LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 01-01-2006, 11:46 AM   #1
TomalakBORG
Member
 
Registered: Dec 2004
Location: Maryland
Distribution: SuSE / Gentoo
Posts: 245

Rep: Reputation: 30
Help with smb.conf


Hey guys - After messing with suse's config menus and boxes trying to config samba, I figured I'd write the conf file myself. Here's where it gets tricky. First what I want to do -

Share 'filevault' shares /storage/

The user 'tux' (gid=users) should have full access
The group 'users' should be able to read/execute
anyone else it forbidden

As such, the umask of /storage is 0027, uid=tux, gid=users

If I could set up guest logins to the smb share that could have r/x access that would be nice, but I don't understand how, so I just made a user named 'guest' in group 'users'

Here's my smb.conf file:
Code:
## Share disabled by YaST
# [netlogon]
# smb.conf is the main Samba configuration file. You find a full commented
# version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the
# samba-doc package is installed.
# Date: 2005-11-11
[global]
include = /etc/samba/dhcp.conf
*logon path = \\%L\profiles\.msprofile
*logon home = \\%L\%U\.9xprofile
*logon drive = P:
*add machine script = /usr/sbin/useradd  -c Machine -d /var/lib/nobody -s /bin/false %m$
domain master = no
restrict anonymous = yes
max protocol = NT
ldap ssl = No
server signing = Auto
*guest account = guest
preferred master = no
server string = 
encrypt password = yes
smb passwd file = /etc/smbpasswd

[filevault]
path = /storage/
read only = no
case sensitive = no
msdfs proxy = no
valid users = tux root guest
Ok, the lines with a * are lines I have no idea what they do, despite reading lots of documentation. I still can't log into this share no matter what I do.

What I did was
cat /etc/passwd | mksmbpasswd.sh > /etc/smbpasswd
and add the last two lines of the [general] section - what I assumed that would do was let me log into the share using my unix user accounts.

Ok - I need a lot of clarification, on what I'm probably doing wrong, guest accounts, and the asterisked lines. Thank in advance!

-Bill
 
Old 01-01-2006, 12:16 PM   #2
centauricw
Member
 
Registered: Dec 2005
Location: Lawrenceville GA
Distribution: Slackware, CentOS. Red Hat Enterprise Linux
Posts: 216

Rep: Reputation: 31
OK, firest let me refer you the smb.conf manual page (man smb.conf) which list all the options and what they do. Then check out www.samba.org for the official HOWTO and Using By Example guides. (Both are available in book format from your favorite book store.)

Next, I would also try using SWAT (Samba Web Administration Tool) tool configure the smb.conf file, since you can get online help for every option. Open your web browser and goto http://localhost:901 to bring up the SWAT page. (If the page doesn't come up, you'll need to enable the SWAT service in xinetd.)

For your file share, heres a config that will work:

[filevault]
comment = File Vault
path = /storage
read only = yes
guest ok = yes
write list = tux
directory mask = 750
create mask = 640

This will allow everyone to connect for read-olny access without authentication and allow tux read/write access with authentication. The masks will cause any files or directorys created by tux to have those Linux security settings.
 
Old 01-01-2006, 01:12 PM   #3
TomalakBORG
Member
 
Registered: Dec 2004
Location: Maryland
Distribution: SuSE / Gentoo
Posts: 245

Original Poster
Rep: Reputation: 30
Well, after a bit of work I'm confronted with this problem. I can log in using the user 'guest' because I set that user to no-password in the kde config. (I am using a combination of the kde config and working with the conf file myself) However I have it set so that 'tux' and 'root' are enabled smb users, but I still can't log into the share as them. Here's my conf file, any idea?

Code:
## Share disabled by YaST
# [netlogon]
# smb.conf is the main Samba configuration file. You find a full commented
# version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the
# samba-doc package is installed.
# Date: 2005-11-11
[global]
	include = /etc/samba/dhcp.conf
	domain master = No
	add machine script = /usr/sbin/useradd  -c Machine -d /var/lib/nobody -s /bin/false %m$
	restrict anonymous = no
	max protocol = NT
	ldap ssl = No
	server signing = Auto
	encrypt password = yes
	smb passwd file = /etc/smbpasswd
	update encrypted = yes
	null passwords = yes
	domain logons = No
	security = user
	workgroup = WORKGROUP

[filevault]
	path = /storage/
	case sensitive = no
	guest ok = yes
	write list = tux,root
	read list = @users
	directory mask = 750
	create mask = 640
	msdfs proxy = no
	valid users = tux,root,@users
	hide dot files = no
So there it is, I can't see jack wrong with it - maybe someone can. As far as I know, I should be able to log in using one of the enabled users (I've added them to the smb password file and activated them).

So I tried to use the smbclient command...
Code:
# smbclient //netslave/filevault -U tux
Password:
session setup failed: NT_STATUS_LOGON_FAILURE
WTF?! Ok, wits end here - any ideas?

Last edited by TomalakBORG; 01-01-2006 at 08:05 PM.
 
Old 01-02-2006, 01:04 AM   #4
centauricw
Member
 
Registered: Dec 2005
Location: Lawrenceville GA
Distribution: Slackware, CentOS. Red Hat Enterprise Linux
Posts: 216

Rep: Reputation: 31
Samba keeps its own password list. Set passwords for tux and root using the command:

smbpasswd -a <username>
 
Old 01-02-2006, 06:08 AM   #5
TomalakBORG
Member
 
Registered: Dec 2004
Location: Maryland
Distribution: SuSE / Gentoo
Posts: 245

Original Poster
Rep: Reputation: 30
Thanks much! That ended up being it.... I wonder why it didn't set the passwords considering I used suse's tool to set the passwords like 10 times. Also - when I made my smbpasswd file I made it directly from my unix passwd file - wouldn't the unix passwords carry over? Well, this works and now I know. SOLVED

Last edited by TomalakBORG; 01-02-2006 at 06:12 AM.
 
Old 03-07-2006, 08:51 PM   #6
TomalakBORG
Member
 
Registered: Dec 2004
Location: Maryland
Distribution: SuSE / Gentoo
Posts: 245

Original Poster
Rep: Reputation: 30
centaur -- you've been a big help in the past, but I have one last hurdle to get over... anonymous logins

I would like the option of logging in with null values for username and password, and having it directed to the guest account (ftp). So far I can either get it to always and automatically log me in as guest, or not be able to.

Here's my current smb.conf
Code:
[global]
include = /etc/samba/dhcp.conf
domain master = no
add machine script = /usr/sbin/useradd  -c Machine -d /var/lib/nobody -s /bin/false %m$
max protocol = NT
security = user
ldap ssl = No
server signing = Auto
smb passwd file = /etc/smbpasswd
null paswords = yes
update encrypted = yes
preferred master = no
server string = 
guest account = ftp
#map to guest = bad user

[filevault]
path = /media/filevault
case sensitive = no
guest ok = yes
guest only = no
hide unreadable = yes
veto files = /lost+found/.Trash-1000/
write list = tux,root
directory mask = 750
create mask = 640
msdfs proxy = no
hide dot files = no
I have put in bold what I think relates to anonymous logins. What seems to have made a difference is when I comment/uncomment the 'map to guest' line. With it commented I can log in as all my different samba users, and the permissions vary accordingly. With it uncommented, I never get a login promt (using both windows xp and konqueror on suse) - it always logs in as the guest account... I can tell that much by the subsequent permissions.

So what am I missing here? I'd like to get a login prompt, but be logged in as guest (ftp) should I put in null credentials. Any ideas?

Also, if you could explain the 'add machine script' in plain english, I have yet to see it in any common smb.conf examples, but Yast put it there, and I don't know what it does. Maybe it's what is breaking the anonymous logins!

-Bill
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
smb.conf example xox Linux - Networking 7 10-09-2010 02:04 AM
smb.conf Volcano Linux - Newbie 4 10-25-2005 08:49 PM
samba conf smb.conf regnier Mandriva 5 02-17-2005 04:27 AM
smb.conf youssefe2k Linux - Networking 1 01-25-2004 02:56 AM
smb.conf help PlatinumRik Linux - Networking 6 05-29-2003 01:30 PM


All times are GMT -5. The time now is 12:39 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration