Okay, I'm going crazy...

I decided to upgrade my work server from Fedora Core 3 to Fedora Core 4. All went smoothly with the upgrade, but now Samba won't work (the principle use of this server is to allow file sharing among windows machines in work, and to store nightly backups of those machines. In other words, its primary use is as a Samba server).

Note that before the upgrade, this was working without a hitch for months on end, with both Windows XP and Linux (iptables) firewalls up and active, so I know it's not that. Just to be sure, however, I took the Windows and Linux firewalls out of the equation by disabling them. No help.

When trying to connect to the share(s) via "Map Network Drive", Windows XP contacts the server, a password username and password dialog box pops up (so we know the server is at least responding to the request to connect), and I'll enter a valid username and password (there is no mistake here -- I already sync'ed Linux and Samba users, I know absolutely that the username and password is valid -- I can use it to log onto the server from the server's keyboard, etc.). Windows then complains that "The network path \\blah\blah could not be found."

Looking into the Samba logs, I see an error recorded:

[2005/06/21 17:15:12, 0] smbd/service.c:make_connection_snum(615)
'/home/lab_shared' does not exist or is not a directory, when connecting to [Lab]
Error sending status request (Operation not permitted)

Now, that directory certainly DOES exist -- it's the same directory I've used for months under FC3 and (I believe) Samba 3.01013 (the FC4 upgrade installed Samba version 3.0142). Directory permissions and ownership have not been altered (in fact I set them to 777 during these troubles just to eliminate permissions as a possible cause).

Running testparm /etc/samba/smb.conf shows nothing amiss, other than "ERROR: the 'passwd program' () requires a '%u' parameter", which I also see on other working installations of Samba, and also was flagged by the pre-upgrade (but working) system.

Logging on locally (well, via a telnet connection to the root shell account) works, though I'm not quite sure what the IPC-type shares are:

[root@comstocklab ~]# smbclient -L BfragLab -Umcoyne%yeahright
Domain=[BFRAGLAB] OS=[Unix] Server=[Samba 3.0.14a-2]

Sharename Type Comment
--------- ---- -------
Mike Disk Mike's stuff
Laurie Disk Laurie's stuff
Hazeline Disk Hazeline's stuff
Katja Disk Katja's stuff
Lab Disk Shared Lab Stuff
IPC$ IPC IPC Service (Comstock Lab)
ADMIN$ IPC IPC Service (Comstock Lab)
mcoyne Disk Home Directories
Domain=[BFRAGLAB] OS=[Unix] Server=[Samba 3.0.14a-2]

Server Comment
--------- -------
BFRAGLAB Comstock Lab
ROCHE Hazeline

Workgroup Master
--------- -------
BFRAGLAB BFRAGLAB

I tried making a brand new share (allowing Samba to create the directory), and the behavior is the same: Windows says "the network path could not be found", and the Samba logs show an entry saying the share directory "does not exist or is not a directory".

I have stripped both the global settings and share settings to bare minimum, and I get the same behavior. All computers are members of the same workgroup, although I do notice that the Samba Server does not show up in Network Neighborhood, although I'm not sure it ever did (even pre-upgrade).

I am flat out of ideas, and hope you can help. I'd greatly appreciate some suggestions! If you need any further info, please ask.

Here's my (non-stripped) smb.conf file:

[global]
log file = /var/log/samba/%m.log
smb passwd file = /etc/samba/smbpasswd
load printers = no
obey pam restrictions = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
guest ok = no
hide dot files = yes
winbind use default domain = no
template shell = /bin/false
dns proxy = no
netbios name = BfragLab
cups options = raw
server string = Comstock Lab Server
unix password sync = yes
workgroup = BfragLab
os level = 20
printcap name = /etc/printcap
security = user
max log size = 50
pam password change = yes

[homes]
comment = Home Directories
browseable = no
writeable = yes

[Mike]
browseable = no
comment = Mike's stuff
public = no
create mask = 0700
valid users = root, mcoyne
writeable = yes
path = /home/mcoyne
printable = no

[Laurie]
browseable = no
comment = Laurie's stuff
public = no
create mask = 0700
valid users = root, mcoyne, lcomstock
writeable = yes
path = /home/lcomstock
printable = no

[Hazeline]
browseable = no
comment = Hazeline's stuff
public = no
create mask = 0700
valid users = root, mcoyne, hroche
writeable = yes
path = /home/hroche
printable = no

[Katja]
browseable = no
comment = Katja's stuff
public = no
create mask = 0700
valid users = root, mcoyne, kweinacht
writeable = yes
path = /home/kweinacht
printable = no

[Lab]
writeable = yes
read list = @lab
printable = no
write list = @lab
path = /home/lab_shared
force group = lab
force create mode = 0770
comment = Shared Lab Stuff
valid users = hroche,kweinacht,lcomstock,mcoyne,root
create mode = 0770
directory mode = 770

Thanks --

Mike

Well, I figured this out. Fedora Core 4 blocks home shares in Samba by default through SELinux policies...

For the benefit of Google, here's how to fix it:

Solution 1 (temporary; won't survive a re-boot):

Issue the command:

[root]# setsebool samba_enable_home_dirs=1

Solution 2 (might survive a reboot; I didn't actually try this one):

[root]# setsebool -P samba_enable_home_dirs=1

Solution 3 (survives a reboot):

This is the solution I ultimately settled on. Go to the /etc/selinux/targeted directory. Create a text file called booleans.local, and put the "samba_enable_home_dirs=1" line in it (without the quotes, of course).

Solution 4 (surives a reboot, but removes all SELinux protection):

Edit /etc/selinux/config. Change the line SELINUX=enforcing to SELINUX=permissive or SELINUX=disabled.

I'm having the same problem. When trying the suggestions here, I do re-gain the ability to access user home directories. But I can't get access to other directories. These directories were accessable previously with FC3.

I am also having the same problem, but none of these solutions seem to fix it. When I click on my shares from My Network Places, I do get the user/password dialog, but the user text box is disabled and set to guest. I can't choose my user name and therefore can't access the share.

I have correctly set up the user account with Samba, and have disabled the firewall. To the best of my limited knowledge, everything is set up properly.

please help!

ok, I got mine working. I replaced smb.conf completely, using just the basic stuff. Apparently there is something in the orginal file that is causing a problem. I used the example in 'tutorials' for my new smb.conf and everything is working great. I'm sure that I am disabling some security measure or another, but since my entire network is behind a firewall, I am not worried about it.

billehunt, maybe this would be helpful to you as well.

es7us might have something here -- I never used the default smb.conf file, as I was upgrading from an existing (and working) smb.conf, as you can see from the file contents I posted above...

If option 4 (editing /etc/selinux/config to SELINUX=disabled) does not fix it, then (obviously) the probelm is not due to SELinux, but to some other factor...

es7us,

Where did you get the example smb.conf? I'm starting to think that is what is causing me grief as well. Everything worked beautifully in FC 3 and in FC 4 I am having smb issues when connecting to certain servers. I want to give backing up and replacing the .conf file a shot. Thanks!

sketchydave,

I found it in LQ's tutorials under networking. Here is the link:
http://www.linuxquestions.org/questi...icle&artid=395

hope it helps!

You don't need to disable selinux, you can configure selinux to allow samba to share user homes.

a) Execute system-config-securitylevel, go to selinux. In the policies list there is a group for samba. Simply check the 'Allow samba to share users home directories'

b) I think the parameter is set in the /etc/selinux/targeted/booleans.local. Add samba_enable_home_dirs=1 and it should configure it.

cool, I'll try that. Thanks!

\

That's the same solution I posted above (second post in the thread)...

As an FYI, this fixed my problem as well that I posted:
http://www.linuxquestions.org/questi...hreadid=340291

Cross-linking for google.

I apologize for not making the connection. Since that solution was posted above, I already tried it and it did not work for me.

Okay, so from reading various forms all talking about this problem, I totally agree that it's selinux that's causing it. The enable home dirs solution is nice, but doesn't really cut it for me as I need access to other goodies. Here's a decent fast way to solve the problem...

Run "system-config-securitylevel" from a shell running as the same user you logged in to your window manager as. You should get prompted for your root password if you're not root. Then the graphical interface to config tool should come up. Click on the "selinux" tab and under the "modify selinux policy" title, scroll down and expand the tree for "samba", then just click the check boxes beside "disable selinux security for <x> daemon" where <x> refers to smbd, nmbd and winbind. You probably only need it for the smbd daemon, but whatever, the vast majority of you won't need selinux protecting their samba activity.

Once you've made your changes, reboot your system and you should be okay. If you're still having problems, I'd bet it'd be iptables. You can quickly check to see if that's it by running "/sbin/service iptables stop" as root or by using sudo. If that's also a problem for you, you need to open up the appropriate ports on your firewall. There's some discussion on that here: http://forums.fedoraforum.org/showthread.php?t=59437

Hope that helps.

Take care,
James

Good point, jamessnell. One shouldn't have to disable iptables to use Samba. Sure, it's helpful to do so if you're having problems, just to take it out of the equation, but you eventually have to put it back up...

You'll need to open ports 137 (UDP, NetBIOS name service), 138 (UDP, NETBIOS Datagram Service), 139 (TCP, NETBIOS Session Service), and 445 (TCP, Microsoft Directory Services). The following commands accomplish this:

/sbin/iptables -I INPUT -i eth0 -p udp -m multiport --dports 137,138 -j ACCEPT
/sbin/iptables -I INPUT -i eth0 -p tcp -m multiport --dports 139,445 -j ACCEPT
/etc/init.d/iptables save

I also have entries in smb.conf for hosts allow & hosts deny, and I also use things like read/write lists for added security. I also have additional rules in my iptables chain to restrict incoming data by source IP, and other such things...

You can't have too much security -- and in that light, if you don't need to completely disable SELinux for Samba, don't. If the home dirs fix is enough, go no further...