LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 07-26-2008, 02:16 PM   #1
DJOtaku
Member
 
Registered: Oct 2004
Location: USA
Distribution: Fedora 20; Arch; Kubuntu; Debian
Posts: 710

Rep: Reputation: 31
Connecting to Samba share from Windows


I've been reading and trying to follow everyone else's examples on here and nothing appears to work. Samba seems to be one of those things where you can't take someone else's examples and it works for you. Point in case - I tried to make this samba configuration off of a working samba configuration I have working on another machine - and it doesn't work! I must have done some voodoo in addition to the smb.conf file and now I don't remember what I did.

Here's the smb.conf file:
Code:
# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
#
# For a step to step guide on installing, configuring and using samba, 
# read the Samba-HOWTO-Collection. This may be obtained from:
#  http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf
#
# Many working examples of smb.conf files can be found in the 
# Samba-Guide which is generated daily and can be downloaded from: 
#  http://www.samba.org/samba/docs/Samba-Guide.pdf
#
# Any line which starts with a ; (semi-colon) or a # (hash) 
# is a comment and is ignored. In this example we will use a #
# for commentry and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command "testparm"
# to check that you have not made any basic syntactic errors. 
#
#---------------
# SELINUX NOTES:
#
# If you want to use the useradd/groupadd family of binaries please run:
# setsebool -P samba_domain_controller on
#
# If you want to share home directories via samba please run:
# setsebool -P samba_enable_home_dirs on
#
# If you create a new directory you want to share you should mark it as
# "samba-share_t" so that selinux will let you write into it.
# Make sure not to do that on system directories as they may already have
# been marked with othe SELinux labels.
#
# Use ls -ldZ /path to see which context a directory has
#
# Set labels only on directories you created!
# To set a label use the following: chcon -t samba_share_t /path
#
# If you need to share a system created directory you can use one of the
# following (read-only/read-write):
# setsebool -P samba_export_all_ro on
# or
# setsebool -P samba_export_all_rw on
#
# If you want to run scripts (preexec/root prexec/print command/...) please
# put them into the /var/lib/samba/scripts directory so that smbd will be
# allowed to run them.
# Make sure you COPY them and not MOVE them so that the right SELinux context
# is applied, to check all is ok use restorecon -R -v /var/lib/samba/scripts
#
#--------------
#
#======================= Global Settings =====================================

[global]

# ----------------------- Netwrok Related Options -------------------------
#
# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
#
# server string is the equivalent of the NT Description field
#
# netbios name can be used to specify a server name not tied to the hostname
#
# Interfaces lets you configure Samba to use multiple interfaces
# If you have multiple network interfaces then you can list the ones
# you want to listen on (never omit localhost)
#
# Hosts Allow/Hosts Deny lets you restrict who can connect, and you can
# specifiy it as a per share option as well
#
        workgroup = MSHOME
;       server string = Samba Server Version %v ;original line
        server string = MythTv-Toadette

        netbios name = Toadette

;       interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24 
;       hosts allow = 127. 192.168.12. 192.168.13.

# --------------------------- Logging Options -----------------------------
#
# Log File let you specify where to put logs and how to split them up.
#
# Max Log Size let you specify the max size log files should reach

        # logs split per machine
        log file = /var/log/samba/log.%m
        # max 50KB per log file, then rotate
        max log size = 50
# ----------------------- Standalone Server Options ------------------------
#
# Scurity can be set to user, share(deprecated) or server(deprecated)
#
# Backend to store user information in. New installations should 
# use either tdbsam or ldapsam. smbpasswd is available for backwards 
# compatibility. tdbsam requires no further configuration.

        security = user
        passdb backend = tdbsam


# ----------------------- Domain Members Options ------------------------
#
# Security must be set to domain or ads
#
# Use the realm option only with security = ads
# Specifies the Active Directory realm the host is part of
#
# Backend to store user information in. New installations should 
# use either tdbsam or ldapsam. smbpasswd is available for backwards 
# compatibility. tdbsam requires no further configuration.
#
# Use password server option only with security = server or if you can't
# use the DNS to locate Domain Controllers
# The argument list may include:
#   password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
# or to auto-locate the domain controller/s
#   password server = *


;       realm = MY_REALM

;       password server = <NT-Server-Name>

# ----------------------- Domain Controller Options ------------------------
#
# Security must be set to user for domain controllers
#
# Backend to store user information in. New installations should 
# use either tdbsam or ldapsam. smbpasswd is available for backwards 
# compatibility. tdbsam requires no further configuration.
#
# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
#
# Domain Logons let Samba be a domain logon server for Windows workstations. 
#
# Logon Scrpit let yuou specify a script to be run at login time on the client
# You need to provide it in a share called NETLOGON
#
# Logon Path let you specify where user profiles are stored (UNC path)
#
# Various scripts can be used on a domain controller or stand-alone
# machine to add or delete corresponding unix accounts
#

;       domain master = yes 
;       domain logons = yes

        # the login script name depends on the machine name
;       logon script = %m.bat
        # the login script name depends on the unix user used
;       logon script = %u.bat
;       logon path = \\%L\Profiles\%u
        # disables profiles support by specifing an empty path
;       logon path =          

;       add user script = /usr/sbin/useradd "%u" -n -g users
;       add group script = /usr/sbin/groupadd "%g"
;       add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u"
;       delete user script = /usr/sbin/userdel "%u"
;       delete user from group script = /usr/sbin/userdel "%u" "%g"
;       delete group script = /usr/sbin/groupdel "%g"


# ----------------------- Browser Control Options ----------------------------
#
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
#
# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
#
# Preferred Master causes Samba to force a local browser election on startup
# and gives it a slightly higher chance of winning the election
;       local master = no
;       os level = 33
;       preferred master = yes

#----------------------------- Name Resolution -------------------------------
# Windows Internet Name Serving Support Section:
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
#
# - WINS Support: Tells the NMBD component of Samba to enable it's WINS Server
#
# - WINS Server: Tells the NMBD components of Samba to be a WINS Client
#
# - WINS Proxy: Tells Samba to answer name resolution queries on
#   behalf of a non WINS capable client, for this to work there must be
#   at least one        WINS Server on the network. The default is NO.
#
# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups.

;       wins support = yes
;       wins server = w.x.y.z
;       wins proxy = yes
        wins server = yes
;       dns proxy = yes

# --------------------------- Printing Options -----------------------------
#
# Load Printers let you load automatically the list of printers rather
# than setting them up individually
#
# Cups Options let you pass the cups libs custom options, setting it to raw
# for example will let you use drivers on your Windows clients
#
# Printcap Name let you specify an alternative printcap file
#
# You can choose a non default printing system using the Printing option

;       load printers = yes
        cups options = raw

;       printcap name = /etc/printcap
        #obtain list of printers automatically on SystemV
;       printcap name = lpstat
;       printing = cups

# --------------------------- Filesystem Options ---------------------------
#
# The following options can be uncommented if the filesystem supports
# Extended Attributes and they are enabled (usually by the mount option
# user_xattr). Thess options will let the admin store the DOS attributes
# in an EA and make samba not mess with the permission bits.
#
# Note: these options can also be set just per share, setting them in global
# makes them the default for all shares

        map archive = yes
;       map hidden = no
;       map read only = no
;       map system = no
        encrypt passwords = yes
        guest ok = yes
        guest account = nobody
;       store dos attributes = yes


#============================ Share Definitions ==============================

[homes]
        comment = Home Directories
        browseable = no
        writable = yes
;       valid users = %S
;       valid users = MYDOMAIN\%S

[printers]
        comment = All Printers
        path = /var/spool/samba
        browseable = no
;       guest ok = no
;       writable = no
        printable = yes

# Un-comment the following and create the netlogon directory for Domain Logons
;       [netlogon]
;       comment = Network Logon Service
;       path = /var/lib/samba/netlogon
;       guest ok = yes
;       writable = no
;       share modes = no


# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
;       [Profiles]
;       path = /var/lib/samba/profiles
;       browseable = no
;       guest ok = yes
        writable = yes
;       valid users = %S
;       valid users = MYDOMAIN\%S

[printers]
        comment = All Printers
        path = /var/spool/samba
        browseable = no
;       guest ok = no
;       writable = no
        printable = yes

# Un-comment the following and create the netlogon directory for Domain Logons
;       [netlogon]
;       comment = Network Logon Service
;       path = /var/lib/samba/netlogon
;       guest ok = yes
;       writable = no
;       share modes = no


# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
;       [Profiles]
;       path = /var/lib/samba/profiles
;       browseable = no
;       guest ok = yes


# A publicly accessible directory, but read only, except for people in
# the "staff" group
;       [public]
;       comment = Public Stuff
;       path = /home/samba
v;      public = yes
;       writable = yes
;       printable = no
;       write list = +staff

[videos]
        comment = Video Files
        path = /storage/videos
        guest ok = yes
        writeable = no
        browseable = yes
        public = yes
Basically, I just want to share the /storage/videos file to every single windows computer (or smb device) on my network. I don't want to have to deal with usernames or anything. If there's a CIFS protocol using machine on the network, I want it to be able to see the videos in /storage/videos.

I've tried the smbclient -L \\Toadette -N command and it works. It looks like:

Code:
smbclient -L \\Toadette -N
Anonymous login successful
Domain=[MSHOME] OS=[Unix] Server=[Samba 3.0.28a-0.fc8]

        Sharename       Type      Comment
        ---------       ----      -------
        IPC$            IPC       IPC Service (MythTv-Toadette)
        videos          Disk      Video Files
Anonymous login successful
Domain=[MSHOME] OS=[Unix] Server=[Samba 3.0.28a-0.fc8]

        Server               Comment
        ---------            -------
        TOADETTE             Samba Server Version 3.0.28a-0.fc8

        Workgroup            Master
        ---------            -------
        MSHOME

Please, any help to get this working would help keep me from going insane. I've spent about 3 hours on this so far.

Thanks,
 
Old 07-27-2008, 09:14 AM   #2
siggma
LQ Newbie
 
Registered: Jul 2007
Posts: 19
Blog Entries: 1

Rep: Reputation: 0
Quote:
Originally Posted by DJOtaku View Post
I've been reading and trying to follow everyone else's examples on here and nothing appears to work. Samba seems to be one of those things where you can't take someone else's examples and it works for you. Point in case - I tried to make this samba configuration off of a working samba configuration I have working on another machine - and it doesn't work! I must have done some voodoo in addition to the smb.conf file and now I don't remember what I did.
You really only a couple lines to get to working. In the vast majority of installations you don't need to worry about 90% of the options. You can add them once you get it working. I suggest you don't use the guest logon. It's horribly insecure, even with a working firewall. Just enter a password once and check the 'remember' box and forget it. Or attach the share to a drive letter. If other people attach to your share, then share it themselves...

First, you need to decide if you want Root WRITE access. You do copy videos to the linux box, don't you? If you rename your current config, create a new, minimal configuration it will allow root access. The usual package smb.cong has a line that prevents root from gaining access to your disk.
Look for this line:

; invalid users = root

Then you need to set up samba users to match the valid users names in your shares. Be aware that the user must exist before you can create a SAMBA password for them. Linux comes with a "nobody" user but I don't know if you need to set up a separate smb user name if you use the guest option.

Code:
#smbpasswd xxxxxx
New SMB password:
Retype new SMB password:
There is a configuration checker that can also lead you to useful information called testparm. It can even show you a working configuration stripped from the original.

Code:
#testparm
Basically you need only a couple lines to make it work.
TESTED Example:
Code:
[global]
#change this to your workgroup
   workgroup = SIGGMA         
#Name in Windows Network
   server string = %h server     
#no DNS for host names
   dns proxy = no                

#This line says use the 'hosts' file first for machine names
   name resolve order =  host lmhosts bcast wins

#Important lines here, this says use regular pam authentication
   security = user
   encrypt passwords = true
   passdb backend = tdbsam
   obey pam restrictions = yes

#I added this to chew up memory so directories are retrieved a bit faster.
#Default is 8K (8192) I think
   socket options = TCP_NODELAY SO_RCVBUF=32768 SO_SNDBUF=32768

##               #
##Shares go here #
##               #

#A working CD share, notice the preexec and postexed?
#I don't use my webserver to burn media but I'll bet it will work if you make it writeable...
[cdrom]
   comment = Linux server's CD-ROM
   writable = no
   locking = no
   path = /cdrom
   public = yes
   preexec = /bin/mount /cdrom
   postexec = /bin/umount /cdrom

[rmount]
	path = /var/www
	writable = yes
	admin users = www-data
	write list = www-data
	valid users = www-data
	comment = Webserver root, creates new files as webserver
[wmroot]
	path = /var/www
	writeable = yes
	write list = root
	valid users = root
	comment = Webserver root, creates new files as root
Don't forget to restart samba. It's like this on Deb, Ubuntu etc.
Code:
#/etc/init.d/samba restart
You MAY also need to restart the windows box if authentication has failed and to reset share names in XP. Vista is a bit more dynamic. Not sure if that's good or not...

I just tested a new install from Debian lenny. The only thing I changed in the distribution config was the Workgroup line then I uncommented the allow root line, the three cd rom lines, added a writable [root] section for the drive root and added smbusers.

The most common issue I had was forgetting to create smb users. Then came thinking things needed to be changed and not reading the documentation. If you need LDAP or some other authentication, read the docs and there are tons of articles on the web, like this:
http://www.linuxfocus.org/English/Ma...ticle177.shtml
Hope this helps.
-Tom

Last edited by siggma; 07-27-2008 at 09:40 AM.
 
Old 07-27-2008, 02:37 PM   #3
DJOtaku
Member
 
Registered: Oct 2004
Location: USA
Distribution: Fedora 20; Arch; Kubuntu; Debian
Posts: 710

Original Poster
Rep: Reputation: 31
After trying your conf, it would no longer work for smbclient -L \\Toadette -N and after I restored by old smb.conf, it still didn't work. Something funny is going on here.

I get the error:
Connection to Toaddette failed (Error NT_STATUS_BAD_NETWORK_NAME)

(and I'm doing a samba restart after each time)

Last edited by DJOtaku; 07-27-2008 at 02:38 PM.
 
Old 07-27-2008, 02:43 PM   #4
DJOtaku
Member
 
Registered: Oct 2004
Location: USA
Distribution: Fedora 20; Arch; Kubuntu; Debian
Posts: 710

Original Poster
Rep: Reputation: 31
I see, it only works with a password now.
Code:
smbclient -L \\Toadette -U smbman
Password: 
Domain=[TOADETTE] OS=[Unix] Server=[Samba 3.0.28a-0.fc8]

        Sharename       Type      Comment
        ---------       ----      -------
        videos          Disk      Videos from MythTV
        IPC$            IPC       IPC Service (toadette server)
Domain=[TOADETTE] OS=[Unix] Server=[Samba 3.0.28a-0.fc8]

        Server               Comment
        ---------            -------

        Workgroup            Master
        ---------            -------
        MSHOME
 
Old 07-27-2008, 02:45 PM   #5
DJOtaku
Member
 
Registered: Oct 2004
Location: USA
Distribution: Fedora 20; Arch; Kubuntu; Debian
Posts: 710

Original Poster
Rep: Reputation: 31
However, I still can't login with windows. Same error as before.
 
Old 07-27-2008, 08:07 PM   #6
linuxguy1
LQ Newbie
 
Registered: Jul 2008
Location: Florida
Distribution: Ubuntu, Fedora, and CentOS
Posts: 3

Rep: Reputation: 0
Typed the following into Google:
guest samba share prompts for password
This was first hit:
http://tech.waltco.biz/2008/01/26/pr...-securityuser/
I got it to work here by doing the following:

guest account = nobody
map to guest = Bad User

[testshare]
comment = Video Files
path = /misc
only guest = yes
writeable = no
browseable = yes
public = yes
printable = no

HTH!
 
Old 09-27-2008, 08:32 PM   #7
DJOtaku
Member
 
Registered: Oct 2004
Location: USA
Distribution: Fedora 20; Arch; Kubuntu; Debian
Posts: 710

Original Poster
Rep: Reputation: 31
that didn't work. But I think I've noticed a problem. On my samba server that works, it says Doman=[MSHOME] while the one that doesn't work says Domain=[Toadette] But I don't know how to fix that. I already set workgroup=MSHOME
 
Old 09-27-2008, 09:34 PM   #8
DJOtaku
Member
 
Registered: Oct 2004
Location: USA
Distribution: Fedora 20; Arch; Kubuntu; Debian
Posts: 710

Original Poster
Rep: Reputation: 31
I'm thinking I mayend up feeling sheepish. It's possible that I have the Fedora firewall enabled and it's blocking the smb ports. I'll get back to you if that's it
 
Old 09-27-2008, 10:49 PM   #9
DJOtaku
Member
 
Registered: Oct 2004
Location: USA
Distribution: Fedora 20; Arch; Kubuntu; Debian
Posts: 710

Original Poster
Rep: Reputation: 31
yeah, it was teh firewall. So it was probably working all along with the original config. it's working now with the config I've come up with.
 
Old 09-27-2008, 11:10 PM   #10
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
Check the domain or workgroup entry on each machine. They should match. However, the [domain]= from the smbclient command lists the domain rather than the workgroup. If you use a workgroup instead of a domain controller, then the [domain]= refers to the hostname. The server is a stand alone domain server. Using workgroups, that is normal. If you use a domain controller, the name of the domain controller should be listed instead.

You do want the "Bad User = nobody" line in the General portion of smb.conf, and you want "Guest OK = Yes" in the share definition. I hadn't run into "guest only" before. Checking the man page, I found it and it confirmed my second item.

Code:
       guest only (S)

           If this parameter is yes for a service, then only guest connections
           to the service are permitted. This parameter will have no effect if
           guest ok is not set for the service.
The Guest user is the "nobody" user in Linux. You need to make sure that the directory has at least o=rx permissions. If other hosts are able to save to this directory, then set the sticky bit as well. Without the "Guest Only" option, you may have some files owned by individual users and others owned by guest depending on whether the user has authenticated or not. With the guest only, on the Linux server, the files will be owned by nobody. Using a network browser, the files will say that they are owned by nobody.

Good Luck!
 
  


Reply

Tags
samba, smb


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Samba problem connecting to windows share gigaloo15801 Linux - Newbie 1 09-21-2007 11:17 AM
Connecting to Printer on Samba Share jony125 Linux - General 3 01-27-2006 11:20 AM
Samba connecting to windows share gfem Linux - Software 4 12-09-2005 12:16 PM
SAMBA: Connecting from rh9.0 smb 3.0 > windows xp share shookie Linux - Software 3 05-16-2004 07:01 PM
Connecting to XP share from Fedora (Samba) thegreatnorth Linux - Software 1 12-12-2003 04:38 PM


All times are GMT -5. The time now is 07:10 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration