Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I've been reading and trying to follow everyone else's examples on here and nothing appears to work. Samba seems to be one of those things where you can't take someone else's examples and it works for you. Point in case - I tried to make this samba configuration off of a working samba configuration I have working on another machine - and it doesn't work! I must have done some voodoo in addition to the smb.conf file and now I don't remember what I did.
Here's the smb.conf file:
Code:
# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
#
# For a step to step guide on installing, configuring and using samba,
# read the Samba-HOWTO-Collection. This may be obtained from:
# http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf
#
# Many working examples of smb.conf files can be found in the
# Samba-Guide which is generated daily and can be downloaded from:
# http://www.samba.org/samba/docs/Samba-Guide.pdf
#
# Any line which starts with a ; (semi-colon) or a # (hash)
# is a comment and is ignored. In this example we will use a #
# for commentry and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command "testparm"
# to check that you have not made any basic syntactic errors.
#
#---------------
# SELINUX NOTES:
#
# If you want to use the useradd/groupadd family of binaries please run:
# setsebool -P samba_domain_controller on
#
# If you want to share home directories via samba please run:
# setsebool -P samba_enable_home_dirs on
#
# If you create a new directory you want to share you should mark it as
# "samba-share_t" so that selinux will let you write into it.
# Make sure not to do that on system directories as they may already have
# been marked with othe SELinux labels.
#
# Use ls -ldZ /path to see which context a directory has
#
# Set labels only on directories you created!
# To set a label use the following: chcon -t samba_share_t /path
#
# If you need to share a system created directory you can use one of the
# following (read-only/read-write):
# setsebool -P samba_export_all_ro on
# or
# setsebool -P samba_export_all_rw on
#
# If you want to run scripts (preexec/root prexec/print command/...) please
# put them into the /var/lib/samba/scripts directory so that smbd will be
# allowed to run them.
# Make sure you COPY them and not MOVE them so that the right SELinux context
# is applied, to check all is ok use restorecon -R -v /var/lib/samba/scripts
#
#--------------
#
#======================= Global Settings =====================================
[global]
# ----------------------- Netwrok Related Options -------------------------
#
# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
#
# server string is the equivalent of the NT Description field
#
# netbios name can be used to specify a server name not tied to the hostname
#
# Interfaces lets you configure Samba to use multiple interfaces
# If you have multiple network interfaces then you can list the ones
# you want to listen on (never omit localhost)
#
# Hosts Allow/Hosts Deny lets you restrict who can connect, and you can
# specifiy it as a per share option as well
#
workgroup = MSHOME
; server string = Samba Server Version %v ;original line
server string = MythTv-Toadette
netbios name = Toadette
; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
; hosts allow = 127. 192.168.12. 192.168.13.
# --------------------------- Logging Options -----------------------------
#
# Log File let you specify where to put logs and how to split them up.
#
# Max Log Size let you specify the max size log files should reach
# logs split per machine
log file = /var/log/samba/log.%m
# max 50KB per log file, then rotate
max log size = 50
# ----------------------- Standalone Server Options ------------------------
#
# Scurity can be set to user, share(deprecated) or server(deprecated)
#
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
security = user
passdb backend = tdbsam
# ----------------------- Domain Members Options ------------------------
#
# Security must be set to domain or ads
#
# Use the realm option only with security = ads
# Specifies the Active Directory realm the host is part of
#
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
#
# Use password server option only with security = server or if you can't
# use the DNS to locate Domain Controllers
# The argument list may include:
# password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
# or to auto-locate the domain controller/s
# password server = *
; realm = MY_REALM
; password server = <NT-Server-Name>
# ----------------------- Domain Controller Options ------------------------
#
# Security must be set to user for domain controllers
#
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
#
# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
#
# Domain Logons let Samba be a domain logon server for Windows workstations.
#
# Logon Scrpit let yuou specify a script to be run at login time on the client
# You need to provide it in a share called NETLOGON
#
# Logon Path let you specify where user profiles are stored (UNC path)
#
# Various scripts can be used on a domain controller or stand-alone
# machine to add or delete corresponding unix accounts
#
; domain master = yes
; domain logons = yes
# the login script name depends on the machine name
; logon script = %m.bat
# the login script name depends on the unix user used
; logon script = %u.bat
; logon path = \\%L\Profiles\%u
# disables profiles support by specifing an empty path
; logon path =
; add user script = /usr/sbin/useradd "%u" -n -g users
; add group script = /usr/sbin/groupadd "%g"
; add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u"
; delete user script = /usr/sbin/userdel "%u"
; delete user from group script = /usr/sbin/userdel "%u" "%g"
; delete group script = /usr/sbin/groupdel "%g"
# ----------------------- Browser Control Options ----------------------------
#
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
#
# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
#
# Preferred Master causes Samba to force a local browser election on startup
# and gives it a slightly higher chance of winning the election
; local master = no
; os level = 33
; preferred master = yes
#----------------------------- Name Resolution -------------------------------
# Windows Internet Name Serving Support Section:
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
#
# - WINS Support: Tells the NMBD component of Samba to enable it's WINS Server
#
# - WINS Server: Tells the NMBD components of Samba to be a WINS Client
#
# - WINS Proxy: Tells Samba to answer name resolution queries on
# behalf of a non WINS capable client, for this to work there must be
# at least one WINS Server on the network. The default is NO.
#
# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups.
; wins support = yes
; wins server = w.x.y.z
; wins proxy = yes
wins server = yes
; dns proxy = yes
# --------------------------- Printing Options -----------------------------
#
# Load Printers let you load automatically the list of printers rather
# than setting them up individually
#
# Cups Options let you pass the cups libs custom options, setting it to raw
# for example will let you use drivers on your Windows clients
#
# Printcap Name let you specify an alternative printcap file
#
# You can choose a non default printing system using the Printing option
; load printers = yes
cups options = raw
; printcap name = /etc/printcap
#obtain list of printers automatically on SystemV
; printcap name = lpstat
; printing = cups
# --------------------------- Filesystem Options ---------------------------
#
# The following options can be uncommented if the filesystem supports
# Extended Attributes and they are enabled (usually by the mount option
# user_xattr). Thess options will let the admin store the DOS attributes
# in an EA and make samba not mess with the permission bits.
#
# Note: these options can also be set just per share, setting them in global
# makes them the default for all shares
map archive = yes
; map hidden = no
; map read only = no
; map system = no
encrypt passwords = yes
guest ok = yes
guest account = nobody
; store dos attributes = yes
#============================ Share Definitions ==============================
[homes]
comment = Home Directories
browseable = no
writable = yes
; valid users = %S
; valid users = MYDOMAIN\%S
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
; guest ok = no
; writable = no
printable = yes
# Un-comment the following and create the netlogon directory for Domain Logons
; [netlogon]
; comment = Network Logon Service
; path = /var/lib/samba/netlogon
; guest ok = yes
; writable = no
; share modes = no
# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
; [Profiles]
; path = /var/lib/samba/profiles
; browseable = no
; guest ok = yes
writable = yes
; valid users = %S
; valid users = MYDOMAIN\%S
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
; guest ok = no
; writable = no
printable = yes
# Un-comment the following and create the netlogon directory for Domain Logons
; [netlogon]
; comment = Network Logon Service
; path = /var/lib/samba/netlogon
; guest ok = yes
; writable = no
; share modes = no
# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
; [Profiles]
; path = /var/lib/samba/profiles
; browseable = no
; guest ok = yes
# A publicly accessible directory, but read only, except for people in
# the "staff" group
; [public]
; comment = Public Stuff
; path = /home/samba
v; public = yes
; writable = yes
; printable = no
; write list = +staff
[videos]
comment = Video Files
path = /storage/videos
guest ok = yes
writeable = no
browseable = yes
public = yes
Basically, I just want to share the /storage/videos file to every single windows computer (or smb device) on my network. I don't want to have to deal with usernames or anything. If there's a CIFS protocol using machine on the network, I want it to be able to see the videos in /storage/videos.
I've tried the smbclient -L \\Toadette -N command and it works. It looks like:
Code:
smbclient -L \\Toadette -N
Anonymous login successful
Domain=[MSHOME] OS=[Unix] Server=[Samba 3.0.28a-0.fc8]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (MythTv-Toadette)
videos Disk Video Files
Anonymous login successful
Domain=[MSHOME] OS=[Unix] Server=[Samba 3.0.28a-0.fc8]
Server Comment
--------- -------
TOADETTE Samba Server Version 3.0.28a-0.fc8
Workgroup Master
--------- -------
MSHOME
Please, any help to get this working would help keep me from going insane. I've spent about 3 hours on this so far.
I've been reading and trying to follow everyone else's examples on here and nothing appears to work. Samba seems to be one of those things where you can't take someone else's examples and it works for you. Point in case - I tried to make this samba configuration off of a working samba configuration I have working on another machine - and it doesn't work! I must have done some voodoo in addition to the smb.conf file and now I don't remember what I did.
You really only a couple lines to get to working. In the vast majority of installations you don't need to worry about 90% of the options. You can add them once you get it working. I suggest you don't use the guest logon. It's horribly insecure, even with a working firewall. Just enter a password once and check the 'remember' box and forget it. Or attach the share to a drive letter. If other people attach to your share, then share it themselves...
First, you need to decide if you want Root WRITE access. You do copy videos to the linux box, don't you? If you rename your current config, create a new, minimal configuration it will allow root access. The usual package smb.cong has a line that prevents root from gaining access to your disk.
Look for this line:
; invalid users = root
Then you need to set up samba users to match the valid users names in your shares. Be aware that the user must exist before you can create a SAMBA password for them. Linux comes with a "nobody" user but I don't know if you need to set up a separate smb user name if you use the guest option.
Code:
#smbpasswd xxxxxx
New SMB password:
Retype new SMB password:
There is a configuration checker that can also lead you to useful information called testparm. It can even show you a working configuration stripped from the original.
Code:
#testparm
Basically you need only a couple lines to make it work.
TESTED Example:
Code:
[global]
#change this to your workgroup
workgroup = SIGGMA
#Name in Windows Network
server string = %h server
#no DNS for host names
dns proxy = no
#This line says use the 'hosts' file first for machine names
name resolve order = host lmhosts bcast wins
#Important lines here, this says use regular pam authentication
security = user
encrypt passwords = true
passdb backend = tdbsam
obey pam restrictions = yes
#I added this to chew up memory so directories are retrieved a bit faster.
#Default is 8K (8192) I think
socket options = TCP_NODELAY SO_RCVBUF=32768 SO_SNDBUF=32768
## #
##Shares go here #
## #
#A working CD share, notice the preexec and postexed?
#I don't use my webserver to burn media but I'll bet it will work if you make it writeable...
[cdrom]
comment = Linux server's CD-ROM
writable = no
locking = no
path = /cdrom
public = yes
preexec = /bin/mount /cdrom
postexec = /bin/umount /cdrom
[rmount]
path = /var/www
writable = yes
admin users = www-data
write list = www-data
valid users = www-data
comment = Webserver root, creates new files as webserver
[wmroot]
path = /var/www
writeable = yes
write list = root
valid users = root
comment = Webserver root, creates new files as root
Don't forget to restart samba. It's like this on Deb, Ubuntu etc.
Code:
#/etc/init.d/samba restart
You MAY also need to restart the windows box if authentication has failed and to reset share names in XP. Vista is a bit more dynamic. Not sure if that's good or not...
I just tested a new install from Debian lenny. The only thing I changed in the distribution config was the Workgroup line then I uncommented the allow root line, the three cd rom lines, added a writable [root] section for the drive root and added smbusers.
The most common issue I had was forgetting to create smb users. Then came thinking things needed to be changed and not reading the documentation. If you need LDAP or some other authentication, read the docs and there are tons of articles on the web, like this: http://www.linuxfocus.org/English/Ma...ticle177.shtml
Hope this helps.
-Tom
After trying your conf, it would no longer work for smbclient -L \\Toadette -N and after I restored by old smb.conf, it still didn't work. Something funny is going on here.
I get the error:
Connection to Toaddette failed (Error NT_STATUS_BAD_NETWORK_NAME)
that didn't work. But I think I've noticed a problem. On my samba server that works, it says Doman=[MSHOME] while the one that doesn't work says Domain=[Toadette] But I don't know how to fix that. I already set workgroup=MSHOME
I'm thinking I mayend up feeling sheepish. It's possible that I have the Fedora firewall enabled and it's blocking the smb ports. I'll get back to you if that's it
Check the domain or workgroup entry on each machine. They should match. However, the [domain]= from the smbclient command lists the domain rather than the workgroup. If you use a workgroup instead of a domain controller, then the [domain]= refers to the hostname. The server is a stand alone domain server. Using workgroups, that is normal. If you use a domain controller, the name of the domain controller should be listed instead.
You do want the "Bad User = nobody" line in the General portion of smb.conf, and you want "Guest OK = Yes" in the share definition. I hadn't run into "guest only" before. Checking the man page, I found it and it confirmed my second item.
Code:
guest only (S)
If this parameter is yes for a service, then only guest connections
to the service are permitted. This parameter will have no effect if
guest ok is not set for the service.
The Guest user is the "nobody" user in Linux. You need to make sure that the directory has at least o=rx permissions. If other hosts are able to save to this directory, then set the sticky bit as well. Without the "Guest Only" option, you may have some files owned by individual users and others owned by guest depending on whether the user has authenticated or not. With the guest only, on the Linux server, the files will be owned by nobody. Using a network browser, the files will say that they are owned by nobody.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.