
OralDeckard
Member
 
Registered: Mar 2006
Posts: 140

Rep: Reputation: 15
Thank you Brianetta. I did not know that. I do have a valid nobody account in Linux, because that comes standard. I guess I was thinking of it as a samba user named nobody, and I knew I didn't do that. Basically, I have a samba user, with password, defined for every user I expect to browse the network, and for myself, if another user comes along, I actually don't want them to get anywhere.
 
Old 07-03-2007, 06:56 PM   #23
Crito
Senior Member
 
Registered: Nov 2003
Location: Knoxville, TN
Distribution: Kubuntu 9.04
Posts: 1,168

Rep: Reputation: 53
FWIW, here's the smb.conf file from the laptop I'm on right now. By using force user and force group I never have to worry about user mappings or permissions. Of course, this setup wouldn't be appropriate for sensitive info, but for a public share it works just fine.

Code:
[global]
        server string = Crito's Linux Laptop
        security = SHARE
        username map = /etc/samba/smbusers
        log file = /var/log/samba/%m.log
        max log size = 50
        dns proxy = No
        ldap ssl = no

[samba]
        comment = Windows SMB/CIFS share
        path = /home/climber/samba
        force user = climber
        force group = climber
        read only = No
        guest ok = Yes
 
Old 07-03-2007, 07:33 PM   #24
OralDeckard
Member
 
Registered: Mar 2006
Posts: 140

Rep: Reputation: 15
Thank you Crito. Granted, for a public share that is fine. But in lmcilwain's opening post he had this:

code
My share settings are as follows:
[tmp]
comment = Test Directory
path = /home/lmcilwain/tmp
writeable = yes
browseable = yes
valid users = lmcilwain
/code

That says he want's only one user, lmmcilwain, to have access. He can't do that with encrypted password set to no. To specify valid users, users have to be validated, and that's done with the encrypted password.

And its quite easy to do.

I fear I left out a step, and I apologize. When you go to system-config-samba/Prefrences/users and create the users, you are invited to select them from the list of Linux users. That means you first have to do system-config-users and create the linux users, THEN go to system-config-samba and define them by selection and give them the passwords that the windows systems will be providing.

This way, when someone sneeks a laptop in, they don't git nuthin, but those in my list can work freely.
 
Old 07-03-2007, 07:42 PM   #25
OralDeckard
Member
 
Registered: Mar 2006
Posts: 140

Rep: Reputation: 15
Quote:
Originally Posted by Keithj
That is my (working) smb.conf that you are quoting, not Imcilwain's "problem" one. encrypt passwords is "no" because it didn't work with "yes".
I'm sorry Keithj. I'll try to be more careful.

Quote:
Originally Posted by Keithj
I don't think the Netbios name gets used anywhere - I've never seen it appear.
I learned rom this thread that Netbios was for older systems. I had used it and noticed that my windows systems took it to be the Linux system's name, but found that with the name also in Sysconfig/network and hosts I didn't need it. I guess now, rather than make them the same, or make it complicated, I'll just not use it.

Quote:
Originally Posted by Keithj
The problem I had - and which Imcilwain seems to be having, was that Samba said all the right things but just didn't work.
Well, some real reasons why his didn't work are getting ironed out, so that may change, with him able to be choosy about who gets access.
 
Old 07-04-2007, 07:07 AM   #26
Keithj
Member
 
Registered: May 2005
Location: Essex and Norfolk
Distribution: Debian, Fedora 8 and 9, Mandriva 2009, Mepis, Kubuntu, SuSe 10.1, Slackware 12.1 - and Knoppix.
Posts: 155

Rep: Reputation: 30
Thanks for the information above - all added to the Keithj reference manual

Having just gone through the "fun" of setting up Slackware in a spare partition on the same machine, I've discovered that Samba is not always Samba! My Fedora smb.conf above (edited for the obvious bits) didn't work with Slackware. I had to make quite a few changes. All of them are covered in this thread - interesting!
 
Old 07-04-2007, 08:48 PM   #27
lmcilwain
Member
 
Registered: Dec 2003
Location: Maryland
Distribution: Fedora 14
Posts: 367

Original Poster
Rep: Reputation: 30
Kethj - I tried your setup but was not able to get things to work. I finally decided to check my log file which in all of this I never bothered to look at once and found the following entries after attempting to authenticate and get into my share:
Code:
[2007/07/04 21:30:21, 0] smbd/service.c:make_connection_snum(920)
  '/home/lem/tmp' does not exist or permission denied when connecting to [temp] Error was Permission denied

[2007/07/04 21:30:21, 0] smbd/service.c:make_connection_snum(920)
  '/home/lem/tmp' does not exist or permission denied when connecting to [temp] Error was Permission denied
I can' assure you that /home/lem/tmp does exist and the permissions on it are as follows:

Code:
drwxrwxr-x 11 lem  lem      4096 Jul  2 09:47 tmp
I have also made changes to my /etc/hosts file to add the following:

Code:
::1     Firewall        localhos[HTML][/HTML]t.localdomain   localhost

127.0.0.1 Firewall.localdomain  localhost.localdomain localhost
I have also added to my /etc/sysconfig/network file
Code:
HOSTNAME=Firewall.localdomain
Of course I rebooted after making these changes and I still didn't have any luck accessing the share. The share can be seen but once I authenticate to try and access/write to it, it throws me an error. Did I miss something through all the posts that I have read up to this point?
 
  


Reply

Tags
account, explanation, guest, samba


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
FC6 Virualisation - No CD NFS share flebber Linux - Software 2 01-12-2007 09:20 PM
share a partition between windows and fc6 Mash Linux - General 4 12-04-2006 05:19 AM
Mounting Samba shares and Samba Share Login time112852 Linux - Software 1 09-14-2003 02:23 PM
mapping a SAMBA share with a login script Drizzt420 Linux - Software 2 07-19-2003 02:08 PM
Win XP and Samba Share red X on login janon Linux - Software 0 04-30-2003 01:35 PM


All times are GMT -5. The time now is 11:50 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration