LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
LinkBack Search this Thread
Old 06-21-2005, 05:46 PM   #1
HomeBrewer
LQ Newbie
 
Registered: Dec 2003
Location: Massachusetts, USA
Posts: 17

Rep: Reputation: 0
Samba stopped working after FC3 to FC4 upgrade


Okay, I'm going crazy...

I decided to upgrade my work server from Fedora Core 3 to Fedora Core 4. All went smoothly with the upgrade, but now Samba won't work (the principle use of this server is to allow file sharing among windows machines in work, and to store nightly backups of those machines. In other words, its primary use is as a Samba server).

Note that before the upgrade, this was working without a hitch for months on end, with both Windows XP and Linux (iptables) firewalls up and active, so I know it's not that. Just to be sure, however, I took the Windows and Linux firewalls out of the equation by disabling them. No help.

When trying to connect to the share(s) via "Map Network Drive", Windows XP contacts the server, a password username and password dialog box pops up (so we know the server is at least responding to the request to connect), and I'll enter a valid username and password (there is no mistake here -- I already sync'ed Linux and Samba users, I know absolutely that the username and password is valid -- I can use it to log onto the server from the server's keyboard, etc.). Windows then complains that "The network path \\blah\blah could not be found."

Looking into the Samba logs, I see an error recorded:

[2005/06/21 17:15:12, 0] smbd/service.c:make_connection_snum(615)
'/home/lab_shared' does not exist or is not a directory, when connecting to [Lab]
Error sending status request (Operation not permitted)

Now, that directory certainly DOES exist -- it's the same directory I've used for months under FC3 and (I believe) Samba 3.01013 (the FC4 upgrade installed Samba version 3.0142). Directory permissions and ownership have not been altered (in fact I set them to 777 during these troubles just to eliminate permissions as a possible cause).

Running testparm /etc/samba/smb.conf shows nothing amiss, other than "ERROR: the 'passwd program' () requires a '%u' parameter", which I also see on other working installations of Samba, and also was flagged by the pre-upgrade (but working) system.

Logging on locally (well, via a telnet connection to the root shell account) works, though I'm not quite sure what the IPC-type shares are:

[root@comstocklab ~]# smbclient -L BfragLab -Umcoyne%yeahright
Domain=[BFRAGLAB] OS=[Unix] Server=[Samba 3.0.14a-2]

Sharename Type Comment
--------- ---- -------
Mike Disk Mike's stuff
Laurie Disk Laurie's stuff
Hazeline Disk Hazeline's stuff
Katja Disk Katja's stuff
Lab Disk Shared Lab Stuff
IPC$ IPC IPC Service (Comstock Lab)
ADMIN$ IPC IPC Service (Comstock Lab)
mcoyne Disk Home Directories
Domain=[BFRAGLAB] OS=[Unix] Server=[Samba 3.0.14a-2]

Server Comment
--------- -------
BFRAGLAB Comstock Lab
ROCHE Hazeline

Workgroup Master
--------- -------
BFRAGLAB BFRAGLAB

I tried making a brand new share (allowing Samba to create the directory), and the behavior is the same: Windows says "the network path could not be found", and the Samba logs show an entry saying the share directory "does not exist or is not a directory".

I have stripped both the global settings and share settings to bare minimum, and I get the same behavior. All computers are members of the same workgroup, although I do notice that the Samba Server does not show up in Network Neighborhood, although I'm not sure it ever did (even pre-upgrade).

I am flat out of ideas, and hope you can help. I'd greatly appreciate some suggestions! If you need any further info, please ask.

Here's my (non-stripped) smb.conf file:

[global]
log file = /var/log/samba/%m.log
smb passwd file = /etc/samba/smbpasswd
load printers = no
obey pam restrictions = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
guest ok = no
hide dot files = yes
winbind use default domain = no
template shell = /bin/false
dns proxy = no
netbios name = BfragLab
cups options = raw
server string = Comstock Lab Server
unix password sync = yes
workgroup = BfragLab
os level = 20
printcap name = /etc/printcap
security = user
max log size = 50
pam password change = yes

[homes]
comment = Home Directories
browseable = no
writeable = yes

[Mike]
browseable = no
comment = Mike's stuff
public = no
create mask = 0700
valid users = root, mcoyne
writeable = yes
path = /home/mcoyne
printable = no

[Laurie]
browseable = no
comment = Laurie's stuff
public = no
create mask = 0700
valid users = root, mcoyne, lcomstock
writeable = yes
path = /home/lcomstock
printable = no

[Hazeline]
browseable = no
comment = Hazeline's stuff
public = no
create mask = 0700
valid users = root, mcoyne, hroche
writeable = yes
path = /home/hroche
printable = no

[Katja]
browseable = no
comment = Katja's stuff
public = no
create mask = 0700
valid users = root, mcoyne, kweinacht
writeable = yes
path = /home/kweinacht
printable = no

[Lab]
writeable = yes
read list = @lab
printable = no
write list = @lab
path = /home/lab_shared
force group = lab
force create mode = 0770
comment = Shared Lab Stuff
valid users = hroche,kweinacht,lcomstock,mcoyne,root
create mode = 0770
directory mode = 770

Thanks --

Mike
 
Old 06-22-2005, 06:17 PM   #2
HomeBrewer
LQ Newbie
 
Registered: Dec 2003
Location: Massachusetts, USA
Posts: 17

Original Poster
Rep: Reputation: 0
Well, I figured this out. Fedora Core 4 blocks home shares in Samba by default through SELinux policies...

For the benefit of Google, here's how to fix it:

Solution 1 (temporary; won't survive a re-boot):

Issue the command:

[root]# setsebool samba_enable_home_dirs=1

Solution 2 (might survive a reboot; I didn't actually try this one):

[root]# setsebool -P samba_enable_home_dirs=1

Solution 3 (survives a reboot):

This is the solution I ultimately settled on. Go to the /etc/selinux/targeted directory. Create a text file called booleans.local, and put the "samba_enable_home_dirs=1" line in it (without the quotes, of course).

Solution 4 (surives a reboot, but removes all SELinux protection):

Edit /etc/selinux/config. Change the line SELINUX=enforcing to SELINUX=permissive or SELINUX=disabled.
 
Old 07-03-2005, 07:34 PM   #3
billehunt
LQ Newbie
 
Registered: Mar 2004
Posts: 9

Rep: Reputation: 0
I'm having the same problem. When trying the suggestions here, I do re-gain the ability to access user home directories. But I can't get access to other directories. These directories were accessable previously with FC3.
 
Old 07-04-2005, 12:19 PM   #4
es7us
Member
 
Registered: Jul 2004
Distribution: ubuntu 6.06, openSuSE 10.0, Mandriva 2007
Posts: 47

Rep: Reputation: 16
I am also having the same problem, but none of these solutions seem to fix it. When I click on my shares from My Network Places, I do get the user/password dialog, but the user text box is disabled and set to guest. I can't choose my user name and therefore can't access the share.

I have correctly set up the user account with Samba, and have disabled the firewall. To the best of my limited knowledge, everything is set up properly.

please help!
 
Old 07-04-2005, 01:05 PM   #5
es7us
Member
 
Registered: Jul 2004
Distribution: ubuntu 6.06, openSuSE 10.0, Mandriva 2007
Posts: 47

Rep: Reputation: 16
ok, I got mine working. I replaced smb.conf completely, using just the basic stuff. Apparently there is something in the orginal file that is causing a problem. I used the example in 'tutorials' for my new smb.conf and everything is working great. I'm sure that I am disabling some security measure or another, but since my entire network is behind a firewall, I am not worried about it.

billehunt, maybe this would be helpful to you as well.
 
Old 07-06-2005, 07:15 AM   #6
HomeBrewer
LQ Newbie
 
Registered: Dec 2003
Location: Massachusetts, USA
Posts: 17

Original Poster
Rep: Reputation: 0
es7us might have something here -- I never used the default smb.conf file, as I was upgrading from an existing (and working) smb.conf, as you can see from the file contents I posted above...

If option 4 (editing /etc/selinux/config to SELINUX=disabled) does not fix it, then (obviously) the probelm is not due to SELinux, but to some other factor...
 
Old 07-06-2005, 01:27 PM   #7
sketchydave
Member
 
Registered: Nov 2004
Location: Boston, MA
Distribution: Fedora Core and Ubuntu 6.06
Posts: 48

Rep: Reputation: 15
Quote:
Originally posted by es7us
ok, I got mine working. I replaced smb.conf completely, using just the basic stuff. Apparently there is something in the orginal file that is causing a problem. I used the example in 'tutorials' for my new smb.conf and everything is working great.
es7us,

Where did you get the example smb.conf? I'm starting to think that is what is causing me grief as well. Everything worked beautifully in FC 3 and in FC 4 I am having smb issues when connecting to certain servers. I want to give backing up and replacing the .conf file a shot. Thanks!
 
Old 07-06-2005, 05:09 PM   #8
es7us
Member
 
Registered: Jul 2004
Distribution: ubuntu 6.06, openSuSE 10.0, Mandriva 2007
Posts: 47

Rep: Reputation: 16
sketchydave,

I found it in LQ's tutorials under networking. Here is the link:
http://www.linuxquestions.org/questi...icle&artid=395

hope it helps!
 
Old 07-07-2005, 03:07 AM   #9
mr.baal
LQ Newbie
 
Registered: Jul 2005
Distribution: Fedora
Posts: 5

Rep: Reputation: 0
selinux configure to allow samba home sharing

You don't need to disable selinux, you can configure selinux to allow samba to share user homes.

a) Execute system-config-securitylevel, go to selinux. In the policies list there is a group for samba. Simply check the 'Allow samba to share users home directories'

b) I think the parameter is set in the /etc/selinux/targeted/booleans.local. Add samba_enable_home_dirs=1 and it should configure it.
 
Old 07-07-2005, 10:15 AM   #10
es7us
Member
 
Registered: Jul 2004
Distribution: ubuntu 6.06, openSuSE 10.0, Mandriva 2007
Posts: 47

Rep: Reputation: 16
Re: selinux configure to allow samba home sharing

Quote:
Originally posted by mr.baal
You don't need to disable selinux, you can configure selinux to allow samba to share user homes.

a) Execute system-config-securitylevel, go to selinux. In the policies list there is a group for samba. Simply check the 'Allow samba to share users home directories'

b) I think the parameter is set in the /etc/selinux/targeted/booleans.local. Add samba_enable_home_dirs=1 and it should configure it.
cool, I'll try that. Thanks!
 
Old 07-08-2005, 03:33 AM   #11
HomeBrewer
LQ Newbie
 
Registered: Dec 2003
Location: Massachusetts, USA
Posts: 17

Original Poster
Rep: Reputation: 0
Re: Re: selinux configure to allow samba home sharing

Quote:
Originally posted by es7us
cool, I'll try that. Thanks!
\

That's the same solution I posted above (second post in the thread)...
 
Old 07-08-2005, 05:23 AM   #12
sohmc
Member
 
Registered: Aug 2002
Location: Alexandria
Distribution: ubuntu 12.04.2
Posts: 217

Rep: Reputation: 30
As an FYI, this fixed my problem as well that I posted:
http://www.linuxquestions.org/questi...hreadid=340291

Cross-linking for google.
 
Old 07-08-2005, 11:32 AM   #13
es7us
Member
 
Registered: Jul 2004
Distribution: ubuntu 6.06, openSuSE 10.0, Mandriva 2007
Posts: 47

Rep: Reputation: 16
Re: Re: Re: selinux configure to allow samba home sharing

Quote:
Originally posted by HomeBrewer
\

That's the same solution I posted above (second post in the thread)...
I apologize for not making the connection. Since that solution was posted above, I already tried it and it did not work for me.
 
Old 07-11-2005, 01:46 PM   #14
jamessnell
LQ Newbie
 
Registered: Jul 2005
Location: Calgary Canada
Distribution: FC, SME, SuSE, IPcop
Posts: 3

Rep: Reputation: 0
Here's an easy fast fix

Okay, so from reading various forms all talking about this problem, I totally agree that it's selinux that's causing it. The enable home dirs solution is nice, but doesn't really cut it for me as I need access to other goodies. Here's a decent fast way to solve the problem...

Run "system-config-securitylevel" from a shell running as the same user you logged in to your window manager as. You should get prompted for your root password if you're not root. Then the graphical interface to config tool should come up. Click on the "selinux" tab and under the "modify selinux policy" title, scroll down and expand the tree for "samba", then just click the check boxes beside "disable selinux security for <x> daemon" where <x> refers to smbd, nmbd and winbind. You probably only need it for the smbd daemon, but whatever, the vast majority of you won't need selinux protecting their samba activity.

Once you've made your changes, reboot your system and you should be okay. If you're still having problems, I'd bet it'd be iptables. You can quickly check to see if that's it by running "/sbin/service iptables stop" as root or by using sudo. If that's also a problem for you, you need to open up the appropriate ports on your firewall. There's some discussion on that here: http://forums.fedoraforum.org/showthread.php?t=59437

Hope that helps.

Take care,
James
 
Old 07-12-2005, 05:35 PM   #15
HomeBrewer
LQ Newbie
 
Registered: Dec 2003
Location: Massachusetts, USA
Posts: 17

Original Poster
Rep: Reputation: 0
Good point, jamessnell. One shouldn't have to disable iptables to use Samba. Sure, it's helpful to do so if you're having problems, just to take it out of the equation, but you eventually have to put it back up...

You'll need to open ports 137 (UDP, NetBIOS name service), 138 (UDP, NETBIOS Datagram Service), 139 (TCP, NETBIOS Session Service), and 445 (TCP, Microsoft Directory Services). The following commands accomplish this:

/sbin/iptables -I INPUT -i eth0 -p udp -m multiport --dports 137,138 -j ACCEPT
/sbin/iptables -I INPUT -i eth0 -p tcp -m multiport --dports 139,445 -j ACCEPT
/etc/init.d/iptables save


I also have entries in smb.conf for hosts allow & hosts deny, and I also use things like read/write lists for added security. I also have additional rules in my iptables chain to restrict incoming data by source IP, and other such things...

You can't have too much security -- and in that light, if you don't need to completely disable SELinux for Samba, don't. If the home dirs fix is enough, go no further...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
FC3 -> FC4 upgrade apocolpse Fedora 2 08-08-2005 03:53 PM
azureus - used to work on FC3, stopped working on FC4 g0l3m Linux - Software 2 06-20-2005 07:51 AM
SSI stopped working after upgrade to FC3 jeffreybluml Linux - Newbie 3 06-02-2005 11:59 AM
Sound randomly stopped working- FC3 Yakolev Linux - Software 2 01-21-2005 03:44 PM
Sound stopped working, FC3 onepapership Linux - Hardware 1 11-30-2004 01:29 PM


All times are GMT -5. The time now is 03:23 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration