Can't read Samba Share on Linux and Windows.
 

Hello Folks.
I joined my CentOS 7 server into Windows Domain and My Goal is that share My linux Directories and apply permission to them via Windows Active Directory Users. My Samba Config is :

[global]
workgroup = JASONDOMAIN
security = ADS
realm = JASONDOMAINI.JJ
netbios name = printmah

dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
server string = Samba 4 Client %h
##
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
##
username map = /etc/samba/user.map

##

winbind enum users = no
winbind enum groups = no
winbind use default domain = yes
winbind expand groups = 4
winbind nss info = rfc2307
winbind refresh tickets = Yes
winbind offline logon = yes
winbind normalize names = Yes

## map id's outside of domain to tdb files.
idmap config *:backend = tdb
idmap config *:range = 2000-9999
## map ids from the domain the ranges may not overlap !
idmap config JASONDOMAIN : backend = rid
idmap config JASONDOMAIN : range = 10000-999999

wins server = 172.30.9.1, 172.20.1.2, 172.20.1.48

domain master = no
local master = no
preferred master = no
os level = 20
map to guest = bad user
host msdfs = no
# user Administrator workaround, without it you are unable to set
privileges
username map = /etc/samba/user.map

# For ACL support on member server
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes

# Share Setting Globally
unix extensions = no
reset on zero vc = yes
veto files = /.bash_logout/.bash_profile/.bash_history/.bashrc/
hide unreadable = yes
template shell = /bin/sh
template homedir = /home/%U
#
name resolve order = lmhosts wins bcast host

[test]
path = /home/jason/Desktop/photo
read only = no
browseable = yes




I can't browse share in Linux and Windows and it show me an error about permission. I also disable Firewall.

How can I solve it?

What are the directory permissions of the share are they writeable to users?
One more thing, is selinux enforcing?

# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28

and

drwxr-xr-x. 2 root root 6 Feb 17 01:14 Desktop


Is it because of "root" ?

I login to Linux via AD user and create a Directory and Permissions are below :

drwxr-xr-x. 2 jason domain_users 6 Feb 17 01:24 test

But can't browse!!!!

Swith to selinux to permissive mode
Try connecting to share if u can access to that folder then u have to add selinux file context

Thank you.
The correct Syntax is :

chcon -t samba_share_t -R /path/to/share

---------- Post added 02-17-15 at 03:59 AM ----------

Thank you.
The correct Syntax is :

chcon -t samba_share_t -R /path/to/share

I have another problem. I can't change or add permissions and it show me I can't access.I use administrator account in Windows too but I has problem.
I used "jason" user for create directory and "jason" and "administrator" on windows can add or remove Folders but can't change permissions.
I read "https://wiki.samba.org/index.php/Setup_and_configure_file_shares_with_Windows_ACLs" and did all steps in "Setup share permissions" section but problem not solved :(

Any idea?

Hello.
I changed my "smb.conf" as below :

[Demo]
path = /srv/samba/demo/
read only = no
force user = %U
force group = "JASONDOMAIN.JJ+domain users"
force create mode = 0666
force directory mode = 2777
force directory security mode = 0777
valid users = @"JASONDOMAIN.JJ+domain users"

Then I use below command to change owner :

# chgrp -R "domain users" demo/
# chmod -R g+rw demo/

# ls -l
total 0
drwxrwxr-x. 2 root domain_users 6 Feb 18 05:38 demo

But When I want to open the "demo" directory it ask me my username and password and when I enter my username and password it ask me again :(
I also have same problem with change permission too.

How can I solve it? It is emergency.

Thank you.

---------- Post added 02-18-15 at 07:32 AM ----------

Hello.
I changed my "smb.conf" as below :

[Demo]
path = /srv/samba/demo/
read only = no
force user = %U
force group = "JASONDOMAIN.JJ+domain users"
force create mode = 0666
force directory mode = 2777
force directory security mode = 0777
valid users = @"JASONDOMAIN.JJ+domain users"

Then I use below command to change owner :

# chgrp -R "domain users" demo/
# chmod -R g+rw demo/

# ls -l
total 0
drwxrwxr-x. 2 root domain_users 6 Feb 18 05:38 demo

But When I want to open the "demo" directory it ask me my username and password and when I enter my username and password it ask me again :(
I also have same problem with change permission too.

How can I solve it? It is emergency.

Thank you.

It is very Vital for me, Any idea?

"testparm -s" show me below error :

[root@printmah ~]# testparm -s
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
params.c:Parameter() - Ignoring badly formed line in configuration file: privileges
Processing section "[test]"
Processing section "[Demo]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER


How can I fix it?

I used :

smbclient //localhost/Demo -U JASONDOMAINI\\jason -d 3

and the result is :

esolve_lmhosts: Attempting lmhosts lookup for name localhost<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name localhost<0x20>
Connecting to 127.0.0.1 at port 445
Doing spnego session setup (blob length=96)
got OID=1.2.840.48018.1.2.2
got OID=1.2.840.113554.1.2.2
got OID=1.3.6.1.4.1.311.2.2.10
got principal=not_defined_in_RFC4178@please_ignore
Got challenge flags:
Got NTLMSSP neg_flags=0x60898215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60088215
Domain=[JASONDOMAINI] OS=[Unix] Server=[Samba 4.1.1]
tree connect failed: NT_STATUS_ACCESS_DENIED

the name localhost is not resolved by the server.
Try connecting the share by ip address
U should be prompted to enter password for user jason.

My "hosts" file was correct and the commands result is :

[root@printmah ~]# cat /etc/hosts
172.30.9.1 printmah.jasondomain.jj printmah
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6



[root@printmah ~]# smbclient //127.0.0.1/Demo -o user=JASONDOMAINI\\jason
params.c:Parameter() - Ignoring badly formed line in configuration file: privileges
Domain=[JASONDOMAINI] OS=[Unix] Server=[Samba 4.1.1]
tree connect failed: NT_STATUS_ACCESS_DENIED

add in smb.conf file in global section
restart samba
try connecting

Thanks.
Add it but Got same error:

Domain=[JASONDOMAINI] OS=[Unix] Server=[Samba 4.1.1]
tree connect failed: NT_STATUS_ACCESS_DENIED

In "smb.conf" my share setting is :

[Demo]
path = /srv/samba/demo/
read only = no
valid users = +JASONDOMAINI\linux +JASONDOMAINI\local admins
writable = yes
#inherrit owner = yes
#inherit permissions = yes
force group = JASONDOMAINI\linux


"linux" is the name of group that I created in AD and "jason" is member of it.

What are the directory permissions of /srv/samba/demo?